From 1dbd1e9f026265347e25223479157c9589e4fac7 Mon Sep 17 00:00:00 2001 From: Beto Dealmeida Date: Thu, 5 Aug 2021 08:18:29 -0700 Subject: [PATCH] chore: simplify chart permissions (#16078) --- superset/constants.py | 3 +- .../f6196627326f_update_chart_permissions.py | 71 +++++++++++++++++++ tests/integration_tests/charts/api_tests.py | 2 - 3 files changed, 73 insertions(+), 3 deletions(-) create mode 100644 superset/migrations/versions/f6196627326f_update_chart_permissions.py diff --git a/superset/constants.py b/superset/constants.py index e6398666e..c4b81ee78 100644 --- a/superset/constants.py +++ b/superset/constants.py @@ -119,12 +119,13 @@ MODEL_API_RW_METHOD_PERMISSION_MAP = { "refresh": "write", "cache_screenshot": "read", "screenshot": "read", - "data": "read", "data_from_cache": "read", "get_charts": "read", "get_datasets": "read", "function_names": "read", "available": "read", + "post_data": "read", # used to fetch chart data, so "read" + "get_data": "read", } EXTRA_FORM_DATA_APPEND_KEYS = { diff --git a/superset/migrations/versions/f6196627326f_update_chart_permissions.py b/superset/migrations/versions/f6196627326f_update_chart_permissions.py new file mode 100644 index 000000000..f9a090431 --- /dev/null +++ b/superset/migrations/versions/f6196627326f_update_chart_permissions.py @@ -0,0 +1,71 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +"""update chart permissions + +Revision ID: f6196627326f +Revises: 143b6f2815da +Create Date: 2021-08-04 17:16:47.714866 + +""" + +from alembic import op +from sqlalchemy.exc import SQLAlchemyError +from sqlalchemy.orm import Session + +from superset.migrations.shared.security_converge import ( + add_pvms, + get_reversed_new_pvms, + get_reversed_pvm_map, + migrate_roles, + Pvm, +) + +# revision identifiers, used by Alembic. +revision = "f6196627326f" +down_revision = "143b6f2815da" + +PVM_MAP = { + Pvm("Chart", "can_get_data"): (Pvm("Chart", "can_read"),), + Pvm("Chart", "can_post_data"): (Pvm("Chart", "can_read"),), +} + + +def upgrade(): + bind = op.get_bind() + session = Session(bind=bind) + + # Add the new permissions on the migration itself + migrate_roles(session, PVM_MAP) + try: + session.commit() + except SQLAlchemyError as ex: + print(f"An error occurred while upgrading permissions: {ex}") + session.rollback() + + +def downgrade(): + bind = op.get_bind() + session = Session(bind=bind) + + # Add the old permissions on the migration itself + add_pvms(session, get_reversed_new_pvms(PVM_MAP)) + migrate_roles(session, get_reversed_pvm_map(PVM_MAP)) + try: + session.commit() + except SQLAlchemyError as ex: + print(f"An error occurred while downgrading permissions: {ex}") + session.rollback() diff --git a/tests/integration_tests/charts/api_tests.py b/tests/integration_tests/charts/api_tests.py index 803d81f01..cbb8094eb 100644 --- a/tests/integration_tests/charts/api_tests.py +++ b/tests/integration_tests/charts/api_tests.py @@ -187,9 +187,7 @@ class TestChartApi(SupersetTestCase, ApiOwnersTestCaseMixin, InsertChartMixin): data = json.loads(rv.data.decode("utf-8")) assert rv.status_code == 200 assert set(data["permissions"]) == { - "can_get_data", "can_read", - "can_post_data", "can_write", }