diff --git a/panoramix/models.py b/panoramix/models.py index 30a14e80e..14fb39b0d 100644 --- a/panoramix/models.py +++ b/panoramix/models.py @@ -207,6 +207,12 @@ class SqlaTable(Model, Queryable, AuditMixinNullable): def __repr__(self): return self.table_name + @property + def perm(self): + return ( + "[{self.database}].[{self.table_name}]" + "(id:{self.id})").format(self=self) + @property def name(self): return self.table_name diff --git a/panoramix/utils.py b/panoramix/utils.py index 25f518148..99e1c8230 100644 --- a/panoramix/utils.py +++ b/panoramix/utils.py @@ -1,4 +1,4 @@ -from datetime import date, datetime, timedelta +from datetime import datetime from dateutil.parser import parse import hashlib from sqlalchemy.types import TypeDecorator, TEXT @@ -117,10 +117,11 @@ def init(): Inits the Panoramix application with security roles and such """ from panoramix import appbuilder + from panoramix import models sm = appbuilder.sm alpha = sm.add_role("Alpha") - from flask_appbuilder.security.sqla import models - perms = db.session.query(models.PermissionView).all() + from flask_appbuilder.security.sqla import models as ab_models + perms = db.session.query(ab_models.PermissionView).all() for perm in perms: if perm.view_menu.name not in ( 'UserDBModelView', 'RoleModelView', 'ResetPasswordView', @@ -144,7 +145,7 @@ def init(): )): sm.add_permission_role(gamma, perm) session = db.session() - for i in range(100): - print(type(models.Table)) - for table in session.query(models.Table).all(): - print table + for table in session.query(models.SqlaTable).all(): + sm.add_permission_view_menu('datasource_access', table.perm) + for druid_datasource in session.query(models.Datasource).all(): + sm.add_permission_view_menu('datasource_access', druid_datasource.perm) diff --git a/panoramix/views.py b/panoramix/views.py index 89d3ff455..6470398ca 100644 --- a/panoramix/views.py +++ b/panoramix/views.py @@ -2,7 +2,7 @@ from datetime import datetime import json import logging -from flask import request, redirect, flash, Response +from flask import request, redirect, flash, Response, g from flask.ext.appbuilder import ModelView, CompactCRUDMixin, BaseView, expose from flask.ext.appbuilder.actions import action from flask.ext.appbuilder.models.sqla.interface import SQLAInterface @@ -229,6 +229,29 @@ class Panoramix(BaseView): @has_access @expose("/datasource///") def datasource(self, datasource_type, datasource_id): + if datasource_type == "table": + datasource = ( + db.session + .query(models.SqlaTable) + .filter_by(id=datasource_id) + .first() + ) + else: + datasource = ( + db.session + .query(models.Datasource) + .filter_by(id=datasource_id) + .first() + ) + + if 'Gamma' in [r.name for r in g.user.roles]: + datasource_access = self.appbuilder.sm.has_access( + 'datasource_access', datasource.perm) + if not datasource_access: + flash( + "You don't seem to have access to this datasource", + "danger") + return redirect('/') action = request.args.get('action') if action == 'save': session = db.session() @@ -263,22 +286,8 @@ class Panoramix(BaseView): session.add(obj) session.commit() flash("Slice <{}> has been added to the pie".format(slice_name), "info") - redirect(obj.slice_url) + return redirect(obj.slice_url) - if datasource_type == "table": - datasource = ( - db.session - .query(models.SqlaTable) - .filter_by(id=datasource_id) - .first() - ) - else: - datasource = ( - db.session - .query(models.Datasource) - .filter_by(id=datasource_id) - .first() - ) if not datasource: flash("The datasource seem to have been deleted", "alert")