diff --git a/caravel/migrations/versions/4fa88fe24e94_owners_many_to_many.py b/caravel/migrations/versions/4fa88fe24e94_owners_many_to_many.py new file mode 100644 index 000000000..8cd112309 --- /dev/null +++ b/caravel/migrations/versions/4fa88fe24e94_owners_many_to_many.py @@ -0,0 +1,38 @@ +"""owners_many_to_many + +Revision ID: 4fa88fe24e94 +Revises: b4456560d4f3 +Create Date: 2016-04-15 17:58:33.842012 + +""" + +# revision identifiers, used by Alembic. +revision = '4fa88fe24e94' +down_revision = 'b4456560d4f3' + +from alembic import op +import sqlalchemy as sa + + +def upgrade(): + op.create_table('dashboard_user', + sa.Column('id', sa.Integer(), nullable=False), + sa.Column('user_id', sa.Integer(), nullable=True), + sa.Column('dashboard_id', sa.Integer(), nullable=True), + sa.ForeignKeyConstraint(['dashboard_id'], [u'dashboards.id'], ), + sa.ForeignKeyConstraint(['user_id'], [u'ab_user.id'], ), + sa.PrimaryKeyConstraint('id'), + ) + op.create_table('slice_user', + sa.Column('id', sa.Integer(), nullable=False), + sa.Column('user_id', sa.Integer(), nullable=True), + sa.Column('slice_id', sa.Integer(), nullable=True), + sa.ForeignKeyConstraint(['slice_id'], [u'slices.id'], ), + sa.ForeignKeyConstraint(['user_id'], [u'ab_user.id'], ), + sa.PrimaryKeyConstraint('id'), + ) + + +def downgrade(): + op.drop_table('slice_user') + op.drop_table('dashboard_user') diff --git a/caravel/migrations/versions/c3a8f8611885_materializing_permission.py b/caravel/migrations/versions/c3a8f8611885_materializing_permission.py new file mode 100644 index 000000000..33084ffea --- /dev/null +++ b/caravel/migrations/versions/c3a8f8611885_materializing_permission.py @@ -0,0 +1,33 @@ +"""Materializing permission + +Revision ID: c3a8f8611885 +Revises: 4fa88fe24e94 +Create Date: 2016-04-25 08:54:04.303859 + +""" + +# revision identifiers, used by Alembic. +revision = 'c3a8f8611885' +down_revision = '4fa88fe24e94' + +from alembic import op +import sqlalchemy as sa +from caravel import db +from caravel import models + + +def upgrade(): + bind = op.get_bind() + op.add_column('slices', sa.Column('perm', sa.String(length=2000), nullable=True)) + session = db.Session(bind=bind) + + for slc in session.query(models.Slice).all(): + if slc.datasource: + slc.perm = slc.datasource.perm + session.merge(slc) + session.commit() + db.session.close() + + +def downgrade(): + op.drop_column('slices', 'perm') diff --git a/caravel/models.py b/caravel/models.py index 6bf8f8824..619682a12 100644 --- a/caravel/models.py +++ b/caravel/models.py @@ -22,6 +22,7 @@ from flask import request, g from flask.ext.appbuilder import Model from flask.ext.appbuilder.models.mixins import AuditMixin from pydruid.client import PyDruid +from flask.ext.appbuilder.models.decorators import renders from pydruid.utils.filters import Dimension, Filter from six import string_types from sqlalchemy import ( @@ -66,15 +67,15 @@ class AuditMixinNullable(AuditMixin): Integer, ForeignKey('ab_user.id'), default=cls.get_user_id, onupdate=cls.get_user_id, nullable=True) - @property - def created_by_(self): # noqa + @renders('created_by') + def creator(self): # noqa return '{}'.format(self.created_by or '') - @property # noqa + @renders('changed_by') def changed_by_(self): return '{}'.format(self.changed_by or '') - @property + @renders('changed_on') def modified(self): s = humanize.naturaltime(datetime.now() - self.changed_on) return '{}'.format(s) @@ -110,6 +111,13 @@ class CssTemplate(Model, AuditMixinNullable): css = Column(Text, default='') +slice_user = Table('slice_user', Model.metadata, + Column('id', Integer, primary_key=True), + Column('user_id', Integer, ForeignKey('ab_user.id')), + Column('slice_id', Integer, ForeignKey('slices.id')) +) + + class Slice(Model, AuditMixinNullable): """A slice is essentially a report or a view on data""" @@ -125,11 +133,13 @@ class Slice(Model, AuditMixinNullable): params = Column(Text) description = Column(Text) cache_timeout = Column(Integer) + perm = Column(String(2000)) table = relationship( 'SqlaTable', foreign_keys=[table_id], backref='slices') druid_datasource = relationship( 'DruidDatasource', foreign_keys=[druid_datasource_id], backref='slices') + owners = relationship("User", secondary=slice_user) def __repr__(self): return self.slice_name @@ -211,6 +221,20 @@ class Slice(Model, AuditMixinNullable): url=url, obj=self) +def set_perm(mapper, connection, target): # noqa + if target.table_id: + src_class = SqlaTable + id_ = target.table_id + elif target.druid_datasource_id: + src_class = DruidDatasource + id_ = target.druid_datasource_id + ds = db.session.query(src_class).filter_by(id=int(id_)).first() + target.perm = ds.perm + +sqla.event.listen(Slice, 'before_insert', set_perm) +sqla.event.listen(Slice, 'before_update', set_perm) + + dashboard_slices = Table( 'dashboard_slices', Model.metadata, Column('id', Integer, primary_key=True), @@ -218,6 +242,13 @@ dashboard_slices = Table( Column('slice_id', Integer, ForeignKey('slices.id')), ) +dashboard_user = Table( + 'dashboard_user', Model.metadata, + Column('id', Integer, primary_key=True), + Column('user_id', Integer, ForeignKey('ab_user.id')), + Column('dashboard_id', Integer, ForeignKey('dashboards.id')) +) + class Dashboard(Model, AuditMixinNullable): @@ -233,6 +264,7 @@ class Dashboard(Model, AuditMixinNullable): slug = Column(String(255), unique=True) slices = relationship( 'Slice', secondary=dashboard_slices, backref='dashboards') + owners = relationship("User", secondary=dashboard_user) def __repr__(self): return self.dashboard_title @@ -1165,11 +1197,13 @@ class Log(Model): user_id = g.user.id d = request.args.to_dict() d.update(kwargs) + slice_id = d.get('slice_id', 0) + slice_id = int(slice_id) if slice_id else 0 log = cls( action=f.__name__, json=json.dumps(d), dashboard_id=d.get('dashboard_id') or None, - slice_id=d.get('slice_id') or None, + slice_id=slice_id, user_id=user_id) db.session.add(log) db.session.commit() diff --git a/caravel/views.py b/caravel/views.py index 6908e086a..6d6ef5d7d 100644 --- a/caravel/views.py +++ b/caravel/views.py @@ -19,9 +19,9 @@ from flask.ext.appbuilder import ModelView, CompactCRUDMixin, BaseView, expose from flask.ext.appbuilder.actions import action from flask.ext.appbuilder.models.sqla.interface import SQLAInterface from flask.ext.appbuilder.security.decorators import has_access +from flask_appbuilder.models.sqla.filters import BaseFilter from pydruid.client import doublesum -from sqlalchemy import create_engine -from sqlalchemy import select, text +from sqlalchemy import create_engine, select, text from sqlalchemy.sql.expression import TextAsFrom from werkzeug.routing import BaseConverter from wtforms.validators import ValidationError @@ -32,6 +32,42 @@ config = app.config log_this = models.Log.log_this +class CaravelFilter(BaseFilter): + def get_perms(self): + perms = [] + for role in g.user.roles: + for perm_view in role.permissions: + if perm_view.permission.name == 'datasource_access': + perms.append(perm_view.view_menu.name) + return perms + + +class FilterSlice(CaravelFilter): + def apply(self, query, func): # noqa + if any([r.name in ('Admin', 'Alpha') for r in g.user.roles]): + return query + qry = query.filter(self.model.perm.in_(self.get_perms())) + print(qry) + return qry + + +class FilterDashboard(CaravelFilter): + def apply(self, query, func): # noqa + if any([r.name in ('Admin', 'Alpha') for r in g.user.roles]): + return query + Slice = models.Slice # noqa + slice_ids_qry = ( + db.session + .query(Slice.id) + .filter(Slice.perm.in_(self.get_perms())) + ) + return query.filter( + self.model.slices.any( + models.Slice.id.in_(slice_ids_qry) + ) + ) + + def validate_json(form, field): # noqa try: json.loads(field.data) @@ -136,8 +172,7 @@ appbuilder.add_view_no_menu(DruidMetricInlineView) class DatabaseView(CaravelModelView, DeleteMixin): # noqa datamodel = SQLAInterface(models.Database) - list_columns = ['database_name', 'sql_link', 'created_by_', 'changed_on'] - order_columns = utils.list_minus(list_columns, ['created_by_']) + list_columns = ['database_name', 'sql_link', 'creator', 'changed_on'] add_columns = [ 'database_name', 'sqlalchemy_uri', 'cache_timeout', 'extra'] search_exclude_columns = ('password',) @@ -183,7 +218,7 @@ class TableModelView(CaravelModelView, DeleteMixin): # noqa datamodel = SQLAInterface(models.SqlaTable) list_columns = [ 'table_link', 'database', 'sql_link', 'is_featured', - 'changed_by_', 'changed_on'] + 'changed_by_', 'changed_on', 'perm'] add_columns = [ 'table_name', 'database', 'schema', 'default_endpoint', 'offset', 'cache_timeout'] @@ -246,21 +281,19 @@ if config['DRUID_IS_ACTIVE']: category_icon='fa-database',) + class SliceModelView(CaravelModelView, DeleteMixin): # noqa datamodel = SQLAInterface(models.Slice) add_template = "caravel/add_slice.html" can_add = False label_columns = { - 'created_by_': 'Creator', 'datasource_link': 'Datasource', } list_columns = [ - 'slice_link', 'viz_type', - 'datasource_link', 'created_by_', 'modified'] - order_columns = utils.list_minus(list_columns, ['created_by_', 'modified']) + 'slice_link', 'viz_type', 'datasource_link', 'creator', 'modified'] edit_columns = [ 'slice_name', 'description', 'viz_type', 'druid_datasource', - 'table', 'dashboards', 'params', 'cache_timeout'] + 'table', 'owners', 'dashboards', 'params', 'cache_timeout'] base_order = ('changed_on', 'desc') description_columns = { 'description': Markup( @@ -269,6 +302,7 @@ class SliceModelView(CaravelModelView, DeleteMixin): # noqa "" "markdown"), } + base_filters = [['id', FilterSlice, lambda: []]] appbuilder.add_view( SliceModelView, @@ -281,10 +315,9 @@ appbuilder.add_view( class SliceAsync(SliceModelView): # noqa list_columns = [ 'slice_link', 'viz_type', - 'created_by_', 'modified', 'icons'] + 'creator', 'modified', 'icons'] label_columns = { 'icons': ' ', - 'created_by_': 'Creator', 'viz_type': 'Type', 'slice_link': 'Slice', } @@ -294,13 +327,9 @@ appbuilder.add_view_no_menu(SliceAsync) class DashboardModelView(CaravelModelView, DeleteMixin): # noqa datamodel = SQLAInterface(models.Dashboard) - label_columns = { - 'created_by_': 'Creator', - } - list_columns = ['dashboard_link', 'created_by_', 'modified'] - order_columns = utils.list_minus(list_columns, ['created_by_', 'modified']) + list_columns = ['dashboard_link', 'creator', 'modified'] edit_columns = [ - 'dashboard_title', 'slug', 'slices', 'position_json', 'css', + 'dashboard_title', 'slug', 'slices', 'owners', 'position_json', 'css', 'json_metadata'] add_columns = edit_columns base_order = ('changed_on', 'desc') @@ -316,6 +345,7 @@ class DashboardModelView(CaravelModelView, DeleteMixin): # noqa "visible"), 'slug': "To get a readable URL for your dashboard", } + base_filters = [['slice', FilterDashboard, lambda: []]] def pre_add(self, obj): obj.slug = obj.slug.strip() or None @@ -336,9 +366,8 @@ appbuilder.add_view( class DashboardModelViewAsync(DashboardModelView): # noqa - list_columns = ['dashboard_link', 'created_by_', 'modified'] + list_columns = ['dashboard_link', 'creator', 'modified'] label_columns = { - 'created_by_': 'Creator', 'dashboard_link': 'Dashboard', } @@ -362,11 +391,10 @@ class DruidDatasourceModelView(CaravelModelView, DeleteMixin): # noqa datamodel = SQLAInterface(models.DruidDatasource) list_columns = [ 'datasource_link', 'cluster', 'owner', - 'created_by_', 'created_on', + 'creator', 'created_on', 'changed_by_', 'changed_on', 'offset'] - related_views = [ - DruidColumnInlineView, DruidMetricInlineView] + related_views = [DruidColumnInlineView, DruidMetricInlineView] edit_columns = [ 'datasource_name', 'cluster', 'description', 'owner', 'is_featured', 'is_hidden', 'default_endpoint', 'offset', diff --git a/tests/core_tests.py b/tests/core_tests.py index d9a4e9585..b25c85799 100644 --- a/tests/core_tests.py +++ b/tests/core_tests.py @@ -32,18 +32,36 @@ class CaravelTestCase(unittest.TestCase): def __init__(self, *args, **kwargs): super(CaravelTestCase, self).__init__(*args, **kwargs) self.client = app.test_client() - role_admin = appbuilder.sm.find_role('Admin') - user = appbuilder.sm.find_user('admin') - if not user: + + utils.init(caravel) + admin = appbuilder.sm.find_user('admin') + if not admin: appbuilder.sm.add_user( 'admin', 'admin',' user', 'admin@fab.org', - role_admin, 'general') + appbuilder.sm.find_role('Admin'), + password='general') - def login(self): - self.client.post( + gamma = appbuilder.sm.find_user('gamma') + if not gamma: + appbuilder.sm.add_user( + 'gamma', 'gamma', 'user', 'gamma@fab.org', + appbuilder.sm.find_role('Gamma'), + password='general') + utils.init(caravel) + + def login_admin(self): + resp = self.client.post( '/login/', data=dict(username='admin', password='general'), follow_redirects=True) + assert 'Welcome' in resp.data.decode('utf-8') + + def login_gamma(self): + resp = self.client.post( + '/login/', + data=dict(username='gamma', password='general'), + follow_redirects=True) + assert 'Welcome' in resp.data.decode('utf-8') class CoreTests(CaravelTestCase): @@ -55,7 +73,6 @@ class CoreTests(CaravelTestCase): .query(models.SqlaTable) .all() )} - utils.init(caravel) self.load_examples() def setUp(self): @@ -68,9 +85,13 @@ class CoreTests(CaravelTestCase): cli.load_examples(sample=True) def test_save_slice(self): - self.login() + self.login_admin() + + slice_id = ( + db.session.query(models.Slice.id) + .filter_by(slice_name="Energy Sankey") + .scalar()) - slice_id = db.session.query(models.Slice.id).filter_by(slice_name="Energy Sankey").scalar() copy_name = "Test Sankey Save" tbl_id = self.table_ids.get('energy_usage') url = "/caravel/explore/table/{}/?viz_type=sankey&groupby=source&groupby=target&metric=sum__value&row_limit=5000&where=&having=&flt_col_0=source&flt_op_0=in&flt_eq_0=&slice_id={}&slice_name={}&collapsed_fieldsets=&action={}&datasource_name=energy_usage&datasource_id=1&datasource_type=table&previous_viz_type=sankey" @@ -87,7 +108,7 @@ class CoreTests(CaravelTestCase): def test_slices(self): # Testing by running all the examples - self.login() + self.login_admin() Slc = models.Slice urls = [] for slc in db.session.query(Slc).all(): @@ -99,7 +120,7 @@ class CoreTests(CaravelTestCase): self.client.get(url) def test_dashboard(self): - self.login() + self.login_admin() urls = {} for dash in db.session.query(models.Dashboard).all(): urls[dash.dashboard_title] = dash.url @@ -118,19 +139,28 @@ class CoreTests(CaravelTestCase): assert self.client.get('/ping').data.decode('utf-8') == "OK" def test_shortner(self): - self.login() + self.login_admin() data = "//caravel/explore/table/1/?viz_type=sankey&groupby=source&groupby=target&metric=sum__value&row_limit=5000&where=&having=&flt_col_0=source&flt_op_0=in&flt_eq_0=&slice_id=78&slice_name=Energy+Sankey&collapsed_fieldsets=&action=&datasource_name=energy_usage&datasource_id=1&datasource_type=table&previous_viz_type=sankey" resp = self.client.post('/r/shortner/', data=data) assert '/r/' in resp.data.decode('utf-8') def test_save_dash(self): - self.login() + self.login_admin() dash = db.session.query(models.Dashboard).filter_by(slug="births").first() data = """{"positions":[{"slice_id":"131","col":8,"row":8,"size_x":2,"size_y":4},{"slice_id":"132","col":10,"row":8,"size_x":2,"size_y":4},{"slice_id":"133","col":1,"row":1,"size_x":2,"size_y":2},{"slice_id":"134","col":3,"row":1,"size_x":2,"size_y":2},{"slice_id":"135","col":5,"row":4,"size_x":3,"size_y":3},{"slice_id":"136","col":1,"row":7,"size_x":7,"size_y":4},{"slice_id":"137","col":9,"row":1,"size_x":3,"size_y":3},{"slice_id":"138","col":5,"row":1,"size_x":4,"size_y":3},{"slice_id":"139","col":1,"row":3,"size_x":4,"size_y":4},{"slice_id":"140","col":8,"row":4,"size_x":4,"size_y":4}],"css":"None","expanded_slices":{}}""" url = '/caravel/save_dash/{}/'.format(dash.id) resp = self.client.post(url, data=dict(data=data)) assert "SUCCESS" in resp.data.decode('utf-8') + def test_gamma(self): + self.login_gamma() + resp = self.client.get('/slicemodelview/list/') + print(resp.data.decode('utf-8')) + assert "List Slice" in resp.data.decode('utf-8') + + resp = self.client.get('/dashboardmodelview/list/') + assert "List Dashboard" in resp.data.decode('utf-8') + SEGMENT_METADATA = [{ "id": "some_id", @@ -188,7 +218,7 @@ class DruidTests(CaravelTestCase): @patch('caravel.models.PyDruid') def test_client(self, PyDruid): - self.login() + self.login_admin() instance = PyDruid.return_value instance.time_boundary.return_value = [ {'result': {'maxTime': '2016-01-01'}}]