Fix issues around Database permissions (#7009)

2019-03-17 22:49:40 -07:00 · 2019-03-17 22:49:40 -07:00 · f5274a9c7f
parent a6d48d4052
commit f5274a9c7f
2 changed files with 20 additions and 4 deletions
--- a/superset/security.py
+++ b/superset/security.py
@ -107,8 +107,10 @@ class SupersetSecurityManager(SecurityManager):
        return self._has_view_access(user, permission_name, view_name)

    def all_datasource_access(self):
-        return self.can_access(
-            'all_datasource_access', 'all_datasource_access')
+        return self.can_access('all_datasource_access', 'all_datasource_access')
+
+    def all_database_access(self):
+        return self.can_access('all_database_access', 'all_database_access')

    def database_access(self, database):
        return (
@ -410,8 +412,12 @@ class SupersetSecurityManager(SecurityManager):
                .values(perm=target.get_perm()),
            )

-        # add to view menu if not already exists
        permission_name = 'datasource_access'
+        from superset.models.core import Database
+        if mapper.class_ == Database:
+            permission_name = 'database_access'
+
+        # add to view menu if not already exists
        view_menu_name = target.get_perm()
        permission = self.find_permission(permission_name)
        view_menu = self.find_view_menu(view_menu_name)
--- a/superset/views/core.py
+++ b/superset/views/core.py
@ -109,6 +109,14 @@ SQLTable = Table(
    extend_existing=True)


+class DatabaseFilter(SupersetFilter):
+    def apply(self, query, func):  # noqa
+        if security_manager.all_database_access():
+            return query
+        database_perms = self.get_view_menus('database_access')
+        return query.filter(self.model.perm.in_(database_perms))
+
+
 class SliceFilter(SupersetFilter):
    def apply(self, query, func):  # noqa
        if security_manager.all_datasource_access():
@ -116,11 +124,12 @@ class SliceFilter(SupersetFilter):

        # TODO(bogdan): add `schema_access` support here
        datasource_perms = self.get_view_menus('datasource_access')
+        database_perms = self.get_view_menus('database_access')
        query = (
            query.outerjoin(SQLTable, self.model.datasource_id == SQLTable.c.id)
            .outerjoin(models.Database, models.Database.id == SQLTable.c.database_id)
            .filter(or_(
-                models.Database.perm.in_(datasource_perms),
+                models.Database.perm.in_(database_perms),
                self.model.perm.in_(datasource_perms),
            ))
        )
@ -285,6 +294,7 @@ class DatabaseView(SupersetModelView, DeleteMixin, YamlExportMixin):  # noqa
        'allow_multi_schema_metadata_fetch': _('Allow Multi Schema Metadata Fetch'),
        'backend': _('Backend'),
    }
+    base_filters = [['id', DatabaseFilter, lambda: []]]

    def pre_add(self, db):
        self.check_extra(db)