From c79a1cfeeaddeec564567bbfa4abca5656351f9a Mon Sep 17 00:00:00 2001 From: Derek Flionis Date: Wed, 29 May 2019 14:56:04 -0400 Subject: [PATCH 1/2] Add Filter on DatabaseView that filters DBs Based on Role Access --- superset/security.py | 9 ++++----- superset/views/core.py | 9 +++++++++ 2 files changed, 13 insertions(+), 5 deletions(-) diff --git a/superset/security.py b/superset/security.py index 89eab5d53bf1..8e40e7b332b4 100644 --- a/superset/security.py +++ b/superset/security.py @@ -127,12 +127,11 @@ def all_datasource_access(self): return self.can_access( 'all_datasource_access', 'all_datasource_access') + def all_database_access(self): + return self.can_access('all_database_access', 'all_database_access') + def database_access(self, database): - return ( - self.can_access( - 'all_database_access', 'all_database_access') or - self.can_access('database_access', database.perm) - ) + return self.can_access('database_access', database.perm) def schema_access(self, datasource): return ( diff --git a/superset/views/core.py b/superset/views/core.py index d8a3692c2440..7c7311697a04 100755 --- a/superset/views/core.py +++ b/superset/views/core.py @@ -152,6 +152,14 @@ def apply(self, query, func): # noqa return query.filter(self.model.perm.in_(perms)) +class DatabaseFilter(SupersetFilter): + def apply(self, query, func): # noqa + if security_manager.all_database_access(): + return query + perms = self.get_view_menus('database_access') + return query.filter(self.model.perm.in_(perms)) + + class DashboardFilter(SupersetFilter): """List dashboards for which users have access to at least one slice or are owners""" @@ -287,6 +295,7 @@ class DatabaseView(SupersetModelView, DeleteMixin, YamlExportMixin): # noqa 'allow_csv_upload': _( 'If selected, please set the schemas allowed for csv upload in Extra.'), } + base_filters = [['id', DatabaseFilter, lambda: []]] label_columns = { 'expose_in_sqllab': _('Expose in SQL Lab'), 'allow_ctas': _('Allow CREATE TABLE AS'), From 61d4032d67928a35f94d4a2d550a4b64d4592587 Mon Sep 17 00:00:00 2001 From: Derek Flionis Date: Tue, 4 Jun 2019 20:03:42 -0400 Subject: [PATCH 2/2] Update with mistercrunch's feedback --- superset/security.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/superset/security.py b/superset/security.py index 8e40e7b332b4..949a49e67199 100644 --- a/superset/security.py +++ b/superset/security.py @@ -131,7 +131,9 @@ def all_database_access(self): return self.can_access('all_database_access', 'all_database_access') def database_access(self, database): - return self.can_access('database_access', database.perm) + return (self.all_database_access() or + self.can_access('database_access', database.perm) or + self.all_datasource_access) def schema_access(self, datasource): return (