mirror of
https://github.com/apache/superset.git
synced 2024-09-17 11:09:47 -04:00
Refine gamma experience (#883)
* gamma: filter the sqla tables the user has access to Refs #359 * gamma: filter slices available for dashboards in DashboardModelView Refs #359 * gamma: limit owners to dashboard to self As we don't want to leak other users to unpriviliged users Refs #359
This commit is contained in:
parent
88f4260777
commit
061d4f1ac7
@ -127,6 +127,19 @@ class CaravelFilter(BaseFilter):
|
|||||||
return perms
|
return perms
|
||||||
|
|
||||||
|
|
||||||
|
class TableSlice(CaravelFilter):
|
||||||
|
def apply(self, query, func): # noqa
|
||||||
|
if any([r.name in ('Admin', 'Alpha') for r in get_user_roles()]):
|
||||||
|
return query
|
||||||
|
perms = self.get_perms()
|
||||||
|
tables = []
|
||||||
|
for perm in perms:
|
||||||
|
match = re.search(r'\(id:(\d+)\)', perm)
|
||||||
|
tables.append(match.group(1))
|
||||||
|
qry = query.filter(self.model.id.in_(tables))
|
||||||
|
return qry
|
||||||
|
|
||||||
|
|
||||||
class FilterSlice(CaravelFilter):
|
class FilterSlice(CaravelFilter):
|
||||||
def apply(self, query, func): # noqa
|
def apply(self, query, func): # noqa
|
||||||
if any([r.name in ('Admin', 'Alpha') for r in get_user_roles()]):
|
if any([r.name in ('Admin', 'Alpha') for r in get_user_roles()]):
|
||||||
@ -157,6 +170,22 @@ class FilterDashboard(CaravelFilter):
|
|||||||
return query
|
return query
|
||||||
|
|
||||||
|
|
||||||
|
class FilterDashboardSlices(CaravelFilter):
|
||||||
|
def apply(self, query, value): # noqa
|
||||||
|
if any([r.name in ('Admin', 'Alpha') for r in get_user_roles()]):
|
||||||
|
return query
|
||||||
|
qry = query.filter(self.model.perm.in_(self.get_perms()))
|
||||||
|
return qry
|
||||||
|
|
||||||
|
|
||||||
|
class FilterDashboardOwners(CaravelFilter):
|
||||||
|
def apply(self, query, value): # noqa
|
||||||
|
if any([r.name in ('Admin', 'Alpha') for r in get_user_roles()]):
|
||||||
|
return query
|
||||||
|
qry = query.filter_by(id=g.user.id)
|
||||||
|
return qry
|
||||||
|
|
||||||
|
|
||||||
def validate_json(form, field): # noqa
|
def validate_json(form, field): # noqa
|
||||||
try:
|
try:
|
||||||
json.loads(field.data)
|
json.loads(field.data)
|
||||||
@ -448,6 +477,7 @@ class TableModelView(CaravelModelView, DeleteMixin): # noqa
|
|||||||
"Supports <a href='https://daringfireball.net/projects/markdown/'>"
|
"Supports <a href='https://daringfireball.net/projects/markdown/'>"
|
||||||
"markdown</a>"),
|
"markdown</a>"),
|
||||||
}
|
}
|
||||||
|
base_filters = [['id', TableSlice, lambda: []]]
|
||||||
label_columns = {
|
label_columns = {
|
||||||
'table_link': _("Table"),
|
'table_link': _("Table"),
|
||||||
'changed_by_': _("Changed By"),
|
'changed_by_': _("Changed By"),
|
||||||
@ -652,6 +682,14 @@ class DashboardModelView(CaravelModelView, DeleteMixin): # noqa
|
|||||||
'owners': _("Owners is a list of users who can alter the dashboard."),
|
'owners': _("Owners is a list of users who can alter the dashboard."),
|
||||||
}
|
}
|
||||||
base_filters = [['slice', FilterDashboard, lambda: []]]
|
base_filters = [['slice', FilterDashboard, lambda: []]]
|
||||||
|
add_form_query_rel_fields = {
|
||||||
|
'slices': [['slices', FilterDashboardSlices, None]],
|
||||||
|
'owners': [['owners', FilterDashboardOwners, None]],
|
||||||
|
}
|
||||||
|
edit_form_query_rel_fields = {
|
||||||
|
'slices': [['slices', FilterDashboardSlices, None]],
|
||||||
|
'owners': [['owners', FilterDashboardOwners, None]],
|
||||||
|
}
|
||||||
label_columns = {
|
label_columns = {
|
||||||
'dashboard_link': _("Dashboard"),
|
'dashboard_link': _("Dashboard"),
|
||||||
'dashboard_title': _("Title"),
|
'dashboard_title': _("Title"),
|
||||||
|
Loading…
Reference in New Issue
Block a user