mirror of https://github.com/apache/superset.git
Allow Gamma and Alpha to access '/users/userinfo/' (#6936)
* Allow Gamma and Alpha to access '/users/userinfo/' closes https://github.com/apache/incubator-superset/issues/4919 * Fix unit test * Fix test
This commit is contained in:
parent
aa1d9ae303
commit
36a219da7f
|
@ -81,19 +81,23 @@ class SupersetSecurityManager(SecurityManager):
|
||||||
'can_list',
|
'can_list',
|
||||||
}
|
}
|
||||||
|
|
||||||
ALPHA_ONLY_PERMISSIONS = set([
|
ALPHA_ONLY_PERMISSIONS = {
|
||||||
'muldelete',
|
'muldelete',
|
||||||
'all_database_access',
|
'all_database_access',
|
||||||
'all_datasource_access',
|
'all_datasource_access',
|
||||||
])
|
}
|
||||||
|
|
||||||
OBJECT_SPEC_PERMISSIONS = set([
|
OBJECT_SPEC_PERMISSIONS = {
|
||||||
'database_access',
|
'database_access',
|
||||||
'schema_access',
|
'schema_access',
|
||||||
'datasource_access',
|
'datasource_access',
|
||||||
'metric_access',
|
'metric_access',
|
||||||
'can_only_access_owned_queries',
|
'can_only_access_owned_queries',
|
||||||
])
|
}
|
||||||
|
|
||||||
|
ACCESSIBLE_PERMS = {
|
||||||
|
'can_userinfo',
|
||||||
|
}
|
||||||
|
|
||||||
def get_schema_perm(self, database, schema):
|
def get_schema_perm(self, database, schema):
|
||||||
if schema:
|
if schema:
|
||||||
|
@ -386,15 +390,21 @@ class SupersetSecurityManager(SecurityManager):
|
||||||
pvm.permission.name in self.ALPHA_ONLY_PERMISSIONS
|
pvm.permission.name in self.ALPHA_ONLY_PERMISSIONS
|
||||||
)
|
)
|
||||||
|
|
||||||
|
def is_accessible_to_all(self, pvm):
|
||||||
|
return pvm.permission.name in self.ACCESSIBLE_PERMS
|
||||||
|
|
||||||
def is_admin_pvm(self, pvm):
|
def is_admin_pvm(self, pvm):
|
||||||
return not self.is_user_defined_permission(pvm)
|
return not self.is_user_defined_permission(pvm)
|
||||||
|
|
||||||
def is_alpha_pvm(self, pvm):
|
def is_alpha_pvm(self, pvm):
|
||||||
return not (self.is_user_defined_permission(pvm) or self.is_admin_only(pvm))
|
return (
|
||||||
|
not (self.is_user_defined_permission(pvm) or self.is_admin_only(pvm)) or
|
||||||
|
self.is_accessible_to_all(pvm)
|
||||||
|
)
|
||||||
|
|
||||||
def is_gamma_pvm(self, pvm):
|
def is_gamma_pvm(self, pvm):
|
||||||
return not (self.is_user_defined_permission(pvm) or self.is_admin_only(pvm) or
|
return not (self.is_user_defined_permission(pvm) or self.is_admin_only(pvm) or
|
||||||
self.is_alpha_only(pvm))
|
self.is_alpha_only(pvm)) or self.is_accessible_to_all(pvm)
|
||||||
|
|
||||||
def is_sql_lab_pvm(self, pvm):
|
def is_sql_lab_pvm(self, pvm):
|
||||||
return (
|
return (
|
||||||
|
|
|
@ -189,7 +189,6 @@ class CoreTests(SupersetTestCase):
|
||||||
assert_func('ResetPasswordView', view_menus)
|
assert_func('ResetPasswordView', view_menus)
|
||||||
assert_func('RoleModelView', view_menus)
|
assert_func('RoleModelView', view_menus)
|
||||||
assert_func('Security', view_menus)
|
assert_func('Security', view_menus)
|
||||||
assert_func('UserDBModelView', view_menus)
|
|
||||||
assert_func('SQL Lab',
|
assert_func('SQL Lab',
|
||||||
view_menus)
|
view_menus)
|
||||||
|
|
||||||
|
|
|
@ -76,6 +76,7 @@ class RolePermissionTests(SupersetTestCase):
|
||||||
self.assertIn(('can_slice', 'Superset'), perm_set)
|
self.assertIn(('can_slice', 'Superset'), perm_set)
|
||||||
self.assertIn(('can_explore', 'Superset'), perm_set)
|
self.assertIn(('can_explore', 'Superset'), perm_set)
|
||||||
self.assertIn(('can_explore_json', 'Superset'), perm_set)
|
self.assertIn(('can_explore_json', 'Superset'), perm_set)
|
||||||
|
self.assertIn(('can_userinfo', 'UserDBModelView'), perm_set)
|
||||||
|
|
||||||
def assert_can_alpha(self, perm_set):
|
def assert_can_alpha(self, perm_set):
|
||||||
self.assert_can_all('SqlMetricInlineView', perm_set)
|
self.assert_can_all('SqlMetricInlineView', perm_set)
|
||||||
|
@ -231,6 +232,7 @@ class RolePermissionTests(SupersetTestCase):
|
||||||
self.assertIn(('can_fave_slices', 'Superset'), gamma_perm_set)
|
self.assertIn(('can_fave_slices', 'Superset'), gamma_perm_set)
|
||||||
self.assertIn(('can_save_dash', 'Superset'), gamma_perm_set)
|
self.assertIn(('can_save_dash', 'Superset'), gamma_perm_set)
|
||||||
self.assertIn(('can_slice', 'Superset'), gamma_perm_set)
|
self.assertIn(('can_slice', 'Superset'), gamma_perm_set)
|
||||||
|
self.assertIn(('can_userinfo', 'UserDBModelView'), gamma_perm_set)
|
||||||
|
|
||||||
def test_views_are_secured(self):
|
def test_views_are_secured(self):
|
||||||
"""Preventing the addition of unsecured views without has_access decorator"""
|
"""Preventing the addition of unsecured views without has_access decorator"""
|
||||||
|
|
Loading…
Reference in New Issue