make filters use security manager (#5567)

* make filters use security manager * remove the superset short-circuit
2018-08-16 14:17:41 -07:00 · 2018-08-16 14:17:41 -07:00 · 4ff5686e0c
parent 32b3d00825
commit 4ff5686e0c
2 changed files with 3 additions and 8 deletions
--- a/superset/views/base.py
+++ b/superset/views/base.py
@ -256,15 +256,10 @@ class SupersetFilter(BaseFilter):
                vm.add(vm_name)
        return vm

-    def has_all_datasource_access(self):
-        return (
-            self.has_role(['Admin', 'Alpha']) or
-            self.has_perm('all_datasource_access', 'all_datasource_access'))
-

 class DatasourceFilter(SupersetFilter):
    def apply(self, query, func):  # noqa
-        if self.has_all_datasource_access():
+        if security_manager.all_datasource_access():
            return query
        perms = self.get_view_menus('datasource_access')
        # TODO(bogdan): add `schema_access` support here
--- a/superset/views/core.py
+++ b/superset/views/core.py
@ -97,7 +97,7 @@ def is_owner(obj, user):

 class SliceFilter(SupersetFilter):
    def apply(self, query, func):  # noqa
-        if self.has_all_datasource_access():
+        if security_manager.all_datasource_access():
            return query
        perms = self.get_view_menus('datasource_access')
        # TODO(bogdan): add `schema_access` support here
@ -109,7 +109,7 @@ class DashboardFilter(SupersetFilter):
    """List dashboards for which users have access to at least one slice or are owners"""

    def apply(self, query, func):  # noqa
-        if self.has_all_datasource_access():
+        if security_manager.all_datasource_access():
            return query
        Slice = models.Slice  # noqa
        Dash = models.Dashboard  # noqa