From 4ff5686e0c5f2f7f97de68590377d8c77e4f5f6a Mon Sep 17 00:00:00 2001 From: timifasubaa <30888507+timifasubaa@users.noreply.github.com> Date: Thu, 16 Aug 2018 14:17:41 -0700 Subject: [PATCH] make filters use security manager (#5567) * make filters use security manager * remove the superset short-circuit --- superset/views/base.py | 7 +------ superset/views/core.py | 4 ++-- 2 files changed, 3 insertions(+), 8 deletions(-) diff --git a/superset/views/base.py b/superset/views/base.py index ec31d9b473..217415adbf 100644 --- a/superset/views/base.py +++ b/superset/views/base.py @@ -256,15 +256,10 @@ class SupersetFilter(BaseFilter): vm.add(vm_name) return vm - def has_all_datasource_access(self): - return ( - self.has_role(['Admin', 'Alpha']) or - self.has_perm('all_datasource_access', 'all_datasource_access')) - class DatasourceFilter(SupersetFilter): def apply(self, query, func): # noqa - if self.has_all_datasource_access(): + if security_manager.all_datasource_access(): return query perms = self.get_view_menus('datasource_access') # TODO(bogdan): add `schema_access` support here diff --git a/superset/views/core.py b/superset/views/core.py index c849edecd5..2b6924db8c 100755 --- a/superset/views/core.py +++ b/superset/views/core.py @@ -97,7 +97,7 @@ def is_owner(obj, user): class SliceFilter(SupersetFilter): def apply(self, query, func): # noqa - if self.has_all_datasource_access(): + if security_manager.all_datasource_access(): return query perms = self.get_view_menus('datasource_access') # TODO(bogdan): add `schema_access` support here @@ -109,7 +109,7 @@ class DashboardFilter(SupersetFilter): """List dashboards for which users have access to at least one slice or are owners""" def apply(self, query, func): # noqa - if self.has_all_datasource_access(): + if security_manager.all_datasource_access(): return query Slice = models.Slice # noqa Dash = models.Dashboard # noqa