mirror of https://github.com/apache/superset.git
Add PUBLIC_ROLE_LIKE_GAMMA config flag (#473)
This commit is contained in:
parent
2620aeca02
commit
8a406b18f5
|
@ -93,6 +93,15 @@ AUTH_TYPE = AUTH_DB
|
|||
# { 'name': 'AOL', 'url': 'http://openid.aol.com/<username>' },
|
||||
# { 'name': 'Flickr', 'url': 'http://www.flickr.com/<username>' },
|
||||
# { 'name': 'MyOpenID', 'url': 'https://www.myopenid.com' }]
|
||||
|
||||
# ---------------------------------------------------
|
||||
# Roles config
|
||||
# ---------------------------------------------------
|
||||
# Grant public role the same set of permissions as for the GAMMA role.
|
||||
# This is useful if one wants to enable anonymous users to view
|
||||
# dashboards. Explicit grant on specific datasets is still required.
|
||||
PUBLIC_ROLE_LIKE_GAMMA = False
|
||||
|
||||
# ---------------------------------------------------
|
||||
# Babel config for translations
|
||||
# ---------------------------------------------------
|
||||
|
|
|
@ -154,6 +154,7 @@ def init(caravel):
|
|||
sm = caravel.appbuilder.sm
|
||||
alpha = sm.add_role("Alpha")
|
||||
admin = sm.add_role("Admin")
|
||||
config = caravel.app.config
|
||||
|
||||
merge_perm(sm, 'all_datasource_access', 'all_datasource_access')
|
||||
|
||||
|
@ -167,24 +168,28 @@ def init(caravel):
|
|||
sm.add_permission_role(alpha, perm)
|
||||
sm.add_permission_role(admin, perm)
|
||||
gamma = sm.add_role("Gamma")
|
||||
public_role = sm.find_role("Public")
|
||||
public_role_like_gamma = \
|
||||
public_role and config.get('PUBLIC_ROLE_LIKE_GAMMA', False)
|
||||
for perm in perms:
|
||||
if(
|
||||
perm.view_menu and perm.view_menu.name not in (
|
||||
'ResetPasswordView',
|
||||
'RoleModelView',
|
||||
'UserDBModelView',
|
||||
'Security') and
|
||||
perm.permission.name not in (
|
||||
'all_datasource_access',
|
||||
'can_add',
|
||||
'can_download',
|
||||
'can_delete',
|
||||
'can_edit',
|
||||
'can_save',
|
||||
'datasource_access',
|
||||
'muldelete',
|
||||
)):
|
||||
if (perm.view_menu and perm.view_menu.name not in (
|
||||
'ResetPasswordView',
|
||||
'RoleModelView',
|
||||
'UserDBModelView',
|
||||
'Security') and
|
||||
perm.permission.name not in (
|
||||
'all_datasource_access',
|
||||
'can_add',
|
||||
'can_download',
|
||||
'can_delete',
|
||||
'can_edit',
|
||||
'can_save',
|
||||
'datasource_access',
|
||||
'muldelete',
|
||||
)):
|
||||
sm.add_permission_role(gamma, perm)
|
||||
if public_role_like_gamma:
|
||||
sm.add_permission_role(public_role, perm)
|
||||
session = db.session()
|
||||
table_perms = [
|
||||
table.perm for table in session.query(models.SqlaTable).all()]
|
||||
|
|
|
@ -24,6 +24,7 @@ app.config['TESTING'] = True
|
|||
app.config['CSRF_ENABLED'] = False
|
||||
app.config['SECRET_KEY'] = 'thisismyscretkey'
|
||||
app.config['WTF_CSRF_ENABLED'] = False
|
||||
app.config['PUBLIC_ROLE_LIKE_GAMMA'] = True
|
||||
BASE_DIR = app.config.get("BASE_DIR")
|
||||
cli = imp.load_source('cli', BASE_DIR + "/bin/caravel")
|
||||
|
||||
|
@ -68,20 +69,9 @@ class CaravelTestCase(unittest.TestCase):
|
|||
public_role = appbuilder.sm.find_role('Public')
|
||||
perms = db.session.query(ab_models.PermissionView).all()
|
||||
for perm in perms:
|
||||
if perm.permission.name not in (
|
||||
'can_list',
|
||||
'can_dashboard',
|
||||
'can_explore',
|
||||
'datasource_access'):
|
||||
continue
|
||||
if not perm.view_menu:
|
||||
continue
|
||||
if perm.view_menu.name not in (
|
||||
'SliceModelView',
|
||||
'DashboardModelView',
|
||||
'Caravel') and dashboard_name not in perm.view_menu.name:
|
||||
continue
|
||||
appbuilder.sm.add_permission_role(public_role, perm)
|
||||
if (perm.permission.name == 'datasource_access' and
|
||||
perm.view_menu and dashboard_name in perm.view_menu.name):
|
||||
appbuilder.sm.add_permission_role(public_role, perm)
|
||||
|
||||
|
||||
class CoreTests(CaravelTestCase):
|
||||
|
@ -195,9 +185,9 @@ class CoreTests(CaravelTestCase):
|
|||
data = resp.data.decode('utf-8')
|
||||
assert '<a href="/caravel/dashboard/births/">' not in data
|
||||
|
||||
resp = self.client.get('/caravel/dashboard/births/')
|
||||
resp = self.client.get('/caravel/explore/table/3/', follow_redirects=True)
|
||||
data = resp.data.decode('utf-8')
|
||||
assert '[dashboard] Births' not in data
|
||||
assert "You don't seem to have access to this datasource" in data
|
||||
|
||||
self.setup_public_access_for_dashboard('birth_names')
|
||||
|
||||
|
|
Loading…
Reference in New Issue