mirror of https://github.com/apache/superset.git
chore(rls): Remove passing global username (#20344)
* chore(rls): Remove passing global username * Update manager.py * Update manager.py * Update manager.py * Update manager.py Co-authored-by: John Bodley <john.bodley@airbnb.com>
This commit is contained in:
parent
92bf1b8ef6
commit
ad308fbde2
|
@ -1169,7 +1169,6 @@ class SqlaTable(Model, BaseDatasource): # pylint: disable=too-many-public-metho
|
|||
def get_sqla_row_level_filters(
|
||||
self,
|
||||
template_processor: BaseTemplateProcessor,
|
||||
username: Optional[str] = None,
|
||||
) -> List[TextClause]:
|
||||
"""
|
||||
Return the appropriate row level security filters for this table and the
|
||||
|
@ -1177,14 +1176,12 @@ class SqlaTable(Model, BaseDatasource): # pylint: disable=too-many-public-metho
|
|||
Flask global namespace.
|
||||
|
||||
:param template_processor: The template processor to apply to the filters.
|
||||
:param username: Optional username if there's no user in the Flask global
|
||||
namespace.
|
||||
:returns: A list of SQL clauses to be ANDed together.
|
||||
"""
|
||||
all_filters: List[TextClause] = []
|
||||
filter_groups: Dict[Union[int, str], List[TextClause]] = defaultdict(list)
|
||||
try:
|
||||
for filter_ in security_manager.get_rls_filters(self, username):
|
||||
for filter_ in security_manager.get_rls_filters(self):
|
||||
clause = self.text(
|
||||
f"({template_processor.process_template(filter_.clause)})"
|
||||
)
|
||||
|
|
|
@ -1147,25 +1147,16 @@ class SupersetSecurityManager( # pylint: disable=too-many-public-methods
|
|||
]
|
||||
return []
|
||||
|
||||
def get_rls_filters(
|
||||
self,
|
||||
table: "BaseDatasource",
|
||||
username: Optional[str] = None,
|
||||
) -> List[SqlaQuery]:
|
||||
def get_rls_filters(self, table: "BaseDatasource") -> List[SqlaQuery]:
|
||||
"""
|
||||
Retrieves the appropriate row level security filters for the current user and
|
||||
the passed table.
|
||||
|
||||
:param BaseDatasource table: The table to check against.
|
||||
:param Optional[str] username: Optional username if there's no user in the Flask
|
||||
global namespace.
|
||||
:param table: The table to check against
|
||||
:returns: A list of filters
|
||||
"""
|
||||
if hasattr(g, "user"):
|
||||
user = g.user
|
||||
elif username:
|
||||
user = self.find_user(username=username)
|
||||
else:
|
||||
|
||||
if not (hasattr(g, "user") and g.user is not None):
|
||||
return []
|
||||
|
||||
# pylint: disable=import-outside-toplevel
|
||||
|
@ -1175,7 +1166,7 @@ class SupersetSecurityManager( # pylint: disable=too-many-public-methods
|
|||
RowLevelSecurityFilter,
|
||||
)
|
||||
|
||||
user_roles = [role.id for role in self.get_user_roles(user)]
|
||||
user_roles = [role.id for role in self.get_user_roles(g.user)]
|
||||
regular_filter_roles = (
|
||||
self.get_session()
|
||||
.query(RLSFilterRoles.c.rls_filter_id)
|
||||
|
|
|
@ -208,7 +208,6 @@ def execute_sql_statement( # pylint: disable=too-many-arguments,too-many-statem
|
|||
parsed_query._parsed[0], # pylint: disable=protected-access
|
||||
database.id,
|
||||
query.schema,
|
||||
username=get_username(),
|
||||
)
|
||||
)
|
||||
)
|
||||
|
|
|
@ -553,7 +553,6 @@ def get_rls_for_table(
|
|||
candidate: Token,
|
||||
database_id: int,
|
||||
default_schema: Optional[str],
|
||||
username: Optional[str] = None,
|
||||
) -> Optional[TokenList]:
|
||||
"""
|
||||
Given a table name, return any associated RLS predicates.
|
||||
|
@ -586,7 +585,7 @@ def get_rls_for_table(
|
|||
template_processor = dataset.get_template_processor()
|
||||
predicate = " AND ".join(
|
||||
str(filter_)
|
||||
for filter_ in dataset.get_sqla_row_level_filters(template_processor, username)
|
||||
for filter_ in dataset.get_sqla_row_level_filters(template_processor)
|
||||
)
|
||||
if not predicate:
|
||||
return None
|
||||
|
@ -601,7 +600,6 @@ def insert_rls(
|
|||
token_list: TokenList,
|
||||
database_id: int,
|
||||
default_schema: Optional[str],
|
||||
username: Optional[str] = None,
|
||||
) -> TokenList:
|
||||
"""
|
||||
Update a statement inplace applying any associated RLS predicates.
|
||||
|
@ -623,7 +621,7 @@ def insert_rls(
|
|||
elif state == InsertRLSState.SEEN_SOURCE and (
|
||||
isinstance(token, Identifier) or token.ttype == Keyword
|
||||
):
|
||||
rls = get_rls_for_table(token, database_id, default_schema, username)
|
||||
rls = get_rls_for_table(token, database_id, default_schema)
|
||||
if rls:
|
||||
state = InsertRLSState.FOUND_TABLE
|
||||
|
||||
|
|
|
@ -1409,7 +1409,6 @@ def test_insert_rls(
|
|||
candidate: Token,
|
||||
database_id: int,
|
||||
default_schema: str,
|
||||
username: Optional[str] = None,
|
||||
) -> Optional[TokenList]:
|
||||
"""
|
||||
Return the RLS ``condition`` if ``candidate`` matches ``table``.
|
||||
|
|
Loading…
Reference in New Issue