mirror of https://github.com/apache/superset.git
[security] make it easier to redefine Alpha/Gamma (#7036)
* [security] make it easier to redefine Alpha/Gamma While talking about some security aspect and as to how you'd alter Alpha or Gamma role in a specific environment, I realized that these module-scoped constants would be much more useful as class attributes. This way, someone can override these sets in their security manager to alter base roles. * fix * flake8
This commit is contained in:
parent
a1d4635627
commit
c5bdbc0964
|
@ -27,6 +27,8 @@ from superset import sql_parse
|
|||
from superset.connectors.connector_registry import ConnectorRegistry
|
||||
from superset.exceptions import SupersetSecurityException
|
||||
|
||||
|
||||
class SupersetSecurityManager(SecurityManager):
|
||||
READ_ONLY_MODEL_VIEWS = {
|
||||
'DatabaseAsync',
|
||||
'DatabaseView',
|
||||
|
@ -92,9 +94,6 @@ OBJECT_SPEC_PERMISSIONS = set([
|
|||
'metric_access',
|
||||
])
|
||||
|
||||
|
||||
class SupersetSecurityManager(SecurityManager):
|
||||
|
||||
def get_schema_perm(self, database, schema):
|
||||
if schema:
|
||||
return '[{}].[{}]'.format(database, schema)
|
||||
|
@ -263,7 +262,7 @@ class SupersetSecurityManager(SecurityManager):
|
|||
self.add_permission_view_menu(permission_name, view_menu_name)
|
||||
|
||||
def is_user_defined_permission(self, perm):
|
||||
return perm.permission.name in OBJECT_SPEC_PERMISSIONS
|
||||
return perm.permission.name in self.OBJECT_SPEC_PERMISSIONS
|
||||
|
||||
def create_custom_permissions(self):
|
||||
# Global perms
|
||||
|
@ -359,21 +358,21 @@ class SupersetSecurityManager(SecurityManager):
|
|||
|
||||
def is_admin_only(self, pvm):
|
||||
# not readonly operations on read only model views allowed only for admins
|
||||
if (pvm.view_menu.name in READ_ONLY_MODEL_VIEWS and
|
||||
pvm.permission.name not in READ_ONLY_PERMISSION):
|
||||
if (pvm.view_menu.name in self.READ_ONLY_MODEL_VIEWS and
|
||||
pvm.permission.name not in self.READ_ONLY_PERMISSION):
|
||||
return True
|
||||
return (
|
||||
pvm.view_menu.name in ADMIN_ONLY_VIEW_MENUS or
|
||||
pvm.permission.name in ADMIN_ONLY_PERMISSIONS
|
||||
pvm.view_menu.name in self.ADMIN_ONLY_VIEW_MENUS or
|
||||
pvm.permission.name in self.ADMIN_ONLY_PERMISSIONS
|
||||
)
|
||||
|
||||
def is_alpha_only(self, pvm):
|
||||
if (pvm.view_menu.name in GAMMA_READ_ONLY_MODEL_VIEWS and
|
||||
pvm.permission.name not in READ_ONLY_PERMISSION):
|
||||
if (pvm.view_menu.name in self.GAMMA_READ_ONLY_MODEL_VIEWS and
|
||||
pvm.permission.name not in self.READ_ONLY_PERMISSION):
|
||||
return True
|
||||
return (
|
||||
pvm.view_menu.name in ALPHA_ONLY_VIEW_MENUS or
|
||||
pvm.permission.name in ALPHA_ONLY_PERMISSIONS
|
||||
pvm.view_menu.name in self.ALPHA_ONLY_VIEW_MENUS or
|
||||
pvm.permission.name in self.ALPHA_ONLY_PERMISSIONS
|
||||
)
|
||||
|
||||
def is_admin_pvm(self, pvm):
|
||||
|
@ -395,7 +394,7 @@ class SupersetSecurityManager(SecurityManager):
|
|||
'can_sql_json', 'can_csv', 'can_search_queries', 'can_sqllab_viz',
|
||||
'can_sqllab',
|
||||
} or
|
||||
(pvm.view_menu.name in USER_MODEL_VIEWS and
|
||||
(pvm.view_menu.name in self.USER_MODEL_VIEWS and
|
||||
pvm.permission.name == 'can_list'))
|
||||
|
||||
def is_granter_pvm(self, pvm):
|
||||
|
|
Loading…
Reference in New Issue