mirror of https://github.com/apache/superset.git
fix: Add migration to add created_by_fk as explicit owner for charts and datasets (#20617)
* fix: Add migration to add created_by_fk as owner * Update 2022-07-05_15-48_409c7b420ab0_add_created_by_fk_as_owner.py Co-authored-by: John Bodley <john.bodley@airbnb.com>
This commit is contained in:
parent
a69f016bca
commit
e1094e2198
|
@ -0,0 +1,134 @@
|
|||
# Licensed to the Apache Software Foundation (ASF) under one
|
||||
# or more contributor license agreements. See the NOTICE file
|
||||
# distributed with this work for additional information
|
||||
# regarding copyright ownership. The ASF licenses this file
|
||||
# to you under the Apache License, Version 2.0 (the
|
||||
# "License"); you may not use this file except in compliance
|
||||
# with the License. You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing,
|
||||
# software distributed under the License is distributed on an
|
||||
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||
# KIND, either express or implied. See the License for the
|
||||
# specific language governing permissions and limitations
|
||||
# under the License.
|
||||
"""add created_by_fk as owner
|
||||
|
||||
Revision ID: 409c7b420ab0
|
||||
Revises: a39867932713
|
||||
Create Date: 2022-07-05 15:48:06.029190
|
||||
|
||||
"""
|
||||
|
||||
# revision identifiers, used by Alembic.
|
||||
revision = "409c7b420ab0"
|
||||
down_revision = "a39867932713"
|
||||
|
||||
from alembic import op
|
||||
from sqlalchemy import and_, Column, insert, Integer
|
||||
from sqlalchemy.ext.declarative import declarative_base
|
||||
|
||||
from superset import db
|
||||
|
||||
Base = declarative_base()
|
||||
|
||||
|
||||
class Dataset(Base):
|
||||
__tablename__ = "sl_datasets"
|
||||
|
||||
id = Column(Integer, primary_key=True)
|
||||
created_by_fk = Column(Integer)
|
||||
|
||||
|
||||
class DatasetUser(Base):
|
||||
__tablename__ = "sl_dataset_users"
|
||||
|
||||
id = Column(Integer, primary_key=True)
|
||||
user_id = Column(Integer)
|
||||
dataset_id = Column(Integer)
|
||||
|
||||
|
||||
class Slice(Base):
|
||||
__tablename__ = "slices"
|
||||
|
||||
id = Column(Integer, primary_key=True)
|
||||
created_by_fk = Column(Integer)
|
||||
|
||||
|
||||
class SliceUser(Base):
|
||||
__tablename__ = "slice_user"
|
||||
|
||||
id = Column(Integer, primary_key=True)
|
||||
user_id = Column(Integer)
|
||||
slice_id = Column(Integer)
|
||||
|
||||
|
||||
class SqlaTable(Base):
|
||||
__tablename__ = "tables"
|
||||
|
||||
id = Column(Integer, primary_key=True)
|
||||
created_by_fk = Column(Integer)
|
||||
|
||||
|
||||
class SqlaTableUser(Base):
|
||||
__tablename__ = "sqlatable_user"
|
||||
|
||||
id = Column(Integer, primary_key=True)
|
||||
user_id = Column(Integer)
|
||||
table_id = Column(Integer)
|
||||
|
||||
|
||||
def upgrade():
|
||||
bind = op.get_bind()
|
||||
session = db.Session(bind=bind)
|
||||
|
||||
op.execute(
|
||||
insert(DatasetUser).from_select(
|
||||
["user_id", "dataset_id"],
|
||||
session.query(Dataset.created_by_fk, Dataset.id)
|
||||
.outerjoin(
|
||||
DatasetUser,
|
||||
and_(
|
||||
DatasetUser.dataset_id == Dataset.id,
|
||||
DatasetUser.user_id == Dataset.created_by_fk,
|
||||
),
|
||||
)
|
||||
.filter(DatasetUser.dataset_id == None),
|
||||
)
|
||||
)
|
||||
|
||||
op.execute(
|
||||
insert(SliceUser).from_select(
|
||||
["user_id", "slice_id"],
|
||||
session.query(Slice.created_by_fk, Slice.id)
|
||||
.outerjoin(
|
||||
SliceUser,
|
||||
and_(
|
||||
SliceUser.slice_id == Slice.id,
|
||||
SliceUser.user_id == Slice.created_by_fk,
|
||||
),
|
||||
)
|
||||
.filter(SliceUser.slice_id == None),
|
||||
)
|
||||
)
|
||||
|
||||
op.execute(
|
||||
insert(SqlaTableUser).from_select(
|
||||
["user_id", "table_id"],
|
||||
session.query(SqlaTable.created_by_fk, SqlaTable.id)
|
||||
.outerjoin(
|
||||
SqlaTableUser,
|
||||
and_(
|
||||
SqlaTableUser.table_id == SqlaTable.id,
|
||||
SqlaTableUser.user_id == SqlaTable.created_by_fk,
|
||||
),
|
||||
)
|
||||
.filter(SqlaTableUser.table_id == None),
|
||||
)
|
||||
)
|
||||
|
||||
|
||||
def downgrade():
|
||||
pass
|
|
@ -1534,20 +1534,8 @@ class SupersetSecurityManager( # pylint: disable=too-many-public-methods
|
|||
if self.is_admin():
|
||||
return
|
||||
|
||||
# Set of wners that works across ORM models.
|
||||
owners: List[User] = []
|
||||
|
||||
orig_resource = db.session.query(resource.__class__).get(resource.id)
|
||||
|
||||
if orig_resource:
|
||||
if hasattr(resource, "owners"):
|
||||
owners += orig_resource.owners
|
||||
|
||||
if hasattr(resource, "owner"):
|
||||
owners.append(orig_resource.owner)
|
||||
|
||||
if hasattr(resource, "created_by"):
|
||||
owners.append(orig_resource.created_by)
|
||||
owners = orig_resource.owners if hasattr(orig_resource, "owners") else []
|
||||
|
||||
if g.user.is_anonymous or g.user not in owners:
|
||||
raise SupersetSecurityException(
|
||||
|
|
Loading…
Reference in New Issue