Skip to content

Commit

Permalink
feat(SIP-95): permissions for catalogs
Browse files Browse the repository at this point in the history
  • Loading branch information
@betodealmeida
betodealmeida committed May 3, 2024
1 parent b17db6d commit d56dafd
Show file tree
Hide file tree
Showing 49 changed files with 2,288 additions and 260 deletions.
35 changes: 30 additions & 5 deletions superset/commands/database/create.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -97,12 +97,37 @@ def run(self) -> Model:

db.session.commit()

# adding a new database we always want to force refresh schema list
schemas = database.get_all_schema_names(cache=False, ssh_tunnel=ssh_tunnel)
for schema in schemas:
security_manager.add_permission_view_menu(
"schema_access", security_manager.get_schema_perm(database, schema)
# add catalog/schema permissions
if database.db_engine_spec.supports_catalog:
catalogs = database.get_all_catalog_names(
cache=False,
ssh_tunnel=ssh_tunnel,
)
for catalog in catalogs:
security_manager.add_permission_view_menu(
"catalog_access",
security_manager.get_catalog_perm(
database.database_name, catalog
),
)
else:
# add a dummy catalog for DBs that don't support them
catalogs = [None]

for catalog in catalogs:
for schema in database.get_all_schema_names(
catalog=catalog,
cache=False,
ssh_tunnel=ssh_tunnel,
):
security_manager.add_permission_view_menu(
"schema_access",
security_manager.get_schema_perm(
database.database_name,
catalog,
schema,
),
)

except (
SSHTunnelInvalidError,
Expand Down
31 changes: 22 additions & 9 deletions superset/commands/database/tables.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,9 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.

from __future__ import annotations

import logging
from typing import Any, cast

Expand All @@ -29,16 +32,22 @@
from superset.exceptions import SupersetException
from superset.extensions import db, security_manager
from superset.models.core import Database
from superset.utils.core import DatasourceName

logger = logging.getLogger(__name__)


class TablesDatabaseCommand(BaseCommand):
_model: Database

def __init__(self, db_id: int, schema_name: str, force: bool):
def __init__(
self,
db_id: int,
catalog_name: str | None,
schema_name: str,
force: bool,
):
self._db_id = db_id
self._catalog_name = catalog_name
self._schema_name = schema_name
self._force = force

Expand All @@ -47,11 +56,11 @@ def run(self) -> dict[str, Any]:
try:
tables = security_manager.get_datasources_accessible_by_user(
database=self._model,
catalog=self._catalog_name,
schema=self._schema_name,
datasource_names=sorted(
DatasourceName(*datasource_name)
for datasource_name in self._model.get_all_table_names_in_schema(
catalog=None,
self._model.get_all_table_names_in_schema(
catalog=self._catalog_name,
schema=self._schema_name,
force=self._force,
cache=self._model.table_cache_enabled,
Expand All @@ -62,11 +71,11 @@ def run(self) -> dict[str, Any]:

views = security_manager.get_datasources_accessible_by_user(
database=self._model,
catalog=self._catalog_name,
schema=self._schema_name,
datasource_names=sorted(
DatasourceName(*datasource_name)
for datasource_name in self._model.get_all_view_names_in_schema(
catalog=None,
self._model.get_all_view_names_in_schema(
catalog=self._catalog_name,
schema=self._schema_name,
force=self._force,
cache=self._model.table_cache_enabled,
Expand All @@ -81,11 +90,15 @@ def run(self) -> dict[str, Any]:
db.session.query(SqlaTable)
.filter(
SqlaTable.database_id == self._model.id,
SqlaTable.catalog == self._catalog_name,
SqlaTable.schema == self._schema_name,
)
.options(
load_only(
SqlaTable.schema, SqlaTable.table_name, SqlaTable.extra
SqlaTable.catalog,
SqlaTable.schema,
SqlaTable.table_name,
SqlaTable.extra,
),
lazyload(SqlaTable.columns),
lazyload(SqlaTable.metrics),
Expand Down
Loading

0 comments on commit d56dafd

Please sign in to comment.