add extra permissions check before loading from cache

apache · Feb 13, 2018 · e5f3d05 · e5f3d05
1 parent 05f1837
commit e5f3d05
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 11 deletions.
diff --git a/superset/config.py b/superset/config.py
@@ -364,19 +364,22 @@ class CeleryConfig(object):
 # Interval between consecutive polls when using Hive Engine
 HIVE_POLL_INTERVAL = 5
 
-#System to handle delegated data access (Must implement is_allowed_access() which will be called from within superset)
+
+# System to handle delegated data access. Implement both is_allowed_access() and
+# is_eligible_datasource() to delegate access controls.
 class PermsDecider:
-    def __init__(self, ):
+    def __init__(self):
         pass
 
-    def is_eligible_datasource(datasource):
-        #this returns whether or not this perms decider can decide access for this datasource.
+    def is_eligible_datasource(self, datasource):
+        # This returns whether this perms decider can decide access for this datasource.
         return False
 
     def is_allowed_access(self, username, datasource):
-        #returns whether or not the user has access to the datasource.
+        # returns whether or not the user has access to the datasource.
         return False
 
+
 DATA_PERMS_DECIDER = PermsDecider()
 
 try:

diff --git a/superset/viz.py b/superset/viz.py
@@ -20,7 +20,7 @@
 import uuid
 
 from dateutil import relativedelta as rdelta
-from flask import g, escape, request
+from flask import escape, request
 from flask_babel import lazy_gettext as _
 import geohash
 from markdown import markdown
@@ -307,11 +307,7 @@ def get_df_payload(self, query_obj=None):
         cached_dttm = datetime.utcnow().isoformat().split('.')[0]
         if cache_key and cache and not self.force:
             cache_value = cache.get(cache_key)
-            perms_decider = config.get("DATA_PERMS_DECIDER")
-            perms_decider_approves = 
-                not (perms_decider.is_eligible_datasource(self.datasource) and 
-                    perms_decider.is_allowed_access(g.user.username, datasource))
-            if cache_value and perms_decider_approves:
+            if cache_value:
                 stats_logger.incr('loaded_from_cache')
                 try:
                     cache_value = pkl.loads(cache_value)