make filters use security manager (apache#5567)

* make filters use security manager * remove the superset short-circuit
michellethomas · Aug 16, 2018 · 4ff5686 · 4ff5686
1 parent 32b3d00
commit 4ff5686
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 8 deletions.
diff --git a/superset/views/base.py b/superset/views/base.py
@@ -256,15 +256,10 @@ def get_view_menus(self, permission_name):
                 vm.add(vm_name)
         return vm
 
-    def has_all_datasource_access(self):
-        return (
-            self.has_role(['Admin', 'Alpha']) or
-            self.has_perm('all_datasource_access', 'all_datasource_access'))
-
 
 class DatasourceFilter(SupersetFilter):
     def apply(self, query, func):  # noqa
-        if self.has_all_datasource_access():
+        if security_manager.all_datasource_access():
             return query
         perms = self.get_view_menus('datasource_access')
         # TODO(bogdan): add `schema_access` support here

diff --git a/superset/views/core.py b/superset/views/core.py
@@ -97,7 +97,7 @@ def is_owner(obj, user):
 
 class SliceFilter(SupersetFilter):
     def apply(self, query, func):  # noqa
-        if self.has_all_datasource_access():
+        if security_manager.all_datasource_access():
             return query
         perms = self.get_view_menus('datasource_access')
         # TODO(bogdan): add `schema_access` support here
@@ -109,7 +109,7 @@ class DashboardFilter(SupersetFilter):
     """List dashboards for which users have access to at least one slice or are owners"""
 
     def apply(self, query, func):  # noqa
-        if self.has_all_datasource_access():
+        if security_manager.all_datasource_access():
             return query
         Slice = models.Slice  # noqa
         Dash = models.Dashboard  # noqa