QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-04-19 16:14:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat(RLS): RESTful apis and react view for RLS (#22325)

Browse Source
This commit is contained in:
Mayur
2023-01-10 02:04:20 +05:30
committed by GitHub
parent 516d56b7e8
commit 159dcd7e62
21 changed files with 2643 additions and 161 deletions
Download Patch File Download Diff File Expand all files Collapse all files

349
superset/row_level_security/api.py Normal file
View File

@@ -0,0 +1,349 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
import logging
from typing import Any
from flask import request, Response
from flask_appbuilder.api import expose, protect, rison, safe
from flask_appbuilder.models.sqla.interface import SQLAInterface
from flask_babel import ngettext
from marshmallow import ValidationError
from superset import app
from superset.commands.exceptions import (
DatasourceNotFoundValidationError,
RolesNotFoundValidationError,
)
from superset.connectors.sqla.models import RowLevelSecurityFilter
from superset.constants import MODEL_API_RW_METHOD_PERMISSION_MAP, RouteMethod
from superset.dao.exceptions import DAOCreateFailedError, DAOUpdateFailedError
from superset.extensions import event_logger
from superset.row_level_security.commands.bulk_delete import BulkDeleteRLSRuleCommand
from superset.row_level_security.commands.create import CreateRLSRuleCommand
from superset.row_level_security.commands.exceptions import RLSRuleNotFoundError
from superset.row_level_security.commands.update import UpdateRLSRuleCommand
from superset.row_level_security.schemas import (
get_delete_ids_schema,
RLSListSchema,
RLSPostSchema,
RLSPutSchema,
RLSShowSchema,
)
from superset.views.base_api import (
BaseSupersetModelRestApi,
requires_json,
statsd_metrics,
)
logger = logging.getLogger(__name__)
class RLSRestApi(BaseSupersetModelRestApi):
datamodel = SQLAInterface(RowLevelSecurityFilter)
include_route_methods = RouteMethod.REST_MODEL_VIEW_CRUD_SET | {
RouteMethod.RELATED,
"bulk_delete",
}
resource_name = "rowlevelsecurity"
class_permission_name = "Row Level Security"
openapi_spec_tag = "Row Level Security"
method_permission_name = MODEL_API_RW_METHOD_PERMISSION_MAP
allow_browser_login = True
list_columns = [
"id",
"name",
"filter_type",
"tables.id",
"tables.table_name",
"roles.id",
"roles.name",
"clause",
"changed_on_delta_humanized",
"group_key",
]
order_columns = [
"name",
"filter_type",
"clause",
"changed_on_delta_humanized",
"group_key",
]
add_columns = [
"name",
"description",
"filter_type",
"tables",
"roles",
"group_key",
"clause",
]
show_columns = [
"name",
"description",
"filter_type",
"tables.id",
"tables.schema",
"tables.table_name",
"roles.id",
"roles.name",
"group_key",
"clause",
]
search_columns = (
"name",
"description",
"filter_type",
"tables",
"roles",
"group_key",
"clause",
)
edit_columns = add_columns
show_model_schema = RLSShowSchema()
list_model_schema = RLSListSchema()
add_model_schema = RLSPostSchema()
edit_model_schema = RLSPutSchema()
allowed_rel_fields = {"tables", "roles"}
base_related_field_filters = app.config["RLS_BASE_RELATED_FIELD_FILTERS"]
@expose("/", methods=["POST"])
@protect()
@safe
@statsd_metrics
@requires_json
@event_logger.log_this_with_context(
action=lambda self, *args, **kwargs: f"{self.__class__.__name__}.post",
log_to_statsd=False,
)
def post(self) -> Response:
"""Creates a new RLS rule
---
post:
description: >-
Create a new RLS Rule
requestBody:
description: RLS schema
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/{{self.__class__.__name__}}.post'
responses:
201:
description: RLS Rule added
content:
application/json:
schema:
type: object
properties:
id:
type: number
result:
$ref: '#/components/schemas/{{self.__class__.__name__}}.post'
400:
$ref: '#/components/responses/400'
401:
$ref: '#/components/responses/401'
404:
$ref: '#/components/responses/404'
422:
$ref: '#/components/responses/422'
500:
$ref: '#/components/responses/500'
"""
try:
item = self.add_model_schema.load(request.json)
except ValidationError as error:
return self.response_400(message=error.messages)
try:
new_model = CreateRLSRuleCommand(item).run()
return self.response(201, id=new_model.id, result=item)
except RolesNotFoundValidationError as ex:
logger.error(
"Role not found while creating RLS rule %s: %s",
self.__class__.__name__,
str(ex),
exc_info=True,
)
return self.response_422(message=str(ex))
except DatasourceNotFoundValidationError as ex:
logger.error(
"Table not found while creating RLS rule %s: %s",
self.__class__.__name__,
str(ex),
exc_info=True,
)
return self.response_422(message=str(ex))
except DAOCreateFailedError as ex:
logger.error(
"Error creating RLS rule %s: %s",
self.__class__.__name__,
str(ex),
exc_info=True,
)
return self.response_422(message=str(ex))
@expose("/<int:pk>", methods=["PUT"])
@protect()
@safe
@statsd_metrics
@requires_json
@event_logger.log_this_with_context(
action=lambda self, *args, **kwargs: f"{self.__class__.__name__}.put",
log_to_statsd=False,
)
def put(self, pk: int) -> Response:
"""Updates an RLS Rule
---
put:
description: >-
Updates an RLS Rule
parameters:
- in: path
schema:
type: integer
name: pk
description: The Rule pk
requestBody:
description: RLS schema
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/{{self.__class__.__name__}}.put'
responses:
200:
description: Rule changed
content:
application/json:
schema:
type: object
properties:
id:
type: number
result:
$ref: '#/components/schemas/{{self.__class__.__name__}}.put'
400:
$ref: '#/components/responses/400'
401:
$ref: '#/components/responses/401'
403:
$ref: '#/components/responses/403'
404:
$ref: '#/components/responses/404'
422:
$ref: '#/components/responses/422'
500:
$ref: '#/components/responses/500'
"""
try:
item = self.edit_model_schema.load(request.json)
except ValidationError as error:
return self.response_400(message=error.messages)
try:
new_model = UpdateRLSRuleCommand(pk, item).run()
return self.response(201, id=new_model.id, result=item)
except RolesNotFoundValidationError as ex:
logger.error(
"Role not found while updating RLS rule %s: %s",
self.__class__.__name__,
str(ex),
exc_info=True,
)
return self.response_422(message=str(ex))
except DatasourceNotFoundValidationError as ex:
logger.error(
"Table not found while updating RLS rule %s: %s",
self.__class__.__name__,
str(ex),
exc_info=True,
)
return self.response_422(message=str(ex))
except DAOUpdateFailedError as ex:
logger.error(
"Error updating RLS rule %s: %s",
self.__class__.__name__,
str(ex),
exc_info=True,
)
return self.response_422(message=str(ex))
except RLSRuleNotFoundError as ex:
return self.response_404()
@expose("/", methods=["DELETE"])
@protect()
@safe
@statsd_metrics
@rison(get_delete_ids_schema)
@event_logger.log_this_with_context(
action=lambda self, *args, **kwargs: f"{self.__class__.__name__}.bulk_delete",
log_to_statsd=False,
)
def bulk_delete(self, **kwargs: Any) -> Response:
"""Delete bulk RLS rules
---
delete:
description: >-
Deletes multiple RLS rules in a bulk operation.
parameters:
- in: query
name: q
content:
application/json:
schema:
$ref: '#/components/schemas/get_delete_ids_schema'
responses:
200:
description: RLS Rule bulk delete
content:
application/json:
schema:
type: object
properties:
message:
type: string
401:
$ref: '#/components/responses/401'
403:
$ref: '#/components/responses/403'
404:
$ref: '#/components/responses/404'
422:
$ref: '#/components/responses/422'
500:
$ref: '#/components/responses/500'
"""
item_ids = kwargs["rison"]
try:
BulkDeleteRLSRuleCommand(item_ids).run()
return self.response(
200,
message=ngettext(
"Deleted %(num)d rules",
"Deleted %(num)d rules",
num=len(item_ids),
),
)
except RLSRuleNotFoundError:
return self.response_404()