Add access control over metrics (#584)

* Add the new field "is_restricted" to SqlMetric and DruidMetric * Add the access control on metrics * Add the more descriptions on is_restricted * Update docs/security.rst * Update docs/security.rst
2026-04-20 08:34:37 +00:00 · 2016-06-10 17:49:33 -05:00
parent 55baab413a
commit 4c6026fdda
5 changed files with 155 additions and 12 deletions
--- a/caravel/utils.py
+++ b/caravel/utils.py
@@ -29,6 +29,10 @@ class CaravelSecurityException(CaravelException):
    pass


+class MetricPermException(Exception):
+    pass
+
+
 def flasher(msg, severity=None):
    """Flask's flash if available, logging call if not"""
    try:
@@ -211,6 +215,23 @@ def init(caravel):
    for table_perm in table_perms:
        merge_perm(sm, 'datasource_access', table_perm)

+    init_metrics_perm(caravel)
+
+
+def init_metrics_perm(caravel, metrics=None):
+    db = caravel.db
+    models = caravel.models
+    sm = caravel.appbuilder.sm
+
+    if metrics is None:
+        metrics = []
+        for model in [models.SqlMetric, models.DruidMetric]:
+            metrics += list(db.session.query(model).all())
+
+    metric_perms = [metric.perm for metric in metrics]
+    for metric_perm in metric_perms:
+        merge_perm(sm, 'metric_access', metric_perm)
+

 def datetime_f(dttm):
    """Formats datetime to take less room when it is recent"""