feat: datasource access to allow more granular access to tables on SQL Lab (#18064)

2026-04-20 16:44:46 +00:00 · 2022-02-09 14:05:25 +00:00
parent fdbcbb5c84
commit 5ee070c402
4 changed files with 89 additions and 15 deletions
--- a/superset/security/manager.py
+++ b/superset/security/manager.py
@@ -26,9 +26,9 @@ from typing import (
    cast,
    Dict,
    List,
+    NamedTuple,
    Optional,
    Set,
-    Tuple,
    TYPE_CHECKING,
    Union,
 )
@@ -88,6 +88,11 @@ if TYPE_CHECKING:
 logger = logging.getLogger(__name__)


+class DatabaseAndSchema(NamedTuple):
+    database: str
+    schema: str
+
+
 class SupersetSecurityListWidget(ListWidget):  # pylint: disable=too-few-public-methods
    """
    Redeclaring to avoid circular imports
@@ -263,13 +268,14 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods

        return None

-    def unpack_schema_perm(  # pylint: disable=no-self-use
+    def unpack_database_and_schema(  # pylint: disable=no-self-use
        self, schema_permission: str
-    ) -> Tuple[str, str]:
-        # [database_name].[schema_name]
+    ) -> DatabaseAndSchema:
+        # [database_name].[schema|table]
+
        schema_name = schema_permission.split(".")[1][1:-1]
        database_name = schema_permission.split(".")[0][1:-1]
-        return database_name, schema_name
+        return DatabaseAndSchema(database_name, schema_name)

    def can_access(self, permission_name: str, view_name: str) -> bool:
        """
@@ -558,7 +564,7 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods

        # schema_access
        accessible_schemas = {
-            self.unpack_schema_perm(s)[1]
+            self.unpack_database_and_schema(s).schema
            for s in self.user_view_menu_names("schema_access")
            if s.startswith(f"[{database}].")
        }
@@ -608,7 +614,7 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods
        )
        if schema:
            names = {d.table_name for d in user_datasources if d.schema == schema}
-            return [d for d in datasource_names if d in names]
+            return [d for d in datasource_names if d.table in names]

        full_names = {d.full_name for d in user_datasources}
        return [d for d in datasource_names if f"[{database}].[{d}]" in full_names]