fix: allow users to reset their passwords (#12886)

2026-04-20 00:24:38 +00:00 · 2021-02-02 15:19:09 +00:00
parent 36c43113e7
commit 9cc38ac1d9
1 changed files with 9 additions and 9 deletions
--- a/superset/security/manager.py
+++ b/superset/security/manager.py
@@ -179,7 +179,7 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods
        "metric_access",
    }

-    ACCESSIBLE_PERMS = {"can_userinfo"}
+    ACCESSIBLE_PERMS = {"can_userinfo", "resetmypassword"}

    data_access_permissions = (
        "database_access",
@@ -710,7 +710,7 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods
        self.get_session.merge(role)
        self.get_session.commit()

-    def _is_admin_only(self, pvm: Model) -> bool:
+    def _is_admin_only(self, pvm: PermissionView) -> bool:
        """
        Return True if the FAB permission/view is accessible to only Admin users,
        False otherwise.
@@ -731,7 +731,7 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods
            or pvm.permission.name in self.ADMIN_ONLY_PERMISSIONS
        )

-    def _is_alpha_only(self, pvm: PermissionModelView) -> bool:
+    def _is_alpha_only(self, pvm: PermissionView) -> bool:
        """
        Return True if the FAB permission/view is accessible to only Alpha users,
        False otherwise.
@@ -750,7 +750,7 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods
            or pvm.permission.name in self.ALPHA_ONLY_PERMISSIONS
        )

-    def _is_accessible_to_all(self, pvm: PermissionModelView) -> bool:
+    def _is_accessible_to_all(self, pvm: PermissionView) -> bool:
        """
        Return True if the FAB permission/view is accessible to all, False
        otherwise.
@@ -761,7 +761,7 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods

        return pvm.permission.name in self.ACCESSIBLE_PERMS

-    def _is_admin_pvm(self, pvm: PermissionModelView) -> bool:
+    def _is_admin_pvm(self, pvm: PermissionView) -> bool:
        """
        Return True if the FAB permission/view is Admin user related, False
        otherwise.
@@ -772,7 +772,7 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods

        return not self._is_user_defined_permission(pvm)

-    def _is_alpha_pvm(self, pvm: PermissionModelView) -> bool:
+    def _is_alpha_pvm(self, pvm: PermissionView) -> bool:
        """
        Return True if the FAB permission/view is Alpha user related, False
        otherwise.
@@ -785,7 +785,7 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods
            self._is_user_defined_permission(pvm) or self._is_admin_only(pvm)
        ) or self._is_accessible_to_all(pvm)

-    def _is_gamma_pvm(self, pvm: PermissionModelView) -> bool:
+    def _is_gamma_pvm(self, pvm: PermissionView) -> bool:
        """
        Return True if the FAB permission/view is Gamma user related, False
        otherwise.
@@ -800,7 +800,7 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods
            or self._is_alpha_only(pvm)
        ) or self._is_accessible_to_all(pvm)

-    def _is_sql_lab_pvm(self, pvm: PermissionModelView) -> bool:
+    def _is_sql_lab_pvm(self, pvm: PermissionView) -> bool:
        """
        Return True if the FAB permission/view is SQL Lab related, False
        otherwise.
@@ -828,7 +828,7 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods
        )

    def _is_granter_pvm(  # pylint: disable=no-self-use
-        self, pvm: PermissionModelView
+        self, pvm: PermissionView
    ) -> bool:
        """
        Return True if the user can grant the FAB permission/view, False