Make edit / add / delete perms available to all users. (#1722)

* Make edit / add / delete perms available to all users.

* Add tests and restrict from editing the datasources.

superset/security.py

@@ -15,6 +15,19 @@ READ_ONLY_MODELVIEWS = {
     'DatabaseView',
     'DruidClusterModelView',
 }
+
+GAMMA_READ_ONLY_MODELVIEWS = {
+    'ColumnInlineView',
+    'SqlMetricInlineView',
+    'TableColumnInlineView',
+    'TableModelView',
+    'DatasourceModelView',
+    'DruidColumnInlineView',
+    'MetricInlineView',
+    'DruidDatasourceModelView',
+    'DruidMetricInlineView',
+} | READ_ONLY_MODELVIEWS
+
 ADMIN_ONLY_VIEW_MENUES = {
     'AccessRequestsModelView',
     'Manage',
@@ -45,11 +58,6 @@ READ_ONLY_PERMISSION = {
 }
 
 ALPHA_ONLY_PERMISSIONS = set([
-    'can_add',
-    'can_download',
-    'can_delete',
-    'can_edit',
-    'can_save',
     'datasource_access',
     'schema_access',
     'database_access',
@@ -59,6 +67,10 @@ ALPHA_ONLY_PERMISSIONS = set([
 READ_ONLY_PRODUCT = set(
     product(READ_ONLY_PERMISSION, READ_ONLY_MODELVIEWS))
 
+GAMMA_READ_ONLY_PRODUCT = set(
+    product(READ_ONLY_PERMISSION, GAMMA_READ_ONLY_MODELVIEWS))
+
+
 OBJECT_SPEC_PERMISSIONS = set([
     'database_access',
     'schema_access',
@@ -147,10 +159,12 @@ def sync_role_definitions():
         if (
                 (
                     p.view_menu.name not in ADMIN_ONLY_VIEW_MENUES and
+                    p.view_menu.name not in GAMMA_READ_ONLY_MODELVIEWS and
                     p.permission.name not in ADMIN_ONLY_PERMISSIONS and
                     p.permission.name not in ALPHA_ONLY_PERMISSIONS
                 ) or
-                (p.permission.name, p.view_menu.name) in READ_ONLY_PRODUCT
+                (p.permission.name, p.view_menu.name) in
+                GAMMA_READ_ONLY_PRODUCT
         ):
             sm.add_permission_role(gamma, p)
             if PUBLIC_ROLE_LIKE_GAMMA: