mirror of
https://github.com/apache/superset.git
synced 2026-04-20 16:44:46 +00:00
feat: RLS for SQL Lab (#19999)
* feat: RLS for SQL Lab * Small fixes * Pass username to security manager * Update docstrings * Add tests * Remove type from docstring
This commit is contained in:
@@ -553,6 +553,7 @@ def get_rls_for_table(
|
||||
candidate: Token,
|
||||
database_id: int,
|
||||
default_schema: Optional[str],
|
||||
username: Optional[str] = None,
|
||||
) -> Optional[TokenList]:
|
||||
"""
|
||||
Given a table name, return any associated RLS predicates.
|
||||
@@ -585,7 +586,7 @@ def get_rls_for_table(
|
||||
template_processor = dataset.get_template_processor()
|
||||
predicate = " AND ".join(
|
||||
str(filter_)
|
||||
for filter_ in dataset.get_sqla_row_level_filters(template_processor)
|
||||
for filter_ in dataset.get_sqla_row_level_filters(template_processor, username)
|
||||
)
|
||||
if not predicate:
|
||||
return None
|
||||
@@ -600,6 +601,7 @@ def insert_rls(
|
||||
token_list: TokenList,
|
||||
database_id: int,
|
||||
default_schema: Optional[str],
|
||||
username: Optional[str] = None,
|
||||
) -> TokenList:
|
||||
"""
|
||||
Update a statement inplace applying any associated RLS predicates.
|
||||
@@ -621,7 +623,7 @@ def insert_rls(
|
||||
elif state == InsertRLSState.SEEN_SOURCE and (
|
||||
isinstance(token, Identifier) or token.ttype == Keyword
|
||||
):
|
||||
rls = get_rls_for_table(token, database_id, default_schema)
|
||||
rls = get_rls_for_table(token, database_id, default_schema, username)
|
||||
if rls:
|
||||
state = InsertRLSState.FOUND_TABLE
|
||||
|
||||
|
||||
Reference in New Issue
Block a user