* move access permissions methods to security manager
* consolidate all security methods into SupersetSecurityManager
* update security method calls
* update calls from tests
* move get_or_create_main_db to utils
* raise if supersetsecuritymanager is not extended
* rename sm to security_manager
* Switched yaml.load to yaml.safe_load to prevent code execution via crafted yaml files
Python's yaml.laod can lead to code execution via crafted yaml files such as:
```
code_exec: !!python/object/apply:subprocess.check_output ['ls']
```
* Fixed XSS via bleach
It was possible to get an XSS via the markdown library via simply setting a description containing arbitary HTML tags.
It was also possible to create links that went to the `javascript:` link handler (eg `[example](javascript:alert(0)`)
Using bleach to sanitize it solves both of these.
* Added XFO header by default to prevent clickjacking attacks
Note that with this application clickjacking can be relatively severe via the SQLLab functionality
which allows executing arbitary SQL.
* Added justification for dangerouslySetInnerHTML
* Fixed linting errors
* Fixed linting errors
* added deckgl geojson layer
* linting
* fixed comments
* addressed comments
* added override with controls.color_picker > 0
* set var properly
* set colors if property doesnt exist at all
* refacator on property mapping
* DECKGL integration
Adding a new set of geospatial visualizations building on top of the
awesome deck.gl library. https://github.com/uber/deck.gl
While the end goal it to expose all types of layers and let users bind
their data to control most props exposed by the deck.gl API, this
PR focusses on a first set of visualizations and props:
* ScatterLayer
* HexagonLayer
* GridLayer
* ScreenGridLayer
* Addressing comments
* lint
* Linting
* Addressing chri's comments
* feat(visualization): Create new visualization's tools that display country with geojson file. Currently only france and Spain are loaded
* refacto(visualization): fix issues created by codeclimate
* refacto(visualization): fix issues created by travis for mysql databases
* refacto(visualization): fix issues created by codeclimate
* refacto(visualization): fix issues created by codeclimate
* refacto(visualization): fix issues created by codeclimate
* refacto(visualization): fix issues created by codeclimate
* fix(visualization): fix issues
* doc(visualization): Init visualization documentation
* doc(visualization): init visualization documentation for country
* fix(visualization): implement iso 3166-2 for id of country
* fix(visualization): implement iso 3166-2 for id of country
* doc(visualization): init visualization documentation for country
* fix(visualization): implement iso 3166-2 for id of country
* feat(country_map): add ukraine map in component
* fix(visualization): Test dont working and add color based on metrics
* refacto(visualization): fix issues for es6 and color component
* Add UNIX socket option to runserver
Added an optional parameter to runserver to server from a UNIX socket instead of an address:port. I believe it is fairly common to server from sockets when using a web server like Nginx on the same host.
* Collapsed if/else logic for address or socket
Also wrapped help description for socket parameter
* Fix werkzeug instance was created twice in Debug Mode (#2135)
* add reloader option for flask (#2136)
* using --no-reload option for flask
* divide a line of code into two lines for PEP8
* Initial
* rewrite some line to make it short and setting merge variable temporarily
* rewrite commit author
* add emitted attribute
* Fix typo
* fix test error
* fix typo
* test added
* Support running superset via pex
* [superset] Update default port in superset/bin/superset
* Fix codeclimate line length issues
* Fix another line length issue, in config.py
* Add trivial utils test to increase test coverage
* Clean up runserver handling
