* chore: deprecate restricted metrics
An early community contribution added the concept of restricted metrics.
The idea was to allow for some metrics to be restricted, and if a metric
was tagged as such, a user would need to be given access to that metric
more explicitely, through a special perm we would maintain for that
metric.
Now since the new concept of "Adhoc Metrics", the popover that lets a
user pick a column and an aggregate function or to write their own SQL
expression inline, this restriction is completely bypassed. Adhoc
metrics was developed without the restricted metrics in mind.
Anyhow, in the near future, we'll be rethinking the ideas behind
data-access permissions, and things like column-level or row-level
security will be redesigned from scratch.
By deprecating this feature, we're removing a confusing and mostly broken
feature, and making it easy to move forward
* Use context manager to drop columns
* disable jest's maxWorkers
* Move schema name handling in table names from frontend to backend
* Rename all_schema_names to get_all_schema_names
* Fix js errors
* Fix additional js linting errors
* Refactor datasource getters and fix linting errors
* Update js unit tests
* Add python unit test for get_table_names method
* Add python unit test for get_table_names method
* Fix js linting error
* Adding permission for can_only_access_owned_queries
* Fixing lint adding typing to variable
* Adding test for queryview and enabling /queryview/api/read
* Fixing issues with python typing
* [security] make it easier to redefine Alpha/Gamma
While talking about some security aspect and as to how you'd alter Alpha
or Gamma role in a specific environment, I realized that these
module-scoped constants would be much more useful as class attributes.
This way, someone can override these sets in their security manager
to alter base roles.
* fix
* flake8
* [SIP-5] Open a new /api/v1/query endpoint that takes query_obj
- Introduce a new handle_superset_exception decorator to avoid repeating the logic for catching SupersetExceptions
- Create a query_obj_backfill method that takes form_data and constructs a query_obj that will be constructed in the client in the future. Use the backfill in explore_json.
- Create a new /api/v1/query endpoint that takes query_obj only and returns the payload data. Note the query_obj is constructed in the client. The endpoint currently only handles query_obj for table view viz (we'll be adding support to new viz types as we go).
- Unit test to verify the new endpoint for table view
* fix tests and lint errors
* - Move the new query endpoint into its own api.py view.
- Create QueryObject and QueryContext class to encapsulate query_object to be built from the client and additional info (e.g. datasource) needed to get the data payload for a given query
- Remove the query_obj_backfill as we'll start building the first query_object on the client so it no longer makes sense to have a short-lived backfill for the matter of days.
* Fixing lint and test errors
* Fixing additional lint error from the previous rebase.
* fixing additional lint error
* addressing additional pr comments
* Make /query accept a list of queries in the query_context object.
* fixing a lint error
* - Move time_shift based calculation and since, until check into util
- Add typing info for get_since_until
- Add new unit tests to verify time_shift calculation and the since until check
* Add schema level access control on csv upload
* add db migrate merge point
* fix flake 8
* fix test
* remove unnecessary db migration
* fix flake
* nit
* fix test for test_schemas_access_for_csv_upload_endpoint
* fix test_csv_import test
* use security_manager to check whether schema is allowed to be accessed
* bring security manager to the party
* flake8 & repush to retrigger test
* address comments
* remove trailing comma
* move access permissions methods to security manager
* consolidate all security methods into SupersetSecurityManager
* update security method calls
* update calls from tests
* move get_or_create_main_db to utils
* raise if supersetsecuritymanager is not extended
* rename sm to security_manager
* [cli] permission cleanup on 'superset init'
FAB sometimes creates NULL/None permissions in the database,
presumably a race condition when multiple gunicorn workers start at the
same time, and those create issues raising "AttributeError: 'NoneType'
object has no attribute 'name'"
* Linting
Related Msg:
sqlalchemy.orm.exc.ObjectDeletedError: Instance '<PermissionView at
0x7f10306b0e90>' has been deleted, or its row is otherwise not present.
