# Licensed to the Apache Software Foundation (ASF) under one # or more contributor license agreements. See the NOTICE file # distributed with this work for additional information # regarding copyright ownership. The ASF licenses this file # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY # KIND, either express or implied. See the License for the # specific language governing permissions and limitations # under the License. from flask_appbuilder import Model from sqlalchemy import ( Boolean, Column, DateTime, ForeignKey, Integer, String, UniqueConstraint, ) from sqlalchemy.orm import relationship from superset import security_manager from superset.models.helpers import AuditMixinNullable class UserAttribute(Model, AuditMixinNullable): """ Custom attributes attached to the user. Extending the user attribute is tricky due to its dependency on the authentication type and circular dependencies in Superset. Instead, we use a custom model for adding attributes. """ __tablename__ = "user_attribute" # One attribute row per user; readers rely on ``extra_attributes[0]`` and the # session-invalidation upsert depends on this for race safety. __table_args__ = (UniqueConstraint("user_id", name="uq_user_attribute_user_id"),) id = Column(Integer, primary_key=True) user_id = Column(Integer, ForeignKey("ab_user.id")) user = relationship( security_manager.user_model, backref="extra_attributes", foreign_keys=[user_id] ) welcome_dashboard_id = Column(Integer, ForeignKey("dashboards.id")) welcome_dashboard = relationship("Dashboard") avatar_url = Column(String(100)) # When set, any session for this user whose login predates this timestamp # is forced to log out (see ``superset.security.session_invalidation``). # Stamped when the account is disabled, so outstanding sessions terminate # regardless of the session backend. NULL means "never invalidated". sessions_invalidated_at = Column(DateTime, nullable=True, index=True) # When True, the user must change their password before they can use the # rest of the app (enforced by the before-request hook in # superset.security.password_change when ENABLE_FORCE_PASSWORD_CHANGE is on). password_must_change = Column(Boolean, nullable=False, default=False)