mirror of
https://github.com/apache/superset.git
synced 2026-04-19 08:04:53 +00:00
9dd33d5566
* feat(saved queries): security perm simplification * migration script and frontend * add downgrade procedure * downgrade procedure, inferred from the upgrade data * fix JS test * improve code * add tests for role migration * more tests and a short description for each one * Improve readability * simplify dataclass creation * fix dataclass
86 lines
3.0 KiB
Python
86 lines
3.0 KiB
Python
# Licensed to the Apache Software Foundation (ASF) under one
|
|
# or more contributor license agreements. See the NOTICE file
|
|
# distributed with this work for additional information
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
# to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
"""security converge saved queries
|
|
|
|
Revision ID: e38177dbf641
|
|
Revises: a8173232b786
|
|
Create Date: 2020-11-20 14:24:03.643031
|
|
|
|
"""
|
|
|
|
# revision identifiers, used by Alembic.
|
|
revision = "e38177dbf641"
|
|
down_revision = "a8173232b786"
|
|
|
|
|
|
from alembic import op
|
|
from sqlalchemy.exc import SQLAlchemyError
|
|
from sqlalchemy.orm import Session
|
|
|
|
from superset.migrations.shared.security_converge import (
|
|
add_pvms,
|
|
get_reversed_new_pvms,
|
|
get_reversed_pvm_map,
|
|
migrate_roles,
|
|
Pvm,
|
|
)
|
|
|
|
NEW_PVMS = {"SavedQuery": ("can_read", "can_write",)}
|
|
PVM_MAP = {
|
|
Pvm("SavedQueryView", "can_list"): (Pvm("SavedQuery", "can_read"),),
|
|
Pvm("SavedQueryView", "can_show"): (Pvm("SavedQuery", "can_read"),),
|
|
Pvm("SavedQueryView", "can_add",): (Pvm("SavedQuery", "can_write"),),
|
|
Pvm("SavedQueryView", "can_edit",): (Pvm("SavedQuery", "can_write"),),
|
|
Pvm("SavedQueryView", "can_delete",): (Pvm("SavedQuery", "can_write"),),
|
|
Pvm("SavedQueryView", "muldelete",): (Pvm("SavedQuery", "can_write"),),
|
|
Pvm("SavedQueryView", "can_mulexport",): (Pvm("SavedQuery", "can_read"),),
|
|
Pvm("SavedQueryViewApi", "can_show",): (Pvm("SavedQuery", "can_read"),),
|
|
Pvm("SavedQueryViewApi", "can_edit",): (Pvm("SavedQuery", "can_write"),),
|
|
Pvm("SavedQueryViewApi", "can_list",): (Pvm("SavedQuery", "can_read"),),
|
|
Pvm("SavedQueryViewApi", "can_add",): (Pvm("SavedQuery", "can_write"),),
|
|
Pvm("SavedQueryViewApi", "muldelete",): (Pvm("SavedQuery", "can_write"),),
|
|
}
|
|
|
|
|
|
def upgrade():
|
|
bind = op.get_bind()
|
|
session = Session(bind=bind)
|
|
|
|
# Add the new permissions on the migration itself
|
|
add_pvms(session, NEW_PVMS)
|
|
migrate_roles(session, PVM_MAP)
|
|
try:
|
|
session.commit()
|
|
except SQLAlchemyError as ex:
|
|
print(f"An error occurred while upgrading permissions: {ex}")
|
|
session.rollback()
|
|
|
|
|
|
def downgrade():
|
|
bind = op.get_bind()
|
|
session = Session(bind=bind)
|
|
|
|
# Add the old permissions on the migration itself
|
|
add_pvms(session, get_reversed_new_pvms(PVM_MAP))
|
|
migrate_roles(session, get_reversed_pvm_map(PVM_MAP))
|
|
try:
|
|
session.commit()
|
|
except SQLAlchemyError as ex:
|
|
print(f"An error occurred while downgrading permissions: {ex}")
|
|
session.rollback()
|
|
pass
|