mirror of
https://github.com/apache/superset.git
synced 2026-04-10 03:45:22 +00:00
aefef9ca55
* chore(security): Updating assert logic * Deprecating rejected_tables Co-authored-by: John Bodley <john.bodley@airbnb.com>
72 lines
2.6 KiB
Python
72 lines
2.6 KiB
Python
# Licensed to the Apache Software Foundation (ASF) under one
|
|
# or more contributor license agreements. See the NOTICE file
|
|
# distributed with this work for additional information
|
|
# regarding copyright ownership. The ASF licenses this file
|
|
# to you under the Apache License, Version 2.0 (the
|
|
# "License"); you may not use this file except in compliance
|
|
# with the License. You may obtain a copy of the License at
|
|
#
|
|
# http://www.apache.org/licenses/LICENSE-2.0
|
|
#
|
|
# Unless required by applicable law or agreed to in writing,
|
|
# software distributed under the License is distributed on an
|
|
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
|
# KIND, either express or implied. See the License for the
|
|
# specific language governing permissions and limitations
|
|
# under the License.
|
|
# pylint: disable=R
|
|
import simplejson as json
|
|
from flask import request
|
|
from flask_appbuilder import expose
|
|
from flask_appbuilder.security.decorators import has_access_api
|
|
|
|
from superset import db, event_logger
|
|
from superset.common.query_context import QueryContext
|
|
from superset.legacy import update_time_range
|
|
from superset.models.slice import Slice
|
|
from superset.typing import FlaskResponse
|
|
from superset.utils import core as utils
|
|
from superset.views.base import api, BaseSupersetView, handle_api_exception
|
|
|
|
|
|
class Api(BaseSupersetView):
|
|
@event_logger.log_this
|
|
@api
|
|
@handle_api_exception
|
|
@has_access_api
|
|
@expose("/v1/query/", methods=["POST"])
|
|
def query(self) -> FlaskResponse:
|
|
"""
|
|
Takes a query_obj constructed in the client and returns payload data response
|
|
for the given query_obj.
|
|
|
|
raises SupersetSecurityException: If the user cannot access the resource
|
|
"""
|
|
query_context = QueryContext(**json.loads(request.form["query_context"]))
|
|
query_context.raise_for_access()
|
|
payload_json = query_context.get_payload()
|
|
return json.dumps(
|
|
payload_json, default=utils.json_int_dttm_ser, ignore_nan=True
|
|
)
|
|
|
|
@event_logger.log_this
|
|
@api
|
|
@handle_api_exception
|
|
@has_access_api
|
|
@expose("/v1/form_data/", methods=["GET"])
|
|
def query_form_data(self) -> FlaskResponse:
|
|
"""
|
|
Get the formdata stored in the database for existing slice.
|
|
params: slice_id: integer
|
|
"""
|
|
form_data = {}
|
|
slice_id = request.args.get("slice_id")
|
|
if slice_id:
|
|
slc = db.session.query(Slice).filter_by(id=slice_id).one_or_none()
|
|
if slc:
|
|
form_data = slc.form_data.copy()
|
|
|
|
update_time_range(form_data)
|
|
|
|
return json.dumps(form_data)
|