Skip to content

Commit

Permalink
Admin / Alpha permission cleanup and fixes. (#1645)
Browse files Browse the repository at this point in the history
  • Loading branch information
bkyryliuk authored Nov 19, 2016
1 parent 9b18128 commit 7a98f84
Showing 1 changed file with 20 additions and 3 deletions.
23 changes: 20 additions & 3 deletions superset/security.py
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,6 @@
} | READ_ONLY_MODELVIEWS

ADMIN_ONLY_PERMISSIONS = {
'all_datasource_access',
'all_database_access',
'datasource_access',
'database_access',
Expand All @@ -52,10 +51,21 @@
'datasource_access',
'database_access',
'muldelete',
'all_datasource_access',
])
READ_ONLY_PRODUCT = set(
product(READ_ONLY_PERMISSION, READ_ONLY_MODELVIEWS))

OBJECT_SPEC_PERMISSIONS = set([
'database_access',
'datasource_access',
'metric_access',
])


def is_user_defined_permission(perm):
return perm.permission.name in OBJECT_SPEC_PERMISSIONS


def get_or_create_main_db():
logging.info("Creating database reference")
Expand Down Expand Up @@ -99,11 +109,18 @@ def sync_role_definitions():

logging.info("Syncing admin perms")
for p in perms:
sm.add_permission_role(admin, p)
# admin has all_database_access and all_datasource_access
if is_user_defined_permission(p):
sm.del_permission_role(admin, p)
else:
sm.add_permission_role(admin, p)

logging.info("Syncing alpha perms")
for p in perms:
if (
# alpha has all_database_access and all_datasource_access
if is_user_defined_permission(p):
sm.del_permission_role(alpha, p)
elif (
(
p.view_menu.name not in ADMIN_ONLY_VIEW_MENUES and
p.permission.name not in ADMIN_ONLY_PERMISSIONS
Expand Down

0 comments on commit 7a98f84

Please sign in to comment.