apache · bkyryliuk · Sep 22, 2016 · Sep 12, 2016 · Sep 20, 2016 · Sep 21, 2016
diff --git a/caravel/migrations/versions/5e4a03ef0bf0_add_request_access_model.py b/caravel/migrations/versions/5e4a03ef0bf0_add_request_access_model.py
@@ -10,7 +10,7 @@
 
 # revision identifiers, used by Alembic.
 revision = '5e4a03ef0bf0'
-down_revision = '65903709c321'
+down_revision = 'b347b202819b'
 
 
 def upgrade():
@@ -19,14 +19,12 @@ def upgrade():
         sa.Column('created_on', sa.DateTime(), nullable=True),
         sa.Column('changed_on', sa.DateTime(), nullable=True),
         sa.Column('id', sa.Integer(), nullable=False),
-        sa.Column('table_id', sa.Integer(), nullable=True),
-        sa.Column('druid_datasource_id', sa.Integer(), nullable=True),
+        sa.Column('datasource_type', sa.String(length=200), nullable=True),
+        sa.Column('datasource_id', sa.Integer(), nullable=True),
         sa.Column('changed_by_fk', sa.Integer(), nullable=True),
         sa.Column('created_by_fk', sa.Integer(), nullable=True),
         sa.ForeignKeyConstraint(['changed_by_fk'], ['ab_user.id'], ),
         sa.ForeignKeyConstraint(['created_by_fk'], ['ab_user.id'], ),
-        sa.ForeignKeyConstraint(['druid_datasource_id'], ['datasources.id'], ),
-        sa.ForeignKeyConstraint(['table_id'], ['tables.id'], ),
         sa.PrimaryKeyConstraint('id')
     )
 

diff --git a/caravel/models.py b/caravel/models.py
@@ -2018,43 +2018,47 @@ class DatasourceAccessRequest(Model, AuditMixinNullable):
     __tablename__ = 'access_request'
     id = Column(Integer, primary_key=True)
 
-    table_id = Column(Integer, ForeignKey('tables.id'))
-    druid_datasource_id = Column(Integer, ForeignKey('datasources.id'))
-
-    table = relationship('SqlaTable', foreign_keys=[table_id])
-    druid_datasource = relationship(
-        'DruidDatasource', foreign_keys=[druid_datasource_id])
+    datasource_id = Column(Integer)
+    datasource_type = Column(String(200))
 
     ROLES_BLACKLIST = set(['Admin', 'Alpha', 'Gamma', 'Public'])
 
+    @property
+    def cls_model(self):
+        return src_registry.sources[self.datasource_type]
+
     @property
     def username(self):
         return self.creator()
 
     @property
     def datasource(self):
-        if self.druid_datasource:
-            return self.druid_datasource
-        return self.table
+        return self.get_datasource
+
+    @datasource.getter
+    @utils.memoized
+    def get_datasource(self):
+        ds = db.session.query(self.cls_model).filter_by(
+            id=self.datasource_id).first()
+        return ds
 
     @property
     def datasource_link(self):
         return self.datasource.link
 
-    @property
-    def permission_view(self):
-        return sm.find_permission_view_menu(
-            'datasource_access', self.datasource.perm)
-
     @property
     def roles_with_datasource(self):
         action_list = ''
-        for r in self.permission_view.role:
+        pv = sm.find_permission_view_menu(
+            'datasource_access', self.datasource.perm)
+        for r in pv.role:
             if r.name in self.ROLES_BLACKLIST:
                 continue
             url = (
-                '/caravel/approve?request_access_id={}&role_to_grant={}'
-                .format(self.id, r.name)
+                '/caravel/approve?datasource_type={self.datasource_type}&'
+                'datasource_id={self.datasource_id}&'
+                'created_by={self.created_by.username}&role_to_grant={r.name}'
+                .format(**locals())
             )
             href = '<a href="{}">Grant {} Role</a>'.format(url, r.name)
             action_list = action_list + '<li>' + href + '</li>'
@@ -2065,8 +2069,10 @@ def user_roles(self):
         action_list = ''
         for r in self.created_by.roles:
             url = (
-                '/caravel/approve?request_access_id={}&role_to_extend={}'
-                .format(self.id, r.name)
+                '/caravel/approve?datasource_type={self.datasource_type}&'
+                'datasource_id={self.datasource_id}&'
+                'created_by={self.created_by.username}&role_to_extend={r.name}'
+                .format(**locals())
             )
             href = '<a href="{}">Extend {} Role</a>'.format(url, r.name)
             if r.name in self.ROLES_BLACKLIST:

diff --git a/caravel/views.py b/caravel/views.py
@@ -74,6 +74,9 @@ class ListWidgetWithCheckboxes(ListWidget):
 ALL_DATASOURCE_ACCESS_ERR = __(
     "This endpoint requires the `all_datasource_access` permission")
 DATASOURCE_MISSING_ERR = __("The datasource seems to have been deleted")
+ACCESS_REQUEST_MISSING_ERR = __(
+    "The access requests seem to have been deleted")
+USER_MISSING_ERR = __("The user seems to have been deleted")
 
 
 def get_database_access_error_msg(database_name):
@@ -994,7 +997,8 @@ class Caravel(BaseCaravelView):
     def request_access_form(
             self, datasource_type, datasource_id, datasource_name):
         request_access_url = (
-            '/caravel/request_access?{}={}&datasource_name={}'.format(
+            '/caravel/request_access?datasource_type={}&datasource_id={}&'
+            'datasource_name=datasource_name'.format(
                 datasource_type, datasource_id, datasource_name)
         )
         return self.render_template(
@@ -1007,20 +1011,16 @@ def request_access_form(
     @has_access
     @expose("/request_access")
     def request_access(self):
-        table_id = request.args.get('table')
-        druid_datasource_id = request.args.get('druid')
+        datasource_id = request.args.get('datasource_id')
+        datasource_type = request.args.get('datasource_type')
         datasource_name = request.args.get('datasource_name')
+        session = db.session
 
-        duplicates = (
-            db.session.query(models.DatasourceAccessRequest)
-            .filter(
-                models.DatasourceAccessRequest.created_by_fk ==
-                g.user.get_id(),
-                models.DatasourceAccessRequest.table_id == table_id,
-                models.DatasourceAccessRequest.druid_datasource_id ==
-                druid_datasource_id,
-            ).all()
-        )
+        duplicates = session.query(models.DatasourceAccessRequest).filter(
+            models.DatasourceAccessRequest.datasource_id == datasource_id,
+            models.DatasourceAccessRequest.datasource_type ==
+            datasource_type,
+            models.DatasourceAccessRequest.created_by_fk == g.user.id).all()
 
         if duplicates:
             flash(__(
@@ -1029,8 +1029,8 @@ def request_access(self):
             return redirect('/slicemodelview/list/')
 
         access_request = models.DatasourceAccessRequest(
-            table_id=table_id,
-            druid_datasource_id=druid_datasource_id,
+            datasource_id=datasource_id,
+            datasource_type=datasource_type,
         )
         db.session.add(access_request)
         db.session.commit()
@@ -1042,45 +1042,64 @@ def request_access(self):
     @has_access
     @expose("/approve")
     def approve(self):
-        request_access_id = request.args.get('request_access_id')
+        datasource_type = request.args.get('datasource_type')
+        datasource_id = request.args.get('datasource_id')
+        created_by_username = request.args.get('created_by')
         role_to_grant = request.args.get('role_to_grant')
         role_to_extend = request.args.get('role_to_extend')
-        access_request = (
-            db.session.query(models.DatasourceAccessRequest)
-            .filter_by(id=request_access_id).first()
-        )
+
+        session = db.session
+        datasource_class = src_registry.sources[datasource_type]
+        datasource = session.query(datasource_class).filter_by(
+            id=datasource_id).first()
+
+        if not datasource:
+            flash(DATASOURCE_MISSING_ERR, "alert")
+            return json_error_response(DATASOURCE_MISSING_ERR)
+
+        requested_by = sm.find_user(username=created_by_username)
+        if not requested_by:
+            flash(USER_MISSING_ERR, "alert")
+            return json_error_response(USER_MISSING_ERR)
+
+        requests = (session.query(models.DatasourceAccessRequest).filter(
+            models.DatasourceAccessRequest.datasource_id == datasource_id,
+            models.DatasourceAccessRequest.datasource_type == datasource_type,
+            models.DatasourceAccessRequest.created_by_fk == requested_by.id)
+                    .all())
+
+        if not requests:
+            flash(ACCESS_REQUEST_MISSING_ERR, "alert")
+            return json_error_response(ACCESS_REQUEST_MISSING_ERR)
+
         # check if you can approve
-        if (self.all_datasource_access() or
-                (access_request.datasource and
-                 access_request.datasource.created_by_fk and
-                 g.user.id == access_request.datasource.owner_id)):
+        if self.all_datasource_access() or g.user.id == datasource.owner_id:
             # can by done by admin only
             if role_to_grant:
                 role = sm.find_role(role_to_grant)
-                access_request.created_by.roles.append(role)
+                requested_by.roles.append(role)
                 flash(__(
                     "%(user)s was granted the role %(role)s that gives access "
                     "to the %(datasource)s",
-                    user=access_request.creator(),
+                    user=requested_by.username,
                     role=role_to_grant,
-                    datasource=access_request.datasource.full_name), "info")
+                    datasource=datasource.full_name), "info")
 
             if role_to_extend:
-                sm.add_permission_role(sm.find_role(role_to_extend),
-                                       access_request.permission_view)
-                flash(__("Role %(role)s was extended to provide the access to"
-                         " the datasource %(datasource)s",
-                         role=role_to_extend,
-                         datasource=access_request.datasource.full_name),
-                      "info")
+                perm_view = sm.find_permission_view_menu(
+                    'datasource_access', datasource.perm)
+                sm.add_permission_role(sm.find_role(role_to_extend), perm_view)
+                flash(__("Role %(r)s was extended to provide the access to"
+                         " the datasource %(ds)s",
+                         r=role_to_extend, ds=datasource.full_name), "info")
 
         else:
             flash(__("You have no permission to approve this request"),
                   "danger")
             return redirect('/accessrequestsmodelview/list/')
-
-        db.session.delete(access_request)
-        db.session.commit()
+        for r in requests:
+            session.delete(r)
+        session.commit()
         return redirect('/accessrequestsmodelview/list/')
 
     @has_access

diff --git a/tests/base_tests.py b/tests/base_tests.py
@@ -22,7 +22,7 @@ class CaravelTestCase(unittest.TestCase):
     def __init__(self, *args, **kwargs):
         super(CaravelTestCase, self).__init__(*args, **kwargs)
         self.client = app.test_client()
-
+        self.maxDiff = None
         utils.init(caravel)
 
         admin = appbuilder.sm.find_user('admin')
@@ -92,42 +92,13 @@ def get_latest_query(self, sql):
         session.close()
         return query
 
-    def get_access_requests(
-            self, username, table_id=None, druid_datasource_id=None):
-        if table_id:
-            return (
-                db.session.query(models.DatasourceAccessRequest)
-                .filter(
-                    models.DatasourceAccessRequest.created_by_fk ==
-                    sm.find_user(username).id,
-                    models.DatasourceAccessRequest.table_id == table_id
-                ).all()
-            )
-        if druid_datasource_id:
-            return (
-                db.session.query(models.DatasourceAccessRequest)
-                .filter(
-                    models.DatasourceAccessRequest.created_by_fk ==
-                    sm.find_user(username).id,
-                    models.DatasourceAccessRequest.druid_datasource_id ==
-                    druid_datasource_id
-                ).all()
-            )
-
-
-    def get_table_by_name(self, table_name):
-        return (
-            db.session.query(models.SqlaTable)
-                .filter(models.SqlaTable.table_name == table_name)
-                .first()
-        )
-
-    def get_druid_ds_by_name(self, druid_ds_name):
-        return (
-            db.session.query(models.DruidDatasource)
-                .filter(models.DruidDatasource.datasource_name == druid_ds_name)
-                .first()
-        )
+    def get_access_requests(self, username, ds_type, ds_id):
+            return db.session.query(models.DatasourceAccessRequest).filter(
+                models.DatasourceAccessRequest.created_by_fk ==
+                sm.find_user(username=username).id,
+                models.DatasourceAccessRequest.datasource_type == ds_type,
+                models.DatasourceAccessRequest.datasource_id == ds_id
+            ).all()
 
     def logout(self):
         self.client.get('/logout/', follow_redirects=True)