diff --git a/requirements/base.txt b/requirements/base.txt index 8387d380bc5ab..f3bd5512645ec 100644 --- a/requirements/base.txt +++ b/requirements/base.txt @@ -76,7 +76,7 @@ flask==2.0.3 # flask-migrate # flask-sqlalchemy # flask-wtf -flask-appbuilder==4.1.4 +flask-appbuilder==4.1.6 # via apache-superset flask-babel==1.0.0 # via flask-appbuilder diff --git a/setup.py b/setup.py index cad76a9572997..04e14a99b0b5b 100644 --- a/setup.py +++ b/setup.py @@ -83,7 +83,7 @@ def get_git_sha() -> str: "cryptography>=3.3.2", "deprecation>=2.1.0, <2.2.0", "flask>=2.0.0, <3.0.0", - "flask-appbuilder>=4.1.4, <5.0.0", + "flask-appbuilder>=4.1.6, <5.0.0", "flask-caching>=1.10.0", "flask-compress", "flask-talisman", diff --git a/superset/views/utils.py b/superset/views/utils.py index 6b6d5a0fb8579..835c8eda0d8d6 100644 --- a/superset/views/utils.py +++ b/superset/views/utils.py @@ -103,23 +103,20 @@ def bootstrap_user_data(user: User, include_perms: bool = False) -> Dict[str, An def get_permissions( user: User, -) -> Tuple[Dict[str, List[List[str]]], DefaultDict[str, List[str]]]: +) -> Tuple[Dict[str, List[Tuple[str]]], DefaultDict[str, List[str]]]: if not user.roles: raise AttributeError("User object does not have roles") - roles = defaultdict(list) - permissions = defaultdict(set) - - for role in user.roles: - permissions_ = security_manager.get_role_permissions(role) - for permission in permissions_: + data_permissions = defaultdict(set) + roles_permissions = security_manager.get_user_roles_permissions(user) + for _, permissions in roles_permissions.items(): + for permission in permissions: if permission[0] in ("datasource_access", "database_access"): - permissions[permission[0]].add(permission[1]) - roles[role.name].append([permission[0], permission[1]]) + data_permissions[permission[0]].add(permission[1]) transformed_permissions = defaultdict(list) - for perm in permissions: - transformed_permissions[perm] = list(permissions[perm]) - return roles, transformed_permissions + for perm in data_permissions: + transformed_permissions[perm] = list(data_permissions[perm]) + return roles_permissions, transformed_permissions def get_viz(