diff --git a/superset/config.py b/superset/config.py index ae81cfcb6e402..c9b8607e3e6ff 100644 --- a/superset/config.py +++ b/superset/config.py @@ -377,6 +377,22 @@ class CeleryConfig(object): # an XSS security vulnerability ENABLE_JAVASCRIPT_CONTROLS = False +# A callable that allows altering the database conneciton URL and params +# on the fly, at runtime. This allows for things like impersonation or +# arbitrary logic. For instance you can wire different users to +# use different connection parameters, or pass their email address as the +# username. The function receives the connection uri object, connection +# params, and user object, and returns the mutated uri and params objects. +# Example: +# def DB_CONNECTION_MUTATOR(uri, params, user): +# if user and user.email: +# uri.username = user.email +# return uri, params +# +# Note that the returned uri and params are passed directly to sqlalchemy's +# as such `create_engine(url, **params)` +DB_CONNECTION_MUTATOR = None + try: if CONFIG_PATH_ENV_VAR in os.environ: # Explicitly import config module that is not in pythonpath; useful diff --git a/superset/models/core.py b/superset/models/core.py index b4dbada947f4e..41d8742b65b7c 100644 --- a/superset/models/core.py +++ b/superset/models/core.py @@ -675,6 +675,9 @@ def get_sqla_engine(self, schema=None, nullpool=True, user_name=None): if configuration: params['connect_args'] = {'configuration': configuration} + DB_CONNECTION_MUTATOR = config.get('DB_CONNECTION_MUTATOR') + if DB_CONNECTION_MUTATOR: + url, params = DB_CONNECTION_MUTATOR(url, params, g.user) return create_engine(url, **params) def get_reserved_words(self):