From e58a8a34c7f87ebc7d50d102ba0aaeb8087773d6 Mon Sep 17 00:00:00 2001 From: Markus Eriksson Date: Tue, 18 Jun 2024 09:46:20 +0200 Subject: [PATCH 1/3] fix: Add user filtering to changed_by #27986 --- superset/charts/api.py | 2 ++ superset/css_templates/api.py | 10 +++++++++- superset/dashboards/api.py | 2 ++ superset/databases/api.py | 9 +++++++++ superset/datasets/api.py | 2 ++ superset/queries/api.py | 2 ++ superset/queries/saved_queries/api.py | 8 +++++++- superset/reports/api.py | 2 ++ superset/row_level_security/api.py | 7 ++++++- 9 files changed, 41 insertions(+), 3 deletions(-) diff --git a/superset/charts/api.py b/superset/charts/api.py index d32f1f665ae14..205000c1249ac 100644 --- a/superset/charts/api.py +++ b/superset/charts/api.py @@ -268,10 +268,12 @@ def ensure_thumbnails_enabled(self) -> Optional[Response]: base_related_field_filters = { "owners": [["id", BaseFilterRelatedUsers, lambda: []]], "created_by": [["id", BaseFilterRelatedUsers, lambda: []]], + "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]], } related_field_filters = { "owners": RelatedFieldFilter("first_name", FilterRelatedOwners), "created_by": RelatedFieldFilter("first_name", FilterRelatedOwners), + "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners), } allowed_rel_fields = {"owners", "created_by", "changed_by"} diff --git a/superset/css_templates/api.py b/superset/css_templates/api.py index ac222da66f815..03ce8b1c81bb8 100644 --- a/superset/css_templates/api.py +++ b/superset/css_templates/api.py @@ -35,7 +35,8 @@ ) from superset.extensions import event_logger from superset.models.core import CssTemplate -from superset.views.base_api import BaseSupersetModelRestApi, statsd_metrics +from superset.views.base_api import BaseSupersetModelRestApi, RelatedFieldFilter, statsd_metrics +from superset.views.filters import BaseFilterRelatedUsers, FilterRelatedOwners logger = logging.getLogger(__name__) @@ -91,6 +92,13 @@ class CssTemplateRestApi(BaseSupersetModelRestApi): openapi_spec_tag = "CSS Templates" openapi_spec_methods = openapi_spec_methods_override + related_field_filters = { + "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners), + } + base_related_field_filters = { + "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]], + } + @expose("/", methods=("DELETE",)) @protect() @safe diff --git a/superset/dashboards/api.py b/superset/dashboards/api.py index 5d3616361f371..ba5c3aaa55f62 100644 --- a/superset/dashboards/api.py +++ b/superset/dashboards/api.py @@ -252,6 +252,7 @@ def ensure_thumbnails_enabled(self) -> Optional[Response]: base_related_field_filters = { "owners": [["id", BaseFilterRelatedUsers, lambda: []]], "created_by": [["id", BaseFilterRelatedUsers, lambda: []]], + "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]], "roles": [["id", BaseFilterRelatedRoles, lambda: []]], } @@ -259,6 +260,7 @@ def ensure_thumbnails_enabled(self) -> Optional[Response]: "owners": RelatedFieldFilter("first_name", FilterRelatedOwners), "roles": RelatedFieldFilter("name", FilterRelatedRoles), "created_by": RelatedFieldFilter("first_name", FilterRelatedOwners), + "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners), } allowed_rel_fields = {"owners", "roles", "created_by", "changed_by"} diff --git a/superset/databases/api.py b/superset/databases/api.py index 2c0aff8da03da..f28d9e1a208a3 100644 --- a/superset/databases/api.py +++ b/superset/databases/api.py @@ -126,10 +126,12 @@ from superset.views.base import json_errors_response from superset.views.base_api import ( BaseSupersetModelRestApi, + RelatedFieldFilter, requires_form_data, requires_json, statsd_metrics, ) +from superset.views.filters import BaseFilterRelatedUsers, FilterRelatedOwners logger = logging.getLogger(__name__) @@ -304,6 +306,13 @@ class DatabaseRestApi(BaseSupersetModelRestApi): openapi_spec_methods = openapi_spec_methods_override """ Overrides GET methods OpenApi descriptions """ + related_field_filters = { + "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners), + } + base_related_field_filters = { + "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]], + } + @expose("//connection", methods=("GET",)) @protect() @safe diff --git a/superset/datasets/api.py b/superset/datasets/api.py index 0f14be1a6d175..f8f6bdc0b9604 100644 --- a/superset/datasets/api.py +++ b/superset/datasets/api.py @@ -242,10 +242,12 @@ class DatasetRestApi(BaseSupersetModelRestApi): base_related_field_filters = { "owners": [["id", BaseFilterRelatedUsers, lambda: []]], + "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]], "database": [["id", DatabaseFilter, lambda: []]], } related_field_filters = { "owners": RelatedFieldFilter("first_name", FilterRelatedOwners), + "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners), "database": "database_name", } search_filters = { diff --git a/superset/queries/api.py b/superset/queries/api.py index 0695946fe07f3..c733c7f9d8784 100644 --- a/superset/queries/api.py +++ b/superset/queries/api.py @@ -144,11 +144,13 @@ class QueryRestApi(BaseSupersetModelRestApi): ] base_related_field_filters = { "created_by": [["id", BaseFilterRelatedUsers, lambda: []]], + "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]], "user": [["id", BaseFilterRelatedUsers, lambda: []]], "database": [["id", DatabaseFilter, lambda: []]], } related_field_filters = { "created_by": RelatedFieldFilter("first_name", FilterRelatedOwners), + "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners), "user": RelatedFieldFilter("first_name", FilterRelatedOwners), } diff --git a/superset/queries/saved_queries/api.py b/superset/queries/saved_queries/api.py index cd7b04193ff86..d178de04e6d45 100644 --- a/superset/queries/saved_queries/api.py +++ b/superset/queries/saved_queries/api.py @@ -56,9 +56,11 @@ from superset.utils import json from superset.views.base_api import ( BaseSupersetModelRestApi, + RelatedFieldFilter, requires_form_data, statsd_metrics, ) +from superset.views.filters import BaseFilterRelatedUsers, FilterRelatedOwners logger = logging.getLogger(__name__) @@ -180,8 +182,12 @@ class SavedQueryRestApi(BaseSupersetModelRestApi): related_field_filters = { "database": "database_name", + "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners), + } + base_related_field_filters = { + "database": [["id", DatabaseFilter, lambda: []]], + "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]], } - base_related_field_filters = {"database": [["id", DatabaseFilter, lambda: []]]} allowed_rel_fields = {"database", "changed_by", "created_by"} allowed_distinct_fields = {"catalog", "schema"} diff --git a/superset/reports/api.py b/superset/reports/api.py index 4a298b564dd8c..f8dd15e2f07ef 100644 --- a/superset/reports/api.py +++ b/superset/reports/api.py @@ -224,6 +224,7 @@ def ensure_alert_reports_enabled(self) -> Optional[Response]: "database": [["id", DatabaseFilter, lambda: []]], "owners": [["id", BaseFilterRelatedUsers, lambda: []]], "created_by": [["id", BaseFilterRelatedUsers, lambda: []]], + "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]], } text_field_rel_fields = { "dashboard": "dashboard_title", @@ -235,6 +236,7 @@ def ensure_alert_reports_enabled(self) -> Optional[Response]: "chart": "slice_name", "database": "database_name", "created_by": RelatedFieldFilter("first_name", FilterRelatedOwners), + "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners), "owners": RelatedFieldFilter("first_name", FilterRelatedOwners), } diff --git a/superset/row_level_security/api.py b/superset/row_level_security/api.py index 86956683cb15e..bfe3eee0b6bf6 100644 --- a/superset/row_level_security/api.py +++ b/superset/row_level_security/api.py @@ -47,10 +47,11 @@ from superset.views.base import DatasourceFilter from superset.views.base_api import ( BaseSupersetModelRestApi, + RelatedFieldFilter, requires_json, statsd_metrics, ) -from superset.views.filters import BaseFilterRelatedRoles +from superset.views.filters import BaseFilterRelatedRoles, BaseFilterRelatedUsers, FilterRelatedOwners logger = logging.getLogger(__name__) @@ -129,9 +130,13 @@ class RLSRestApi(BaseSupersetModelRestApi): edit_model_schema = RLSPutSchema() allowed_rel_fields = {"tables", "roles", "created_by", "changed_by"} + related_field_filters = { + "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners), + } base_related_field_filters = { "tables": [["id", DatasourceFilter, lambda: []]], "roles": [["id", BaseFilterRelatedRoles, lambda: []]], + "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]], } openapi_spec_methods = openapi_spec_methods_override From b861c3d2c6b07c73fb70a832199b006680e118b7 Mon Sep 17 00:00:00 2001 From: Markus Eriksson Date: Tue, 18 Jun 2024 23:25:47 +0200 Subject: [PATCH 2/3] chore: Correct formatting --- superset/css_templates/api.py | 6 +++++- superset/row_level_security/api.py | 7 +++++-- 2 files changed, 10 insertions(+), 3 deletions(-) diff --git a/superset/css_templates/api.py b/superset/css_templates/api.py index 03ce8b1c81bb8..5332553d4fd7d 100644 --- a/superset/css_templates/api.py +++ b/superset/css_templates/api.py @@ -35,7 +35,11 @@ ) from superset.extensions import event_logger from superset.models.core import CssTemplate -from superset.views.base_api import BaseSupersetModelRestApi, RelatedFieldFilter, statsd_metrics +from superset.views.base_api import ( + BaseSupersetModelRestApi, + RelatedFieldFilter, + statsd_metrics, +) from superset.views.filters import BaseFilterRelatedUsers, FilterRelatedOwners logger = logging.getLogger(__name__) diff --git a/superset/row_level_security/api.py b/superset/row_level_security/api.py index bfe3eee0b6bf6..46dc71d7b6982 100644 --- a/superset/row_level_security/api.py +++ b/superset/row_level_security/api.py @@ -51,8 +51,11 @@ requires_json, statsd_metrics, ) -from superset.views.filters import BaseFilterRelatedRoles, BaseFilterRelatedUsers, FilterRelatedOwners - +from superset.views.filters import ( + BaseFilterRelatedRoles, + BaseFilterRelatedUsers, + FilterRelatedOwners, +) logger = logging.getLogger(__name__) From 588ee3c20e2d9ad0e851b8c944ee2db392efb671 Mon Sep 17 00:00:00 2001 From: Markus Eriksson Date: Tue, 25 Jun 2024 08:25:54 +0200 Subject: [PATCH 3/3] chore: Adding missing newline to pass ruff linter --- superset/row_level_security/api.py | 1 + 1 file changed, 1 insertion(+) diff --git a/superset/row_level_security/api.py b/superset/row_level_security/api.py index 46dc71d7b6982..93d6656c67311 100644 --- a/superset/row_level_security/api.py +++ b/superset/row_level_security/api.py @@ -56,6 +56,7 @@ BaseFilterRelatedUsers, FilterRelatedOwners, ) + logger = logging.getLogger(__name__)