from superset.migrations.shared.security_converge import (
add_pvms,
get_reversed_new_pvms,
get_reversed_pvm_map,
migrate_roles,
Pvm,
)
NEW_PVMS = {
"Chart": (
"can_read",
"can_write",
)
}
PVM_MAP = {
Pvm("SliceModelView", "can_list"): (Pvm("Chart", "can_read"), ),
Pvm("SliceModelView", "can_show"): (Pvm("Chart", "can_read"), ),
Pvm(
"SliceModelView",
"can_edit",
): (Pvm("Chart", "can_write"), ),
Pvm(
"SliceModelView",
"can_delete",
): (Pvm("Chart", "can_write"), ),
Pvm(
"SliceModelView",
"can_add",
): (Pvm("Chart", "can_write"), ),
Pvm(
"SliceModelView",
security_manager.del_permission_view_menu(
new_pvm.permission, new_pvm.view
)
db.session.delete(new_role)
db.session.commit()
@pytest.mark.parametrize(
"descriptiom, new_pvms, pvm_map, external_pvms, deleted_views, deleted_permissions",
[
(
"Many to one readonly",
{"NewDummy": ("can_read",)},
{
Pvm("DummyView", "can_list"): (Pvm("NewDummy", "can_read"),),
Pvm("DummyView", "can_show"): (Pvm("NewDummy", "can_read"),),
},
(),
("DummyView",),
(),
),
(
"Many to one with new permission",
{"NewDummy": ("can_new_perm", "can_write")},
{
Pvm("DummyView", "can_list"): (Pvm("NewDummy", "can_new_perm"),),
Pvm("DummyView", "can_show"): (Pvm("NewDummy", "can_write"),),
},
(),
("DummyView",),
from superset.migrations.shared.security_converge import (
add_pvms,
get_reversed_new_pvms,
get_reversed_pvm_map,
migrate_roles,
Pvm,
)
NEW_PVMS = {
"SavedQuery": (
"can_read",
"can_write",
)
}
PVM_MAP = {
Pvm("SavedQueryView", "can_list"): (Pvm("SavedQuery", "can_read"), ),
Pvm("SavedQueryView", "can_show"): (Pvm("SavedQuery", "can_read"), ),
Pvm(
"SavedQueryView",
"can_add",
): (Pvm("SavedQuery", "can_write"), ),
Pvm(
"SavedQueryView",
"can_edit",
): (Pvm("SavedQuery", "can_write"), ),
Pvm(
"SavedQueryView",
"can_delete",
): (Pvm("SavedQuery", "can_write"), ),
Pvm(
"SavedQueryView",
from superset.migrations.shared.security_converge import (
add_pvms,
get_reversed_new_pvms,
get_reversed_pvm_map,
migrate_roles,
Pvm,
)
NEW_PVMS = {
"ReportSchedule": (
"can_read",
"can_write",
)
}
PVM_MAP = {
Pvm("ReportSchedule", "can_list"): (Pvm("ReportSchedule", "can_read"), ),
Pvm("ReportSchedule", "can_show"): (Pvm("ReportSchedule", "can_read"), ),
Pvm(
"ReportSchedule",
"can_add",
): (Pvm("ReportSchedule", "can_write"), ),
Pvm(
"ReportSchedule",
"can_edit",
): (Pvm("ReportSchedule", "can_write"), ),
Pvm(
"ReportSchedule",
"can_delete",
): (Pvm("ReportSchedule", "can_write"), ),
}
from superset.migrations.shared.security_converge import (
add_pvms,
get_reversed_new_pvms,
get_reversed_pvm_map,
migrate_roles,
Pvm,
)
NEW_PVMS = {
"Dataset": (
"can_read",
"can_write",
)
}
PVM_MAP = {
Pvm("SqlMetricInlineView", "can_add"): (Pvm("Dataset", "can_write"),),
Pvm("SqlMetricInlineView", "can_delete"): (Pvm("Dataset", "can_write"),),
Pvm("SqlMetricInlineView", "can_edit"): (Pvm("Dataset", "can_write"),),
Pvm("SqlMetricInlineView", "can_list"): (Pvm("Dataset", "can_read"),),
Pvm("SqlMetricInlineView", "can_show"): (Pvm("Dataset", "can_read"),),
Pvm("TableColumnInlineView", "can_add"): (Pvm("Dataset", "can_write"),),
Pvm("TableColumnInlineView", "can_delete"): (Pvm("Dataset", "can_write"),),
Pvm("TableColumnInlineView", "can_edit"): (Pvm("Dataset", "can_write"),),
Pvm("TableColumnInlineView", "can_list"): (Pvm("Dataset", "can_read"),),
Pvm("TableColumnInlineView", "can_show"): (Pvm("Dataset", "can_read"),),
Pvm(
"TableModelView",
"can_add",
): (Pvm("Dataset", "can_write"),),
Pvm(
"TableModelView",
from superset.migrations.shared.security_converge import (
add_pvms,
get_reversed_new_pvms,
get_reversed_pvm_map,
migrate_roles,
Pvm,
)
NEW_PVMS = {
"CssTemplate": (
"can_read",
"can_write",
)
}
PVM_MAP = {
Pvm("CssTemplateModelView", "can_list"): (Pvm("CssTemplate", "can_read"),),
Pvm("CssTemplateModelView", "can_show"): (Pvm("CssTemplate", "can_read"),),
Pvm(
"CssTemplateModelView",
"can_add",
): (Pvm("CssTemplate", "can_write"),),
Pvm(
"CssTemplateModelView",
"can_edit",
): (Pvm("CssTemplate", "can_write"),),
Pvm(
"CssTemplateModelView",
"can_delete",
): (Pvm("CssTemplate", "can_write"),),
Pvm(
"CssTemplateModelView",
from superset.migrations.shared.security_converge import (
add_pvms,
get_reversed_new_pvms,
get_reversed_pvm_map,
migrate_roles,
Pvm,
)
NEW_PVMS = {
"Dashboard": (
"can_read",
"can_write",
)
}
PVM_MAP = {
Pvm("DashboardModelView", "can_add"): (Pvm("Dashboard", "can_write"),),
Pvm("DashboardModelView", "can_delete"): (Pvm("Dashboard", "can_write"),),
Pvm(
"DashboardModelView",
"can_download_dashboards",
): (Pvm("Dashboard", "can_read"),),
Pvm(
"DashboardModelView",
"can_edit",
): (Pvm("Dashboard", "can_write"),),
Pvm(
"DashboardModelView",
"can_favorite_status",
): (Pvm("Dashboard", "can_read"),),
Pvm(
"DashboardModelView",
from sqlalchemy.orm import Session
from superset.migrations.shared.security_converge import (
add_pvms,
get_reversed_new_pvms,
get_reversed_pvm_map,
migrate_roles,
Pvm,
)
# revision identifiers, used by Alembic.
revision = "f6196627326f"
down_revision = "143b6f2815da"
PVM_MAP = {
Pvm("Chart", "can_get_data"): (Pvm("Chart", "can_read"),),
Pvm("Chart", "can_post_data"): (Pvm("Chart", "can_read"),),
}
def upgrade():
bind = op.get_bind()
session = Session(bind=bind)
# Add the new permissions on the migration itself
migrate_roles(session, PVM_MAP)
try:
session.commit()
except SQLAlchemyError as ex:
print(f"An error occurred while upgrading permissions: {ex}")
session.rollback()
get_reversed_pvm_map,
migrate_roles,
Pvm,
)
revision = "c25cb2c78727"
down_revision = "ccb74baaa89b"
NEW_PVMS = {
"Annotation": (
"can_read",
"can_write",
)
}
PVM_MAP = {
Pvm("AnnotationLayerModelView", "can_delete"):
(Pvm("Annotation", "can_write"), ),
Pvm("AnnotationLayerModelView", "can_list"): (Pvm("Annotation",
"can_read"), ),
Pvm(
"AnnotationLayerModelView",
"can_show",
): (Pvm("Annotation", "can_read"), ),
Pvm(
"AnnotationLayerModelView",
"can_add",
): (Pvm("Annotation", "can_write"), ),
Pvm(
"AnnotationLayerModelView",
"can_edit",
): (Pvm("Annotation", "can_write"), ),
get_reversed_pvm_map,
migrate_roles,
Pvm,
)
revision = "4b84f97828aa"
down_revision = "45731db65d9c"
NEW_PVMS = {
"Log": (
"can_read",
"can_write",
)
}
PVM_MAP = {
Pvm("LogModelView", "can_show"): (Pvm("Log", "can_read"), ),
Pvm(
"LogModelView",
"can_add",
): (Pvm("Log", "can_write"), ),
Pvm("LogModelView", "can_list"): (Pvm("Log", "can_read"), ),
}
def upgrade():
bind = op.get_bind()
session = Session(bind=bind)
# Add the new permissions on the migration itself
add_pvms(session, NEW_PVMS)
migrate_roles(session, PVM_MAP)
import sqlalchemy as sa
from alembic import op
from sqlalchemy.exc import SQLAlchemyError
from sqlalchemy.orm import Session
from superset.migrations.shared.security_converge import (
add_pvms,
get_reversed_new_pvms,
get_reversed_pvm_map,
migrate_roles,
Pvm,
)
NEW_PVMS = {"Database": ("can_read", "can_write",)}
PVM_MAP = {
Pvm("DatabaseView", "can_add"): (Pvm("Database", "can_write"),),
Pvm("DatabaseView", "can_delete"): (Pvm("Database", "can_write"),),
Pvm("DatabaseView", "can_edit",): (Pvm("Database", "can_write"),),
Pvm("DatabaseView", "can_list",): (Pvm("Database", "can_read"),),
Pvm("DatabaseView", "can_mulexport",): (Pvm("Database", "can_read"),),
Pvm("DatabaseView", "can_post",): (Pvm("Database", "can_write"),),
Pvm("DatabaseView", "can_show",): (Pvm("Database", "can_read"),),
Pvm("DatabaseView", "muldelete",): (Pvm("Database", "can_write"),),
Pvm("DatabaseView", "yaml_export",): (Pvm("Database", "can_read"),),
}
def upgrade():
bind = op.get_bind()
session = Session(bind=bind)