コード例 #1
0
 def at_least_one_schema_is_allowed(database: Database) -> bool:
     """
     If the user has access to the database or all datasource
         1. if schemas_allowed_for_csv_upload is empty
             a) if database does not support schema
                 user is able to upload csv without specifying schema name
             b) if database supports schema
                 user is able to upload csv to any schema
         2. if schemas_allowed_for_csv_upload is not empty
             a) if database does not support schema
                 This situation is impossible and upload will fail
             b) if database supports schema
                 user is able to upload to schema in schemas_allowed_for_csv_upload
     elif the user does not access to the database or all datasource
         1. if schemas_allowed_for_csv_upload is empty
             a) if database does not support schema
                 user is unable to upload csv
             b) if database supports schema
                 user is unable to upload csv
         2. if schemas_allowed_for_csv_upload is not empty
             a) if database does not support schema
                 This situation is impossible and user is unable to upload csv
             b) if database supports schema
                 user is able to upload to schema in schemas_allowed_for_csv_upload
     """
     if security_manager.can_access_database(database):
         return True
     schemas = database.get_schema_access_for_csv_upload()
     if schemas and security_manager.get_schemas_accessible_by_user(
         database, schemas, False
     ):
         return True
     return False
コード例 #2
0
def schema_allows_csv_upload(database: Database, schema: Optional[str]) -> bool:
    if not database.allow_csv_upload:
        return False
    schemas = database.get_schema_access_for_csv_upload()
    if schemas:
        return schema in schemas
    return security_manager.can_access_database(database)
コード例 #3
0
    def get_user_datasources(cls, session: Session) -> List["BaseDatasource"]:
        from superset import security_manager

        # collect datasources which the user has explicit permissions to
        user_perms = security_manager.user_view_menu_names("datasource_access")
        schema_perms = security_manager.user_view_menu_names("schema_access")
        user_datasources = set()
        for datasource_class in ConnectorRegistry.sources.values():
            user_datasources.update(
                session.query(datasource_class).filter(
                    or_(
                        datasource_class.perm.in_(user_perms),
                        datasource_class.schema_perm.in_(schema_perms),
                    )).all())

        # group all datasources by database
        all_datasources = cls.get_all_datasources(session)
        datasources_by_database: Dict["Database",
                                      Set["BaseDatasource"]] = defaultdict(set)
        for datasource in all_datasources:
            datasources_by_database[datasource.database].add(datasource)

        # add datasources with implicit permission (eg, database access)
        for database, datasources in datasources_by_database.items():
            if security_manager.can_access_database(database):
                user_datasources.update(datasources)

        return list(user_datasources)