def validate(self) -> None: # Validate/populate model exists self._model = DatasetDAO.find_by_id(self._model_id) if not self._model: raise DatasetNotFoundError() # Check ownership try: security_manager.raise_for_ownership(self._model) except SupersetSecurityException as ex: raise DatasetForbiddenError() from ex
def validate(self) -> None: # Validate/populate model exists self._models = ReportScheduleDAO.find_by_ids(self._model_ids) if not self._models or len(self._models) != len(self._model_ids): raise ReportScheduleNotFoundError() # Check ownership for model in self._models: try: security_manager.raise_for_ownership(model) except SupersetSecurityException as ex: raise ReportScheduleForbiddenError() from ex
def validate(self) -> None: exceptions: List[ValidationError] = [] dashboard_ids = self._properties.get("dashboards") owner_ids: Optional[List[int]] = self._properties.get("owners") # Validate if datasource_id is provided datasource_type is required datasource_id = self._properties.get("datasource_id") if datasource_id is not None: datasource_type = self._properties.get("datasource_type", "") if not datasource_type: exceptions.append( DatasourceTypeUpdateRequiredValidationError()) # Validate/populate model exists self._model = ChartDAO.find_by_id(self._model_id) if not self._model: raise ChartNotFoundError() # Check and update ownership; when only updating query context we ignore # ownership so the update can be performed by report workers if not is_query_context_update(self._properties): try: security_manager.raise_for_ownership(self._model) owners = self.populate_owners(owner_ids) self._properties["owners"] = owners except SupersetSecurityException as ex: raise ChartForbiddenError() from ex except ValidationError as ex: exceptions.append(ex) # Validate/Populate datasource if datasource_id is not None: try: datasource = get_datasource_by_id(datasource_id, datasource_type) self._properties["datasource_name"] = datasource.name except ValidationError as ex: exceptions.append(ex) # Validate/Populate dashboards only if it's a list if dashboard_ids is not None: dashboards = DashboardDAO.find_by_ids(dashboard_ids) if len(dashboards) != len(dashboard_ids): exceptions.append(DashboardsNotFoundValidationError()) self._properties["dashboards"] = dashboards if exceptions: exception = ChartInvalidError() exception.add_list(exceptions) raise exception
def validate(self) -> None: # Validate/populate model exists self._model = DashboardDAO.find_by_id(self._model_id) if not self._model: raise DashboardNotFoundError() # Check there are no associated ReportSchedules reports = ReportScheduleDAO.find_by_dashboard_id(self._model_id) if reports: report_names = [report.name for report in reports] raise DashboardDeleteFailedReportsExistError( _("There are associated alerts or reports: %s" % ",".join(report_names))) # Check ownership try: security_manager.raise_for_ownership(self._model) except SupersetSecurityException as ex: raise DashboardForbiddenError() from ex
def validate(self) -> None: exceptions: List[ValidationError] = [] owners_ids: Optional[List[int]] = self._properties.get("owners") roles_ids: Optional[List[int]] = self._properties.get("roles") slug: Optional[str] = self._properties.get("slug") # Validate/populate model exists self._model = DashboardDAO.find_by_id(self._model_id) if not self._model: raise DashboardNotFoundError() # Check ownership try: security_manager.raise_for_ownership(self._model) except SupersetSecurityException as ex: raise DashboardForbiddenError() from ex # Validate slug uniqueness if not DashboardDAO.validate_update_slug_uniqueness(self._model_id, slug): exceptions.append(DashboardSlugExistsValidationError()) # Validate/Populate owner if owners_ids is None: owners_ids = [owner.id for owner in self._model.owners] try: owners = self.populate_owners(owners_ids) self._properties["owners"] = owners except ValidationError as ex: exceptions.append(ex) if exceptions: exception = DashboardInvalidError() exception.add_list(exceptions) raise exception # Validate/Populate role if roles_ids is None: roles_ids = [role.id for role in self._model.roles] try: roles = populate_roles(roles_ids) self._properties["roles"] = roles except ValidationError as ex: exceptions.append(ex) if exceptions: exception = DashboardInvalidError() exception.add_list(exceptions) raise exception
def validate(self) -> None: # Validate/populate model exists self._models = ChartDAO.find_by_ids(self._model_ids) if not self._models or len(self._models) != len(self._model_ids): raise ChartNotFoundError() # Check there are no associated ReportSchedules reports = ReportScheduleDAO.find_by_chart_ids(self._model_ids) if reports: report_names = [report.name for report in reports] raise ChartBulkDeleteFailedReportsExistError( _("There are associated alerts or reports: %s" % ",".join(report_names))) # Check ownership for model in self._models: try: security_manager.raise_for_ownership(model) except SupersetSecurityException as ex: raise ChartForbiddenError() from ex
def validate(self) -> None: exceptions: List[ValidationError] = [] owner_ids: Optional[List[int]] = self._properties.get("owners") # Validate/populate model exists self._model = DatasetDAO.find_by_id(self._model_id) if not self._model: raise DatasetNotFoundError() # Check ownership try: security_manager.raise_for_ownership(self._model) except SupersetSecurityException as ex: raise DatasetForbiddenError() from ex database_id = self._properties.get("database", None) table_name = self._properties.get("table_name", None) # Validate uniqueness if not DatasetDAO.validate_update_uniqueness( self._model.database_id, self._model_id, table_name): exceptions.append(DatasetExistsValidationError(table_name)) # Validate/Populate database not allowed to change if database_id and database_id != self._model: exceptions.append(DatabaseChangeValidationError()) # Validate/Populate owner try: owners = self.populate_owners(owner_ids) self._properties["owners"] = owners except ValidationError as ex: exceptions.append(ex) # Validate columns columns = self._properties.get("columns") if columns: self._validate_columns(columns, exceptions) # Validate metrics metrics = self._properties.get("metrics") if metrics: self._validate_metrics(metrics, exceptions) if exceptions: exception = DatasetInvalidError() exception.add_list(exceptions) raise exception
def save(self) -> FlaskResponse: data = request.form.get("data") if not isinstance(data, str): return json_error_response(_("Request missing data field."), status=500) datasource_dict = json.loads(data) datasource_id = datasource_dict.get("id") datasource_type = datasource_dict.get("type") database_id = datasource_dict["database"].get("id") orm_datasource = DatasourceDAO.get_datasource( db.session, DatasourceType(datasource_type), datasource_id) orm_datasource.database_id = database_id if "owners" in datasource_dict and orm_datasource.owner_class is not None: # Check ownership try: security_manager.raise_for_ownership(orm_datasource) except SupersetSecurityException as ex: raise DatasetForbiddenError() from ex datasource_dict["owners"] = populate_owners(datasource_dict["owners"], default_to_user=False) duplicates = [ name for name, count in Counter( [col["column_name"] for col in datasource_dict["columns"]]).items() if count > 1 ] if duplicates: return json_error_response( _( "Duplicate column name(s): %(columns)s", columns=",".join(duplicates), ), status=409, ) orm_datasource.update_from_object(datasource_dict) data = orm_datasource.data db.session.commit() return self.json_response(sanitize_datasource_data(data))
def pre_delete(self, item: "SliceModelView") -> None: security_manager.raise_for_ownership(item)
def pre_update(self, item: "SliceModelView") -> None: utils.validate_json(item.params) security_manager.raise_for_ownership(item)
def pre_delete(self, item: "DashboardMixin") -> None: # pylint: disable=no-self-use security_manager.raise_for_ownership(item)
def validate(self) -> None: exceptions: List[ValidationError] = [] owner_ids: Optional[List[int]] = self._properties.get("owners") report_type = self._properties.get("type", ReportScheduleType.ALERT) name = self._properties.get("name", "") self._model = ReportScheduleDAO.find_by_id(self._model_id) # Does the report exist? if not self._model: raise ReportScheduleNotFoundError() # Change the state to not triggered when the user deactivates # A report that is currently in a working state. This prevents # an alert/report from being kept in a working state if activated back if (self._model.last_state == ReportState.WORKING and "active" in self._properties and not self._properties["active"]): self._properties["last_state"] = ReportState.NOOP # validate relation by report type if not report_type: report_type = self._model.type # Validate name type uniqueness if not ReportScheduleDAO.validate_update_uniqueness( name, report_type, expect_id=self._model_id): exceptions.append( ReportScheduleNameUniquenessValidationError( report_type=report_type, name=name)) if report_type == ReportScheduleType.ALERT: database_id = self._properties.get("database") # If database_id was sent let's validate it exists if database_id: database = DatabaseDAO.find_by_id(database_id) if not database: exceptions.append(DatabaseNotFoundValidationError()) self._properties["database"] = database # Validate chart or dashboard relations self.validate_chart_dashboard(exceptions, update=True) if "validator_config_json" in self._properties: self._properties["validator_config_json"] = json.dumps( self._properties["validator_config_json"]) # Check ownership try: security_manager.raise_for_ownership(self._model) except SupersetSecurityException as ex: raise ReportScheduleForbiddenError() from ex # Validate/Populate owner if owner_ids is None: owner_ids = [owner.id for owner in self._model.owners] try: owners = self.populate_owners(owner_ids) self._properties["owners"] = owners except ValidationError as ex: exceptions.append(ex) if exceptions: exception = ReportScheduleInvalidError() exception.add_list(exceptions) raise exception
def pre_update(self, item: "DashboardModelView") -> None: security_manager.raise_for_ownership(item) self.pre_add(item)