def validate(self) -> None:
# Validate/populate model exists
self._model = ChartDAO.find_by_id(self._model_id)
if not self._model:
raise ChartNotFoundError()
# Check ownership
try:
check_ownership(self._model)
except SupersetSecurityException:
raise ChartForbiddenError()
def validate(self) -> None:
# Validate/populate model exists
self._models = ChartDAO.find_by_ids(self._model_ids)
if not self._models or len(self._models) != len(self._model_ids):
raise ChartNotFoundError()
# Check ownership
for model in self._models:
try:
check_ownership(model)
except SupersetSecurityException:
raise ChartForbiddenError()
def validate(self) -> None:
exceptions: List[ValidationError] = []
dashboard_ids = self._properties.get("dashboards")
owner_ids: Optional[List[int]] = self._properties.get("owners")
# Validate if datasource_id is provided datasource_type is required
datasource_id = self._properties.get("datasource_id")
if datasource_id is not None:
datasource_type = self._properties.get("datasource_type", "")
if not datasource_type:
exceptions.append(
DatasourceTypeUpdateRequiredValidationError())
# Validate/populate model exists
self._model = ChartDAO.find_by_id(self._model_id)
if not self._model:
raise ChartNotFoundError()
# Check and update ownership; when only updating query context we ignore
# ownership so the update can be performed by report workers
if not is_query_context_update(self._properties):
try:
check_ownership(self._model)
owners = self.populate_owners(self._actor, owner_ids)
self._properties["owners"] = owners
except SupersetSecurityException as ex:
raise ChartForbiddenError() from ex
except ValidationError as ex:
exceptions.append(ex)
# Validate/Populate datasource
if datasource_id is not None:
try:
datasource = get_datasource_by_id(datasource_id,
datasource_type)
self._properties["datasource_name"] = datasource.name
except ValidationError as ex:
exceptions.append(ex)
# Validate/Populate dashboards only if it's a list
if dashboard_ids is not None:
dashboards = DashboardDAO.find_by_ids(dashboard_ids)
if len(dashboards) != len(dashboard_ids):
exceptions.append(DashboardsNotFoundValidationError())
self._properties["dashboards"] = dashboards
if exceptions:
exception = ChartInvalidError()
exception.add_list(exceptions)
raise exception
def check_access(dataset_id: int, chart_id: Optional[int],
actor: User) -> None:
check_dataset_access(dataset_id)
if not chart_id:
return
chart = ChartDAO.find_by_id(chart_id)
if chart:
can_access_chart = (is_user_admin() or is_owner(chart, actor)
or security_manager.can_access(
"can_read", "Chart"))
if can_access_chart:
return
raise ChartAccessDeniedError()
raise ChartNotFoundError()
def validate(self) -> None:
exceptions: List[ValidationError] = list()
dashboard_ids = self._properties.get("dashboards")
owner_ids: Optional[List[int]] = self._properties.get("owners")
# Validate if datasource_id is provided datasource_type is required
datasource_id = self._properties.get("datasource_id")
if datasource_id is not None:
datasource_type = self._properties.get("datasource_type", "")
if not datasource_type:
exceptions.append(
DatasourceTypeUpdateRequiredValidationError())
# Validate/populate model exists
self._model = ChartDAO.find_by_id(self._model_id)
if not self._model:
raise ChartNotFoundError()
# Check ownership
try:
check_ownership(self._model)
except SupersetSecurityException:
raise ChartForbiddenError()
# Validate/Populate datasource
if datasource_id is not None:
try:
datasource = get_datasource_by_id(datasource_id,
datasource_type)
self._properties["datasource_name"] = datasource.name
except ValidationError as ex:
exceptions.append(ex)
# Validate/Populate dashboards only if it's a list
if dashboard_ids is not None:
dashboards = DashboardDAO.find_by_ids(dashboard_ids)
if len(dashboards) != len(dashboard_ids):
exceptions.append(DashboardsNotFoundValidationError())
self._properties["dashboards"] = dashboards
# Validate/Populate owner
try:
owners = populate_owners(self._actor, owner_ids)
self._properties["owners"] = owners
except ValidationError as ex:
exceptions.append(ex)
if exceptions:
exception = ChartInvalidError()
exception.add_list(exceptions)
raise exception
def validate(self) -> None:
# Validate/populate model exists
self._model = ChartDAO.find_by_id(self._model_id)
if not self._model:
raise ChartNotFoundError()
# Check there are no associated ReportSchedules
reports = ReportScheduleDAO.find_by_chart_id(self._model_id)
if reports:
report_names = [report.name for report in reports]
raise ChartDeleteFailedReportsExistError(
_("There are associated alerts or reports: %s" %
",".join(report_names)))
# Check ownership
try:
check_ownership(self._model)
except SupersetSecurityException:
raise ChartForbiddenError()
def check_access(
datasource_id: int,
chart_id: Optional[int],
datasource_type: DatasourceType,
) -> Optional[bool]:
check_datasource_access(datasource_id, datasource_type)
if not chart_id:
return True
chart = ChartDAO.find_by_id(chart_id)
if chart:
can_access_chart = security_manager.is_owner(
chart
) or security_manager.can_access("can_read", "Chart")
if can_access_chart:
return True
raise ChartAccessDeniedError()
raise ChartNotFoundError()
def validate(self) -> None:
# Validate/populate model exists
self._models = ChartDAO.find_by_ids(self._model_ids)
if not self._models or len(self._models) != len(self._model_ids):
raise ChartNotFoundError()
# Check there are no associated ReportSchedules
reports = ReportScheduleDAO.find_by_chart_ids(self._model_ids)
if reports:
report_names = [report.name for report in reports]
raise ChartBulkDeleteFailedReportsExistError(
_("There are associated alerts or reports: %s" %
",".join(report_names)))
# Check ownership
for model in self._models:
try:
security_manager.raise_for_ownership(model)
except SupersetSecurityException as ex:
raise ChartForbiddenError() from ex
def check_access(
datasource_id: int,
chart_id: Optional[int],
datasource_type: DatasourceType,
) -> Optional[bool]:
check_datasource_access(datasource_id, datasource_type)
if not chart_id:
return True
# Access checks below, no need to validate them twice as they can be expensive.
chart = ChartDAO.find_by_id(chart_id, skip_base_filter=True)
if chart:
can_access_chart = security_manager.is_owner(
chart
) or security_manager.can_access("can_read", "Chart")
if can_access_chart:
return True
raise ChartAccessDeniedError()
raise ChartNotFoundError()
def validate(self) -> None:
self._models = ChartDAO.find_by_ids(self.chart_ids)
if len(self._models) != len(self.chart_ids):
raise ChartNotFoundError()