Пример #1
0
 def at_least_one_schema_is_allowed(database):
     """
     If the user has access to the database or all datasource
         1. if schemas_allowed_for_csv_upload is empty
             a) if database does not support schema
                 user is able to upload csv without specifying schema name
             b) if database supports schema
                 user is able to upload csv to any schema
         2. if schemas_allowed_for_csv_upload is not empty
             a) if database does not support schema
                 This situation is impossible and upload will fail
             b) if database supports schema
                 user is able to upload to schema in schemas_allowed_for_csv_upload
     elif the user does not access to the database or all datasource
         1. if schemas_allowed_for_csv_upload is empty
             a) if database does not support schema
                 user is unable to upload csv
             b) if database supports schema
                 user is unable to upload csv
         2. if schemas_allowed_for_csv_upload is not empty
             a) if database does not support schema
                 This situation is impossible and user is unable to upload csv
             b) if database supports schema
                 user is able to upload to schema in schemas_allowed_for_csv_upload
     """
     if (security_manager.database_access(database) or
             security_manager.all_datasource_access()):
         return True
     schemas = database.get_schema_access_for_csv_upload()
     if (schemas and
         security_manager.schemas_accessible_by_user(
             database, schemas, False)):
         return True
     return False
Пример #2
0
 def at_least_one_schema_is_allowed(database):
     """
     If the user has access to the database or all datasource
         1. if schemas_allowed_for_csv_upload is empty
             a) if database does not support schema
                 user is able to upload csv without specifying schema name
             b) if database supports schema
                 user is able to upload csv to any schema
         2. if schemas_allowed_for_csv_upload is not empty
             a) if database does not support schema
                 This situation is impossible and upload will fail
             b) if database supports schema
                 user is able to upload to schema in schemas_allowed_for_csv_upload
     elif the user does not access to the database or all datasource
         1. if schemas_allowed_for_csv_upload is empty
             a) if database does not support schema
                 user is unable to upload csv
             b) if database supports schema
                 user is unable to upload csv
         2. if schemas_allowed_for_csv_upload is not empty
             a) if database does not support schema
                 This situation is impossible and user is unable to upload csv
             b) if database supports schema
                 user is able to upload to schema in schemas_allowed_for_csv_upload
     """
     if (security_manager.database_access(database)
             or security_manager.all_datasource_access()):
         return True
     schemas = database.get_schema_access_for_csv_upload()
     if schemas and security_manager.schemas_accessible_by_user(
             database, schemas, False):
         return True
     return False
Пример #3
0
 def is_schema_allowed(self, database, schema):
     if not database.allow_csv_upload:
         return False
     schemas = database.get_schema_access_for_csv_upload()
     if schemas:
         return schema in schemas
     return (security_manager.database_access(database)
             or security_manager.all_datasource_access())
Пример #4
0
 def apply(self, query: Query, value: Any) -> Query:
     if security_manager.all_datasource_access():
         return query
     perms = security_manager.user_view_menu_names("datasource_access")
     schema_perms = security_manager.user_view_menu_names("schema_access")
     return query.filter(
         or_(self.model.perm.in_(perms),
             self.model.schema_perm.in_(schema_perms)))
Пример #5
0
def schema_allows_csv_upload(database: Database,
                             schema: Optional[str]) -> bool:
    if not database.allow_csv_upload:
        return False
    schemas = database.get_schema_access_for_csv_upload()
    if schemas:
        return schema in schemas
    return (security_manager.database_access(database)
            or security_manager.all_datasource_access())
Пример #6
0
 def apply(self, query, func):  # noqa
     if security_manager.all_datasource_access():
         return query
     datasource_perms = security_manager.user_view_menu_names(
         "datasource_access")
     schema_perms = security_manager.user_view_menu_names("schema_access")
     return query.filter(
         or_(
             self.model.perm.in_(datasource_perms),
             self.model.schema_perm.in_(schema_perms),
         ))
Пример #7
0
    def _is_schema_allowed_for_csv_upload(self,
                                          database: Database,
                                          schema: str = None) -> bool:
        """ Checks whether the specified schema is allowed for csv-uploads

        Keyword Arguments:
        database -- The database object which will be used for the import
        schema -- the schema to be used for the import

        :return if schema allow csv upload
        """
        if not database.allow_csv_upload:
            return False
        schemas = database.get_schema_access_for_csv_upload()
        if schemas:
            return schema in schemas
        return (security_manager.database_access(database)
                or security_manager.all_datasource_access())
Пример #8
0
    def apply(self, query: Query, value: Any) -> Query:
        user_roles = [role.name.lower() for role in list(get_user_roles())]
        if "admin" in user_roles:
            return query

        datasource_perms = security_manager.user_view_menu_names(
            "datasource_access")
        schema_perms = security_manager.user_view_menu_names("schema_access")
        all_datasource_access = security_manager.all_datasource_access()
        published_dash_query = (
            db.session.query(Dashboard.id).join(Dashboard.slices).filter(
                and_(
                    Dashboard.published == True,  # pylint: disable=singleton-comparison
                    or_(
                        Slice.perm.in_(datasource_perms),
                        Slice.schema_perm.in_(schema_perms),
                        all_datasource_access,
                    ),
                )))

        users_favorite_dash_query = db.session.query(FavStar.obj_id).filter(
            and_(
                FavStar.user_id == security_manager.user_model.get_user_id(),
                FavStar.class_name == "Dashboard",
            ))
        owner_ids_query = (db.session.query(Dashboard.id).join(
            Dashboard.owners).filter(
                security_manager.user_model.id ==
                security_manager.user_model.get_user_id()))

        query = query.filter(
            or_(
                Dashboard.id.in_(owner_ids_query),
                Dashboard.id.in_(published_dash_query),
                Dashboard.id.in_(users_favorite_dash_query),
            ))

        return query
Пример #9
0
 def apply(self, query, func):
     if security_manager.all_datasource_access():
         return query
     perms = self.get_view_menus("datasource_access")
     # TODO(bogdan): add `schema_access` support here
     return query.filter(self.model.perm.in_(perms))
Пример #10
0
 def apply(self, query, func):  # noqa
     if security_manager.all_datasource_access():
         return query
     perms = self.get_view_menus('datasource_access')
     # TODO(bogdan): add `schema_access` support here
     return query.filter(self.model.perm.in_(perms))