Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Remove redundant has_access definition in superset #4689

Merged
merged 2 commits into from
Mar 30, 2018
Merged

Remove redundant has_access definition in superset #4689

merged 2 commits into from
Mar 30, 2018

Conversation

timifasubaa
Copy link
Contributor

@timifasubaa timifasubaa commented Mar 25, 2018
edited by john-bodley
Loading

This is a follow-up PR to #4565. It removes the has_access from superset since it is defined in FAB here.
The only difference is the next parameter in the url_for function. I have tested it and I doubt it will cause any issues.

@john-bodley @mistercrunch

@timifasubaa timifasubaa force-pushed the move_has_access_to_superset_security_manager branch 4 times, most recently from 5dc0031 to ca3b0d0 Compare March 28, 2018 00:33
@codecov-io
Copy link

codecov-io commented Mar 28, 2018
edited
Loading

Codecov Report

Merging #4689 into master will decrease coverage by 0.02%.
The diff coverage is 100%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master    #4689      +/-   ##
==========================================
- Coverage   71.87%   71.85%   -0.03%     
==========================================
  Files         204      204              
  Lines       15323    15308      -15     
  Branches     1177     1177              
==========================================
- Hits        11014    11000      -14     
+ Misses       4306     4305       -1     
  Partials        3        3
Impacted Files Coverage Δ
superset/connectors/sqla/views.py 71.56% <100%> (ø) ⬆️
superset/utils.py 88.05% <100%> (-0.17%) ⬇️
superset/connectors/druid/views.py 68.02% <100%> (ø) ⬆️
superset/views/core.py 71.17% <100%> (ø) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update f952ec2...4cd17c1. Read the comment docs.

@timifasubaa timifasubaa changed the title [WiP] Move has access to superset security manager Move has access to superset security manager Mar 28, 2018
@timifasubaa timifasubaa force-pushed the move_has_access_to_superset_security_manager branch from ca3b0d0 to 48a95c4 Compare March 28, 2018 22:52
mistercrunch
mistercrunch reviewed Mar 29, 2018
View reviewed changes
superset/security.py Outdated
@@ -92,6 +99,42 @@ def can_access(self, permission_name, view_name, user=None):
return self.is_item_public(permission_name, view_name)
return self._has_view_access(user, permission_name, view_name)

def has_method_access(self, f):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It might just be me but I don't like the idea of a decorator as a class method. It's probably ok though. I guess decorators are already complex in terms of what's inside them, external context make it more of a stretch.

mistercrunch
mistercrunch reviewed Mar 29, 2018
View reviewed changes
superset/security.py Outdated
return redirect(
url_for(
security_manager.auth_view.__class__.__name__ + '.login',
next=request.full_path))
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looked it up and the only difference from the orignal is this one line

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked here (http://flask-appbuilder.readthedocs.io/en/latest/_modules/flask_appbuilder/security/manager.html) and all the has_access methods are pretty different from what is in this method.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ohhh. my bad. Here it is (http://flask-appbuilder.readthedocs.io/en/latest/_modules/flask_appbuilder/security/decorators.html#has_access)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will test things out using the default one and if that's fine, I will change this PR to removing the method

mistercrunch
mistercrunch reviewed Mar 29, 2018
View reviewed changes
superset/security.py Outdated
permission_str = f.__name__

def wraps(self, *args, **kwargs):
from superset import security_manager
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I guess I'm making an argument against my previous comment, but isn't self == security_manager here?

mistercrunch
mistercrunch reviewed Mar 29, 2018
View reviewed changes
superset/security.py Outdated
from superset import security_manager
permission_str = PERMISSION_PREFIX + f._permission_name
if security_manager.has_access(permission_str,
self.__class__.__name__):
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actually this is fairly confusing as there are two layers of self here. self here points to the SupersetView class, and the one in the frame above it points to superset.security_manager

@timifasubaa timifasubaa force-pushed the move_has_access_to_superset_security_manager branch 2 times, most recently from 59fd375 to 5c8b498 Compare March 29, 2018 06:27
@timifasubaa timifasubaa force-pushed the move_has_access_to_superset_security_manager branch from 5c8b498 to 4cd17c1 Compare March 29, 2018 18:46
timifasubaa
timifasubaa commented Mar 29, 2018
View reviewed changes
Copy link
Contributor Author

@timifasubaa timifasubaa left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I changed this PR to remove the has_access function defined in superset.
I'm now concerned if the next=?? line could potentially cause an error in edge cases I'm not thinking about. But all tests pass and I have accessed some of the endpoints wrapped by has_access successfully.

superset/security.py Outdated
return redirect(
url_for(
security_manager.auth_view.__class__.__name__ + '.login',
next=request.full_path))
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked here (http://flask-appbuilder.readthedocs.io/en/latest/_modules/flask_appbuilder/security/manager.html) and all the has_access methods are pretty different from what is in this method.

superset/security.py Outdated
return redirect(
url_for(
security_manager.auth_view.__class__.__name__ + '.login',
next=request.full_path))
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ohhh. my bad. Here it is (http://flask-appbuilder.readthedocs.io/en/latest/_modules/flask_appbuilder/security/decorators.html#has_access)

superset/security.py Outdated
return redirect(
url_for(
security_manager.auth_view.__class__.__name__ + '.login',
next=request.full_path))
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I will test things out using the default one and if that's fine, I will change this PR to removing the method

@timifasubaa timifasubaa changed the title Move has access to superset security manager Remove redundant has_access definition in superset Mar 29, 2018
fabianmenges
fabianmenges approved these changes Mar 30, 2018
View reviewed changes
Copy link
Contributor

@fabianmenges fabianmenges left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice, some cleanup. This should work for us.

@john-bodley
Copy link
Member

I'm all for code cleanup/refactoring.

@john-bodley john-bodley merged commit e25535c into apache:master Mar 30, 2018
michellethomas pushed a commit to michellethomas/panoramix that referenced this pull request May 24, 2018
@timifasubaa @michellethomas
Remove redundant has_access definition in superset (apache#4689)
fcbc964 
* update has_access to has_method_access

* move has_access to sm and rename to has_method_access
wenchma pushed a commit to wenchma/incubator-superset that referenced this pull request Nov 16, 2018
@timifasubaa @john-bodley
Remove redundant has_access definition in superset (apache#4689)
4a3ff25 
* update has_access to has_method_access

* move has_access to sm and rename to has_method_access
@mistercrunch mistercrunch added 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 0.25.0 labels Feb 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mistercrunch mistercrunch mistercrunch left review comments

@fabianmenges fabianmenges fabianmenges approved these changes

Assignees
No one assigned
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 0.25.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@timifasubaa @codecov-io @john-bodley @mistercrunch @fabianmenges