feat: SavedQuery REST API for bulk delete and new API fields (#10793)

* feat: SavedQuery REST API for bulk delete * fix, singular msg and test * remove 403 from OpenAPI spec * filter by current user using created_by add sql_tables field * fixes for new filter, add user field on pre_update, pre_add * add lru cache to property * Revert "add lru cache to property" This reverts commit ad0d942
apache · Sep 11, 2020 · 136f90f · 136f90f
1 parent a3e2e65
commit 136f90f
Show file tree

Hide file tree

Showing 12 changed files with 527 additions and 136 deletions.
diff --git a/superset/app.py b/superset/app.py
@@ -143,7 +143,7 @@ def init_views(self) -> None:
         from superset.databases.api import DatabaseRestApi
         from superset.datasets.api import DatasetRestApi
         from superset.queries.api import QueryRestApi
-        from superset.queries.savedqueries.api import SavedQueryRestApi
+        from superset.queries.saved_queries.api import SavedQueryRestApi
         from superset.views.access_requests import AccessRequestsModelView
         from superset.views.alerts import (
             AlertLogModelView,

diff --git a/superset/models/sql_lab.py b/superset/models/sql_lab.py
@@ -17,7 +17,7 @@
 """A collection of ORM sqlalchemy models for SQL Lab"""
 import re
 from datetime import datetime
-from typing import Any, Dict
+from typing import Any, Dict, List
 
 import simplejson as json
 import sqlalchemy as sqla
@@ -39,7 +39,7 @@
 from superset import security_manager
 from superset.models.helpers import AuditMixinNullable, ExtraJSONMixin
 from superset.models.tags import QueryUpdater
-from superset.sql_parse import CtasMethod
+from superset.sql_parse import CtasMethod, ParsedQuery, Table
 from superset.utils.core import QueryStatus, user_label
 
 
@@ -203,6 +203,10 @@ def sqlalchemy_uri(self) -> URL:
     def url(self) -> str:
         return "/superset/sqllab?savedQueryId={0}".format(self.id)
 
+    @property
+    def sql_tables(self) -> List[Table]:
+        return list(ParsedQuery(self.sql).tables)
+
 
 class TabState(Model, AuditMixinNullable, ExtraJSONMixin):
 

diff --git a/superset/queries/savedqueries/__init__.py → superset/queries/saved_queries/__init__.py b/superset/queries/savedqueries/__init__.py → superset/queries/saved_queries/__init__.py
diff --git a/superset/queries/saved_queries/api.py b/superset/queries/saved_queries/api.py
@@ -0,0 +1,168 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+import logging
+from typing import Any
+
+from flask import g, Response
+from flask_appbuilder.api import expose, protect, rison, safe
+from flask_appbuilder.models.sqla.interface import SQLAInterface
+from flask_babel import ngettext
+
+from superset.constants import RouteMethod
+from superset.databases.filters import DatabaseFilter
+from superset.models.sql_lab import SavedQuery
+from superset.queries.saved_queries.commands.bulk_delete import (
+    BulkDeleteSavedQueryCommand,
+)
+from superset.queries.saved_queries.commands.exceptions import (
+    SavedQueryBulkDeleteFailedError,
+    SavedQueryNotFoundError,
+)
+from superset.queries.saved_queries.filters import SavedQueryFilter
+from superset.queries.saved_queries.schemas import (
+    get_delete_ids_schema,
+    openapi_spec_methods_override,
+)
+from superset.views.base_api import BaseSupersetModelRestApi, statsd_metrics
+
+logger = logging.getLogger(__name__)
+
+
+class SavedQueryRestApi(BaseSupersetModelRestApi):
+    datamodel = SQLAInterface(SavedQuery)
+
+    include_route_methods = RouteMethod.REST_MODEL_VIEW_CRUD_SET | {
+        RouteMethod.RELATED,
+        RouteMethod.DISTINCT,
+        "bulk_delete",  # not using RouteMethod since locally defined
+    }
+    class_permission_name = "SavedQueryView"
+    resource_name = "saved_query"
+    allow_browser_login = True
+
+    base_filters = [["id", SavedQueryFilter, lambda: []]]
+
+    show_columns = [
+        "created_by.first_name",
+        "created_by.id",
+        "created_by.last_name",
+        "database.database_name",
+        "database.id",
+        "description",
+        "id",
+        "label",
+        "schema",
+        "sql",
+        "sql_tables",
+    ]
+    list_columns = [
+        "created_by.first_name",
+        "created_by.id",
+        "created_by.last_name",
+        "database.database_name",
+        "database.id",
+        "db_id",
+        "description",
+        "label",
+        "schema",
+        "sql",
+        "sql_tables",
+    ]
+    add_columns = ["db_id", "description", "label", "schema", "sql"]
+    edit_columns = add_columns
+    order_columns = [
+        "schema",
+        "label",
+        "description",
+        "sql",
+        "created_by.first_name",
+        "database.database_name",
+    ]
+
+    apispec_parameter_schemas = {
+        "get_delete_ids_schema": get_delete_ids_schema,
+    }
+    openapi_spec_tag = "Queries"
+    openapi_spec_methods = openapi_spec_methods_override
+
+    related_field_filters = {
+        "database": "database_name",
+    }
+    filter_rel_fields = {"database": [["id", DatabaseFilter, lambda: []]]}
+    allowed_rel_fields = {"database"}
+    allowed_distinct_fields = {"schema"}
+
+    def pre_add(self, item: SavedQuery) -> None:
+        item.user = g.user
+
+    def pre_update(self, item: SavedQuery) -> None:
+        self.pre_add(item)
+
+    @expose("/", methods=["DELETE"])
+    @protect()
+    @safe
+    @statsd_metrics
+    @rison(get_delete_ids_schema)
+    def bulk_delete(
+        self, **kwargs: Any
+    ) -> Response:  # pylint: disable=arguments-differ
+        """Delete bulk Saved Queries
+        ---
+        delete:
+          description: >-
+            Deletes multiple saved queries in a bulk operation.
+          parameters:
+          - in: query
+            name: q
+            content:
+              application/json:
+                schema:
+                  $ref: '#/components/schemas/get_delete_ids_schema'
+          responses:
+            200:
+              description: Saved queries bulk delete
+              content:
+                application/json:
+                  schema:
+                    type: object
+                    properties:
+                      message:
+                        type: string
+            401:
+              $ref: '#/components/responses/401'
+            404:
+              $ref: '#/components/responses/404'
+            422:
+              $ref: '#/components/responses/422'
+            500:
+              $ref: '#/components/responses/500'
+        """
+        item_ids = kwargs["rison"]
+        try:
+            BulkDeleteSavedQueryCommand(g.user, item_ids).run()
+            return self.response(
+                200,
+                message=ngettext(
+                    "Deleted %(num)d saved query",
+                    "Deleted %(num)d saved queries",
+                    num=len(item_ids),
+                ),
+            )
+        except SavedQueryNotFoundError:
+            return self.response_404()
+        except SavedQueryBulkDeleteFailedError as ex:
+            return self.response_422(message=str(ex))
diff --git a/superset/queries/saved_queries/commands/__init__.py b/superset/queries/saved_queries/commands/__init__.py
@@ -0,0 +1,16 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
diff --git a/superset/queries/saved_queries/commands/bulk_delete.py b/superset/queries/saved_queries/commands/bulk_delete.py
@@ -0,0 +1,53 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+import logging
+from typing import List, Optional
+
+from flask_appbuilder.security.sqla.models import User
+
+from superset.commands.base import BaseCommand
+from superset.dao.exceptions import DAODeleteFailedError
+from superset.models.dashboard import Dashboard
+from superset.queries.saved_queries.commands.exceptions import (
+    SavedQueryBulkDeleteFailedError,
+    SavedQueryNotFoundError,
+)
+from superset.queries.saved_queries.dao import SavedQueryDAO
+
+logger = logging.getLogger(__name__)
+
+
+class BulkDeleteSavedQueryCommand(BaseCommand):
+    def __init__(self, user: User, model_ids: List[int]):
+        self._actor = user
+        self._model_ids = model_ids
+        self._models: Optional[List[Dashboard]] = None
+
+    def run(self) -> None:
+        self.validate()
+        try:
+            SavedQueryDAO.bulk_delete(self._models)
+            return None
+        except DAODeleteFailedError as ex:
+            logger.exception(ex.exception)
+            raise SavedQueryBulkDeleteFailedError()
+
+    def validate(self) -> None:
+        # Validate/populate model exists
+        self._models = SavedQueryDAO.find_by_ids(self._model_ids)
+        if not self._models or len(self._models) != len(self._model_ids):
+            raise SavedQueryNotFoundError()
diff --git a/superset/queries/saved_queries/commands/exceptions.py b/superset/queries/saved_queries/commands/exceptions.py
@@ -0,0 +1,27 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from flask_babel import lazy_gettext as _
+
+from superset.commands.exceptions import CommandException, DeleteFailedError
+
+
+class SavedQueryBulkDeleteFailedError(DeleteFailedError):
+    message = _("Saved queries could not be deleted.")
+
+
+class SavedQueryNotFoundError(CommandException):
+    message = _("Saved query not found.")
diff --git a/superset/queries/saved_queries/dao.py b/superset/queries/saved_queries/dao.py
@@ -0,0 +1,47 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+import logging
+from typing import List, Optional
+
+from sqlalchemy.exc import SQLAlchemyError
+
+from superset.dao.base import BaseDAO
+from superset.dao.exceptions import DAODeleteFailedError
+from superset.extensions import db
+from superset.models.sql_lab import SavedQuery
+from superset.queries.saved_queries.filters import SavedQueryFilter
+
+logger = logging.getLogger(__name__)
+
+
+class SavedQueryDAO(BaseDAO):
+    model_cls = SavedQuery
+    base_filter = SavedQueryFilter
+
+    @staticmethod
+    def bulk_delete(models: Optional[List[SavedQuery]], commit: bool = True) -> None:
+        item_ids = [model.id for model in models] if models else []
+        try:
+            db.session.query(SavedQuery).filter(SavedQuery.id.in_(item_ids)).delete(
+                synchronize_session="fetch"
+            )
+            if commit:
+                db.session.commit()
+        except SQLAlchemyError:
+            if commit:
+                db.session.rollback()
+            raise DAODeleteFailedError()
diff --git a/superset/queries/saved_queries/filters.py b/superset/queries/saved_queries/filters.py
@@ -0,0 +1,35 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+from typing import Any
+
+from flask import g
+from flask_sqlalchemy import BaseQuery
+
+from superset.models.sql_lab import SavedQuery
+from superset.views.base import BaseFilter
+
+
+class SavedQueryFilter(BaseFilter):  # pylint: disable=too-few-public-methods
+    def apply(self, query: BaseQuery, value: Any) -> BaseQuery:
+        """
+        Filter saved queries to only those created by current user.
+
+        :returns: flask-sqlalchemy query
+        """
+        return query.filter(
+            SavedQuery.created_by == g.user  # pylint: disable=comparison-with-callable
+        )