-
Notifications
You must be signed in to change notification settings - Fork 14k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: SQLLab role permissions #14372
fix: SQLLab role permissions #14372
Conversation
Codecov Report
@@ Coverage Diff @@
## master #14372 +/- ##
==========================================
- Coverage 77.12% 76.88% -0.24%
==========================================
Files 954 954
Lines 48158 48159 +1
Branches 5991 5991
==========================================
- Hits 37140 37026 -114
- Misses 10821 10936 +115
Partials 197 197
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
and pvm.permission.name == "can_list" | ||
) | ||
) | ||
return (pvm.permission.name, pvm.view_menu.name) in self.SQLLAB_PERMISSION_VIEWS |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It appears that this removes self.USER_MODEL_VIEWS
can_list
permission - am I misreading?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You're not, I could not find any valid reason for this permission. My guess is that it's a left over from the old Query History view, that view was populating a user dropdown list.
We now use: /api/v1/query/related/user
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
* master: (38 commits) refactor(native-filters): allow cascading only for filter_select (apache#14441) test(maximize-chart): Add tests to maximize chart action (apache#14371) fix: fixing mysql error message (apache#14416) feat: Logic added to limiting factor column in Query model (apache#13521) change relationship (apache#14435) fix: bootstrap data permissions (apache#14348) fix: parse simple string error message values (apache#14360) chore: add stack trace to all calls of logger.error (apache#14382) update README with new docs and recordings (apache#14432) Renamed impyla from implya in impala.mdx and Renamed PIP package impyla from impala in index.mdx (apache#14425) fix(native-filters): fix filter scope error (apache#14426) feat: Adding limiting_factor column to Query model (apache#14234) feat: Add etag caching to dashboard APIs (apache#14357) chore: Moves Card to the components folder (apache#14139) feat: Dynamic imports for the Icons component (apache#14318) feat: Support env vars configuration for WebSocket server (apache#14398) fix: SQLLab role permissions (apache#14372) fix(native-filters): always show filters without dataset (apache#14409) fix error getting partitionQuery from table.partition (apache#14369) refactor: Boostrap to AntD - Tabs (apache#14048) ...
* fix: SQLLab role permissions * add missing perm * fix tests * fix security test * fix security test * fix tests
SUMMARY
Fixes SQLLab role permissions, missing access to fetching database function names. Opted for declaring explicitly the necessary permissions that make up SQLLab role.
Previously a user with SQLLab role (could be Gamma + SQLLab), would see the following toast:
ADDITIONAL INFORMATION