fix: load examples as anon user (#23600)

apache · Jun 8, 2023 · 3d4ab29 · 3d4ab29
1 parent 7e23738
commit 3d4ab29
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 19 deletions.
diff --git a/superset/charts/commands/importers/v1/utils.py b/superset/charts/commands/importers/v1/utils.py
@@ -27,9 +27,12 @@
 
 
 def import_chart(
-    session: Session, config: Dict[str, Any], overwrite: bool = False
+    session: Session,
+    config: Dict[str, Any],
+    overwrite: bool = False,
+    ignore_permissions: bool = False,
 ) -> Slice:
-    can_write = security_manager.can_access("can_write", "Chart")
+    can_write = ignore_permissions or security_manager.can_access("can_write", "Chart")
     existing = session.query(Slice).filter_by(uuid=config["uuid"]).first()
     if existing:
         if not overwrite or not can_write:

diff --git a/superset/commands/importers/v1/examples.py b/superset/commands/importers/v1/examples.py
@@ -21,7 +21,7 @@
 from sqlalchemy.orm.exc import MultipleResultsFound
 from sqlalchemy.sql import select
 
-from superset import db, security_manager
+from superset import db
 from superset.charts.commands.importers.v1 import ImportChartsCommand
 from superset.charts.commands.importers.v1.utils import import_chart
 from superset.charts.schemas import ImportV1ChartSchema
@@ -42,7 +42,7 @@
 from superset.datasets.commands.importers.v1.utils import import_dataset
 from superset.datasets.schemas import ImportV1DatasetSchema
 from superset.models.dashboard import dashboard_slices
-from superset.utils.core import get_example_default_schema, override_user
+from superset.utils.core import get_example_default_schema
 from superset.utils.database import get_example_database
 
 
@@ -69,13 +69,12 @@ def run(self) -> None:
 
         # rollback to prevent partial imports
         try:
-            with override_user(security_manager.find_user(username="admin")):
-                self._import(
-                    db.session,
-                    self._configs,
-                    self.overwrite,
-                    self.force_data,
-                )
+            self._import(
+                db.session,
+                self._configs,
+                self.overwrite,
+                self.force_data,
+            )
             db.session.commit()
         except Exception as ex:
             db.session.rollback()
@@ -102,7 +101,12 @@ def _import(  # pylint: disable=arguments-differ, too-many-locals, too-many-bran
         database_ids: Dict[str, int] = {}
         for file_name, config in configs.items():
             if file_name.startswith("databases/"):
-                database = import_database(session, config, overwrite=overwrite)
+                database = import_database(
+                    session,
+                    config,
+                    overwrite=overwrite,
+                    ignore_permissions=True,
+                )
                 database_ids[str(database.uuid)] = database.id
 
         # import datasets
@@ -131,9 +135,10 @@ def _import(  # pylint: disable=arguments-differ, too-many-locals, too-many-bran
                         config,
                         overwrite=overwrite,
                         force_data=force_data,
+                        ignore_permissions=True,
                     )
                 except MultipleResultsFound:
-                    # Multiple result can be found for datasets. There was a bug in
+                    # Multiple results can be found for datasets. There was a bug in
                     # load-examples that resulted in datasets being loaded with a NULL
                     # schema. Users could then add a new dataset with the same name in
                     # the correct schema, resulting in duplicates, since the uniqueness
@@ -156,7 +161,12 @@ def _import(  # pylint: disable=arguments-differ, too-many-locals, too-many-bran
             ):
                 # update datasource id, type, and name
                 config.update(dataset_info[config["dataset_uuid"]])
-                chart = import_chart(session, config, overwrite=overwrite)
+                chart = import_chart(
+                    session,
+                    config,
+                    overwrite=overwrite,
+                    ignore_permissions=True,
+                )
                 chart_ids[str(chart.uuid)] = chart.id
 
         # store the existing relationship between dashboards and charts
@@ -173,7 +183,12 @@ def _import(  # pylint: disable=arguments-differ, too-many-locals, too-many-bran
                 except KeyError:
                     continue
 
-                dashboard = import_dashboard(session, config, overwrite=overwrite)
+                dashboard = import_dashboard(
+                    session,
+                    config,
+                    overwrite=overwrite,
+                    ignore_permissions=True,
+                )
                 dashboard.published = True
 
                 for uuid in find_chart_uuids(config["position"]):

diff --git a/superset/dashboards/commands/importers/v1/utils.py b/superset/dashboards/commands/importers/v1/utils.py
@@ -146,9 +146,15 @@ def update_id_refs(  # pylint: disable=too-many-locals
 
 
 def import_dashboard(
-    session: Session, config: Dict[str, Any], overwrite: bool = False
+    session: Session,
+    config: Dict[str, Any],
+    overwrite: bool = False,
+    ignore_permissions: bool = False,
 ) -> Dashboard:
-    can_write = security_manager.can_access("can_write", "Dashboard")
+    can_write = ignore_permissions or security_manager.can_access(
+        "can_write",
+        "Dashboard",
+    )
     existing = session.query(Dashboard).filter_by(uuid=config["uuid"]).first()
     if existing:
         if not overwrite or not can_write:

diff --git a/superset/databases/commands/importers/v1/utils.py b/superset/databases/commands/importers/v1/utils.py
@@ -29,8 +29,12 @@ def import_database(
     session: Session,
     config: Dict[str, Any],
     overwrite: bool = False,
+    ignore_permissions: bool = False,
 ) -> Database:
-    can_write = security_manager.can_access("can_write", "Database")
+    can_write = ignore_permissions or security_manager.can_access(
+        "can_write",
+        "Database",
+    )
     existing = session.query(Database).filter_by(uuid=config["uuid"]).first()
     if existing:
         if not overwrite or not can_write:

diff --git a/superset/datasets/commands/importers/v1/utils.py b/superset/datasets/commands/importers/v1/utils.py
@@ -105,8 +105,12 @@ def import_dataset(
     config: Dict[str, Any],
     overwrite: bool = False,
     force_data: bool = False,
+    ignore_permissions: bool = False,
 ) -> SqlaTable:
-    can_write = security_manager.can_access("can_write", "Dataset")
+    can_write = ignore_permissions or security_manager.can_access(
+        "can_write",
+        "Dataset",
+    )
     existing = session.query(SqlaTable).filter_by(uuid=config["uuid"]).first()
     if existing:
         if not overwrite or not can_write: