feat: new config to filter specific users from dropdown lists

superset/charts/api.py

@@ -80,7 +80,7 @@
     requires_json,
     statsd_metrics,
 )
-from superset.views.filters import FilterRelatedOwners
+from superset.views.filters import BaseFilterRelatedUsers, FilterRelatedOwners
 
 logger = logging.getLogger(__name__)
 config = app.config
@@ -234,7 +234,10 @@ def ensure_thumbnails_enabled(self) -> Optional[Response]:
         "slices": ("slice_name", "asc"),
         "owners": ("first_name", "asc"),
     }
-
+    filter_rel_fields = {
+        "owners": [["id", BaseFilterRelatedUsers, lambda: []]],
+        "created_by": [["id", BaseFilterRelatedUsers, lambda: []]],
+    }
     related_field_filters = {
         "owners": RelatedFieldFilter("first_name", FilterRelatedOwners),
         "created_by": RelatedFieldFilter("first_name", FilterRelatedOwners),

superset/config.py

@@ -1099,6 +1099,11 @@ def EMAIL_HEADER_MUTATOR(  # pylint: disable=invalid-name,unused-argument
     return msg
 
 
+# Define a list of usernames to be excluded from all dropdown lists of users
+# Owners, filters for created_by, etc.
+EXCLUDE_USER_USERNAMES: List[str] = []
+
+
 # This auth provider is used by background (offline) tasks that need to access
 # protected resources. Can be overridden by end users in order to support
 # custom auth mechanisms

superset/dashboards/api.py

@@ -94,7 +94,7 @@
     requires_json,
     statsd_metrics,
 )
-from superset.views.filters import FilterRelatedOwners
+from superset.views.filters import BaseFilterRelatedUsers, FilterRelatedOwners
 
 logger = logging.getLogger(__name__)
 
@@ -240,6 +240,10 @@ def ensure_thumbnails_enabled(self) -> Optional[Response]:
         "owners": ("first_name", "asc"),
         "roles": ("name", "asc"),
     }
+    filter_rel_fields = {
+        "owners": [["id", BaseFilterRelatedUsers, lambda: []]],
+        "created_by": [["id", BaseFilterRelatedUsers, lambda: []]],
+    }
     related_field_filters = {
         "owners": RelatedFieldFilter("first_name", FilterRelatedOwners),
         "roles": RelatedFieldFilter("name", FilterRelatedRoles),

superset/datasets/api.py

@@ -71,7 +71,7 @@
     requires_json,
     statsd_metrics,
 )
-from superset.views.filters import FilterRelatedOwners
+from superset.views.filters import BaseFilterRelatedUsers, FilterRelatedOwners
 
 logger = logging.getLogger(__name__)
 
@@ -214,6 +214,11 @@ class DatasetRestApi(BaseSupersetModelRestApi):
         "extra",
     ]
     openapi_spec_tag = "Datasets"
+
+    filter_rel_fields = {
+        "owners": [["id", BaseFilterRelatedUsers, lambda: []]],
+        "database": [["id", DatabaseFilter, lambda: []]],
+    }
     related_field_filters = {
         "owners": RelatedFieldFilter("first_name", FilterRelatedOwners),
         "database": "database_name",
@@ -223,7 +228,6 @@ class DatasetRestApi(BaseSupersetModelRestApi):
         "id": [DatasetCertifiedFilter],
     }
     search_columns = ["id", "database", "owners", "schema", "sql", "table_name"]
-    filter_rel_fields = {"database": [["id", DatabaseFilter, lambda: []]]}
     allowed_rel_fields = {"database", "owners"}
     allowed_distinct_fields = {"schema"}
 

superset/queries/api.py

@@ -24,7 +24,7 @@
 from superset.queries.filters import QueryFilter
 from superset.queries.schemas import openapi_spec_methods_override, QuerySchema
 from superset.views.base_api import BaseSupersetModelRestApi, RelatedFieldFilter
-from superset.views.filters import FilterRelatedOwners
+from superset.views.filters import BaseFilterRelatedUsers, FilterRelatedOwners
 
 logger = logging.getLogger(__name__)
 
@@ -109,7 +109,10 @@ class QueryRestApi(BaseSupersetModelRestApi):
         "tab_name",
         "user.first_name",
     ]
-
+    filter_rel_fields = {
+        "created_by": [["id", BaseFilterRelatedUsers, lambda: []]],
+        "user": [["id", BaseFilterRelatedUsers, lambda: []]],
+    }
     related_field_filters = {
         "created_by": RelatedFieldFilter("first_name", FilterRelatedOwners),
         "user": RelatedFieldFilter("first_name", FilterRelatedOwners),

superset/reports/api.py

@@ -57,7 +57,7 @@
     requires_json,
     statsd_metrics,
 )
-from superset.views.filters import FilterRelatedOwners
+from superset.views.filters import BaseFilterRelatedUsers, FilterRelatedOwners
 
 logger = logging.getLogger(__name__)
 
@@ -204,10 +204,13 @@ def ensure_alert_reports_enabled(self) -> Optional[Response]:
     ]
     search_filters = {"name": [ReportScheduleAllTextFilter]}
     allowed_rel_fields = {"owners", "chart", "dashboard", "database", "created_by"}
+
     filter_rel_fields = {
         "chart": [["id", ChartFilter, lambda: []]],
         "dashboard": [["id", DashboardAccessFilter, lambda: []]],
         "database": [["id", DatabaseFilter, lambda: []]],
+        "owners": [["id", BaseFilterRelatedUsers, lambda: []]],
+        "created_by": [["id", BaseFilterRelatedUsers, lambda: []]],
     }
     text_field_rel_fields = {
         "dashboard": "dashboard_title",

superset/views/filters.py

@@ -14,15 +14,19 @@
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
+import logging
 from typing import Any, cast, Optional
 
+from flask import current_app
 from flask_appbuilder.models.filters import BaseFilter
 from flask_babel import lazy_gettext
-from sqlalchemy import or_
+from sqlalchemy import and_, or_
 from sqlalchemy.orm import Query
 
 from superset import security_manager
 
+logger = logging.getLogger(__name__)
+
 
 class FilterRelatedOwners(BaseFilter):  # pylint: disable=too-few-public-methods
 
@@ -48,3 +52,30 @@ def apply(self, query: Query, value: Optional[Any]) -> Query:
                 user_model.username.ilike(like_value),
             )
         )
+
+
+class BaseFilterRelatedUsers(BaseFilter):  # pylint: disable=too-few-public-methods
+
+    """
+    Filter to apply on related users. Will exclude users in EXCLUDE_USER_USERNAMES
+
+    Use in the api by adding something like:
+    ```
+    filter_rel_fields = {
+        "owners": [["id", BaseFilterRelatedUsers, lambda: []]],
+        "created_by": [["id", BaseFilterRelatedUsers, lambda: []]],
+    }
+    ```
+    """
+
+    name = lazy_gettext("username")
+    arg_name = "username"
+
+    def apply(self, query: Query, value: Optional[Any]) -> Query:
+        user_model = security_manager.user_model
+        query_ = query.filter(
+            and_(
+                user_model.username.not_in(current_app.config["EXCLUDE_USER_USERNAMES"])
+            )
+        )
+        return query_

tests/integration_tests/base_api_tests.py

@@ -288,6 +288,30 @@ def test_get_filter_related_owners(self):
         # TODO Check me
         assert expected_results == sorted_results
 
+    def test_get_base_filter_related_owners(self):
+        """
+        API: Test get base filter related owners
+        """
+        self.login(username="admin")
+        uri = f"api/v1/{self.resource_name}/related/owners"
+        self.app.config["EXCLUDE_USER_USERNAMES"] = ["gamma"]
+        gamma_user = (
+            db.session.query(security_manager.user_model)
+            .filter(security_manager.user_model.username == "gamma")
+            .one_or_none()
+        )
+        assert gamma_user is not None
+        users = db.session.query(security_manager.user_model).all()
+
+        rv = self.client.get(uri)
+        assert rv.status_code == 200
+        response = json.loads(rv.data.decode("utf-8"))
+        assert response["count"] == len(users) - 1
+        response_users = [result["text"] for result in response["result"]]
+        assert "gamma user" not in response_users
+        # revert the config change
+        self.app.config["EXCLUDE_USER_USERNAMES"] = []
+
     def test_get_ids_related_owners(self):
         """
         API: Test get filter related owners