Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix SQL Lab schema permission checks #9756

Merged
merged 1 commit into from
May 8, 2020
Merged

Fix SQL Lab schema permission checks #9756

merged 1 commit into from
May 8, 2020

Conversation

bkyryliuk
Copy link
Member

CATEGORY

Choose one

  • Bug Fix

SUMMARY

Fixes #9754
Schema permission checks on the table in the sqllab
Also this change adds the unit tests to prevent future regressions.

TEST PLAN

[x] unit tests
[x] local test
[ ] dropbox staging - TBD

ADDITIONAL INFORMATION

  • Has associated issue:

REVIEWERS

@john-bodley

@codecov-io
Copy link

codecov-io commented May 6, 2020
edited
Loading

Codecov Report

Merging #9756 into master will decrease coverage by 16.71%.
The diff coverage is n/a.

Impacted file tree graph

@@             Coverage Diff             @@
##           master    #9756       +/-   ##
===========================================
- Coverage   70.49%   53.78%   -16.72%     
===========================================
  Files         402      352       -50     
  Lines       12564    11232     -1332     
  Branches     3112     2782      -330     
===========================================
- Hits         8857     6041     -2816     
- Misses       3593     5011     +1418     
- Partials      114      180       +66
Flag Coverage Δ
#cypress 53.78% <ø> (+0.19%) ⬆️
#javascript ?
Impacted Files Coverage Δ
...uperset-frontend/src/dashboard/util/dnd-reorder.js 0.00% <0.00%> (-100.00%) ⬇️
.../src/dashboard/util/getFilterScopeFromNodesTree.js 0.00% <0.00%> (-93.19%) ⬇️
.../src/dashboard/components/FilterIndicatorGroup.jsx 11.76% <0.00%> (-88.24%) ⬇️
...c/explore/components/controls/withVerification.jsx 9.09% <0.00%> (-87.88%) ⬇️
...src/dashboard/components/gridComponents/Header.jsx 10.52% <0.00%> (-86.85%) ⬇️
...rc/dashboard/components/gridComponents/Divider.jsx 13.33% <0.00%> (-86.67%) ⬇️
...c/dashboard/components/gridComponents/Markdown.jsx 6.59% <0.00%> (-82.42%) ⬇️
...uperset-frontend/src/utils/getClientErrorObject.ts 0.00% <0.00%> (-82.15%) ⬇️
superset-frontend/src/components/Link.tsx 7.69% <0.00%> (-79.81%) ⬇️
...et-frontend/src/SqlLab/components/TableElement.jsx 4.59% <0.00%> (-78.17%) ⬇️
... and 185 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 865a909...18d2967. Read the comment docs.

@bkyryliuk bkyryliuk force-pushed the bogdan/fix_schema_perm branch 3 times, most recently from ae926df to 9d947a0 Compare May 6, 2020 19:48
@mistercrunch mistercrunch added .security !deprecated-label:bug Deprecated label - Use #bug instead labels May 6, 2020
john-bodley
john-bodley reviewed May 6, 2020
View reviewed changes
superset/security/manager.py Outdated
query = sql_parse.ParsedQuery(sql)

return {
table
for table in query.tables
if not self.can_access_datasource(database, table, schema)
if not self.can_access_datasource(database, table, table.schema or schema)
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if this line should be reverted, i.e., the schema is the fallback schema per the docstring and can_access_datasource should be changed to be,

schema_perm = self.get_schema_perm(database, table.schema or schema)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@john-bodley good point, that is more appropriate place. updated the PR.

@bkyryliuk bkyryliuk force-pushed the bogdan/fix_schema_perm branch 4 times, most recently from 056d694 to 18d2967 Compare May 6, 2020 22:35
@pull-request-size pull-request-size bot added size/L and removed size/M labels May 6, 2020
john-bodley
john-bodley approved these changes May 6, 2020
View reviewed changes
Copy link
Member

@john-bodley john-bodley left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM. Thanks for adding the tests.

@bkyryliuk
Copy link
Member Author

@john-bodley could you merge it, I am still waiting on getting the rights

@john-bodley john-bodley merged commit 903217f into apache:master May 8, 2020
@mistercrunch mistercrunch added 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 0.37.0 labels Feb 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@john-bodley john-bodley john-bodley approved these changes

Assignees
No one assigned
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels !deprecated-label:bug Deprecated label - Use #bug instead size/L 🚢 0.37.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Schema permissions are not working in sqllab
5 participants
@bkyryliuk @codecov-io @john-bodley @mistercrunch @bogdan-dbx