fix: bootstrap data permissions (apache#14348)

preset-io · Apr 30, 2021 · b4e527a · b4e527a
1 parent b147fa8
commit b4e527a
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 15 deletions.
diff --git a/requirements/base.txt b/requirements/base.txt
@@ -66,7 +66,7 @@ dnspython==2.0.0
 # via email-validator
 email-validator==1.1.1
 # via flask-appbuilder
-flask-appbuilder==3.2.1
+flask-appbuilder==3.2.3
 # via apache-superset
 flask-babel==1.0.0
 # via flask-appbuilder

diff --git a/setup.py b/setup.py
@@ -75,7 +75,7 @@ def get_git_sha():
         "cron-descriptor",
         "cryptography>=3.2.1",
         "flask>=1.1.0, <2.0.0",
-        "flask-appbuilder>=3.2.1, <4.0.0",
+        "flask-appbuilder>=3.2.3, <4.0.0",
         "flask-caching",
         "flask-compress",
         "flask-talisman",

diff --git a/superset/views/utils.py b/superset/views/utils.py
@@ -40,7 +40,7 @@
     SupersetException,
     SupersetSecurityException,
 )
-from superset.extensions import cache_manager
+from superset.extensions import cache_manager, security_manager
 from superset.legacy import update_time_range
 from superset.models.core import Database
 from superset.models.dashboard import Dashboard
@@ -87,20 +87,15 @@ def get_permissions(
     if not user.roles:
         raise AttributeError("User object does not have roles")
 
-    roles = {}
+    roles = defaultdict(list)
     permissions = defaultdict(set)
+
     for role in user.roles:
-        perms = set()
-        for perm in role.permissions:
-            if perm.permission and perm.view_menu:
-                perms.add((perm.permission.name, perm.view_menu.name))
-                if perm.permission.name in ("datasource_access", "database_access"):
-                    permissions[perm.permission.name].add(perm.view_menu.name)
-        roles[role.name] = [
-            [perm.permission.name, perm.view_menu.name]
-            for perm in role.permissions
-            if perm.permission and perm.view_menu
-        ]
+        permissions_ = security_manager.get_role_permissions(role)
+        for permission in permissions_:
+            if permission[0] in ("datasource_access", "database_access"):
+                permissions[permission[0]].add(permission[1])
+            roles[role.name].append([permission[0], permission[1]])
 
     return roles, permissions