From 6b95d566190e317847d1288b82f17eaa807f4f3b Mon Sep 17 00:00:00 2001 From: Jack Fragassi Date: Tue, 25 Apr 2023 09:09:12 -0700 Subject: [PATCH 1/2] Add missing __init__.py file --- superset/row_level_security/__init__.py | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 superset/row_level_security/__init__.py diff --git a/superset/row_level_security/__init__.py b/superset/row_level_security/__init__.py new file mode 100644 index 0000000000000..13a83393a9124 --- /dev/null +++ b/superset/row_level_security/__init__.py @@ -0,0 +1,16 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. From 77ff67abb94f2797142c73047d8ca97a5c0f2377 Mon Sep 17 00:00:00 2001 From: Jack Fragassi Date: Tue, 25 Apr 2023 09:34:16 -0700 Subject: [PATCH 2/2] Fix previously masked linting errors --- superset/row_level_security/commands/create.py | 4 ++-- superset/row_level_security/commands/update.py | 4 ++-- superset/row_level_security/schemas.py | 4 ++++ 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/superset/row_level_security/commands/create.py b/superset/row_level_security/commands/create.py index 2c1d4f7b6afca..0c348e10c02c5 100644 --- a/superset/row_level_security/commands/create.py +++ b/superset/row_level_security/commands/create.py @@ -24,7 +24,7 @@ from superset.commands.utils import populate_roles from superset.connectors.sqla.models import SqlaTable from superset.dao.exceptions import DAOCreateFailedError -from superset.extensions import appbuilder, db, security_manager +from superset.extensions import db from superset.row_level_security.dao import RLSDAO logger = logging.getLogger(__name__) @@ -42,7 +42,7 @@ def run(self) -> Any: rule = RLSDAO.create(self._properties) except DAOCreateFailedError as ex: logger.exception(ex.exception) - raise DAOCreateFailedError + raise ex return rule diff --git a/superset/row_level_security/commands/update.py b/superset/row_level_security/commands/update.py index 08964601b3d94..8c276ee2c4e20 100644 --- a/superset/row_level_security/commands/update.py +++ b/superset/row_level_security/commands/update.py @@ -24,7 +24,7 @@ from superset.commands.utils import populate_roles from superset.connectors.sqla.models import RowLevelSecurityFilter, SqlaTable from superset.dao.exceptions import DAOUpdateFailedError -from superset.extensions import appbuilder, db, security_manager +from superset.extensions import db from superset.row_level_security.commands.exceptions import RLSRuleNotFoundError from superset.row_level_security.dao import RLSDAO @@ -45,7 +45,7 @@ def run(self) -> Any: rule = RLSDAO.update(self._model, self._properties) except DAOUpdateFailedError as ex: logger.exception(ex.exception) - raise DAOUpdateFailedError + raise ex return rule diff --git a/superset/row_level_security/schemas.py b/superset/row_level_security/schemas.py index 63f9c8d6bc052..718294f6444f1 100644 --- a/superset/row_level_security/schemas.py +++ b/superset/row_level_security/schemas.py @@ -25,10 +25,14 @@ id_description = "Unique if of rls filter" name_description = "Name of rls filter" description_description = "Detailed description" +# pylint: disable=line-too-long filter_type_description = "Regular filters add where clauses to queries if a user belongs to a role referenced in the filter, base filters apply filters to all queries except the roles defined in the filter, and can be used to define what users can see if no RLS filters within a filter group apply to them." tables_description = "These are the tables this filter will be applied to." +# pylint: disable=line-too-long roles_description = "For regular filters, these are the roles this filter will be applied to. For base filters, these are the roles that the filter DOES NOT apply to, e.g. Admin if admin should see all data." +# pylint: disable=line-too-long group_key_description = "Filters with the same group key will be ORed together within the group, while different filter groups will be ANDed together. Undefined group keys are treated as unique groups, i.e. are not grouped together. For example, if a table has three filters, of which two are for departments Finance and Marketing (group key = 'department'), and one refers to the region Europe (group key = 'region'), the filter clause would apply the filter (department = 'Finance' OR department = 'Marketing') AND (region = 'Europe')." +# pylint: disable=line-too-long clause_description = "This is the condition that will be added to the WHERE clause. For example, to only return rows for a particular client, you might define a regular filter with the clause `client_id = 9`. To display no rows unless a user belongs to a RLS filter role, a base filter can be created with the clause `1 = 0` (always false)." get_delete_ids_schema = {"type": "array", "items": {"type": "integer"}}