Home Explore Help
Register Sign In
root
/
incubator-superset0.99
Watch 1
Star 0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 099fc026e1
Branches Tags
incubator-su...
/
superset
/
views
/
database
/
decorators.py

decorators.py 2.4 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263 
  1. # Licensed to the Apache Software Foundation (ASF) under one
    2. 

  2. # or more contributor license agreements.  See the NOTICE file
    3. 

  3. # distributed with this work for additional information
    4. 

  4. # regarding copyright ownership.  The ASF licenses this file
    5. 

  5. # to you under the Apache License, Version 2.0 (the
    6. 

  6. # "License"); you may not use this file except in compliance
    7. 

  7. # with the License.  You may obtain a copy of the License at
    8. 

  8. #
    9. 

  9. #   http://www.apache.org/licenses/LICENSE-2.0
    10. 

  10. #
    11. 

  11. # Unless required by applicable law or agreed to in writing,
    12. 

  12. # software distributed under the License is distributed on an
    13. 

  13. # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
    14. 

  14. # KIND, either express or implied.  See the License for the
    15. 

  15. # specific language governing permissions and limitations
    16. 

  16. # under the License.
    17. 

  17. import functools
    18. 

  18. import logging
    19. 

  19. from typing import Optional
    20. 

  20. 

  21. from flask import g
    22. 

  22. from flask_babel import lazy_gettext as _
    23. 

  23. 

  24. from superset.models.core import Database
    25. 

  25. from superset.utils.core import parse_js_uri_path_item
    26. 

  26. 

  27. logger = logging.getLogger(__name__)
    28. 

  28. 

  29. 

  30. def check_datasource_access(f):
    31. 

  31.     """
    32. 

  32.     A Decorator that checks if a user has datasource access
    33. 

  33.     """
    34. 

  34. 

  35.     def wraps(
    36. 

  36.         self, pk: int, table_name: str, schema_name: Optional[str] = None
    37. 

  37.     ):  # pylint: disable=invalid-name
    38. 

  38.         schema_name_parsed = parse_js_uri_path_item(schema_name, eval_undefined=True)
    39. 

  39.         table_name_parsed = parse_js_uri_path_item(table_name)
    40. 

  40.         if not table_name_parsed:
    41. 

  41.             return self.response_422(message=_("Table name undefined"))
    42. 

  42.         database: Database = self.datamodel.get(pk)
    43. 

  43.         if not database:
    44. 

  44.             self.stats_logger.incr(
    45. 

  45.                 f"database_not_found_{self.__class__.__name__}.select_star"
    46. 

  46.             )
    47. 

  47.             return self.response_404()
    48. 

  48.         # Check that the user can access the datasource
    49. 

  49.         if not self.appbuilder.sm.can_access_datasource(
    50. 

  50.             database, table_name_parsed, schema_name_parsed
    51. 

  51.         ):
    52. 

  52.             self.stats_logger.incr(
    53. 

  53.                 f"permisssion_denied_{self.__class__.__name__}.select_star"
    54. 

  54.             )
    55. 

  55.             logger.warning(
    56. 

  56.                 f"Permission denied for user {g.user} on table: {table_name_parsed} "
    57. 

  57.                 f"schema: {schema_name_parsed}"
    58. 

  58.             )
    59. 

  59.             return self.response_404()
    60. 

  60.         return f(self, database, table_name_parsed, schema_name_parsed)
    61. 

  61. 

  62.     return functools.update_wrapper(wraps, f)
    63. 

  63.