这里我们说的访问报表和看板的权限都是对于普通用户来说的。
报表权限
Superset 的报表是根据 datasource_access 权限来确定的,也就是说如果你有某个表的权限,那么与这个表相关的报表你都可以访问。
class SliceFilter(SupersetFilter):
def apply(self, query, func): # noqa
if security_manager.all_datasource_access():
return query
# TODO(bogdan): add `schema_access` support here
datasource_perms = self.get_view_menus('datasource_access')
query = (
query.outerjoin(SQLTable, self.model.datasource_id == SQLTable.c.id)
.outerjoin(models.Database, models.Database.id == SQLTable.c.database_id)
.filter(
or_(
models.Database.perm.in_(datasource_perms),
self.model.perm.in_(datasource_perms),
)
)
)
return query
看板权限
看板是有两方面来限制的,如果你拥有这个看板,你就可以看到这个看板;另一个是根据 datasource_access 来确定你可以访问的报表,然后有报表找到所关联的看板。
class DashboardFilter(SupersetFilter):
"""List dashboards for which users have access to at least one slice or are owners"""
def apply(self, query, func): # noqa
if security_manager.all_datasource_access():
return query
Slice = models.Slice # noqa
Dash = models.Dashboard # noqa
User = security_manager.user_model # noqa
datasource_perms = .get_view_menus()
slice_ids_qry = (
db.session
.query(Slice.)
.outerjoin(SQLTable, Slice.datasource_id == SQLTable.c.)
.outerjoin(models.Database, models.Database. == SQLTable.c.database_id)
.(
or_(
models.Database.perm.in_(datasource_perms),
Slice.perm.in_(datasource_perms),
)
)
)
owner_ids_qry = (
db.session
.query(Dash.)
.join(Dash.owners)
.(User. == User.get_user_id())
)
query = query.(
or_(
Dash..in_(
db.session.query(Dash.)
.distinct()
.join(Dash.slices)
.(Slice..in_(slice_ids_qry)),
),
Dash..in_(owner_ids_qry),
),
)
query
