Skip to content

Commit

Permalink
chore: Remove deprecated ENABLE_ACCESS_REQUEST workflow (#24266)
Browse files Browse the repository at this point in the history
  • Loading branch information
john-bodley authored Jun 10, 2023
1 parent 4e47771 commit 0e3f1f6
Show file tree
Hide file tree
Showing 23 changed files with 62 additions and 1,061 deletions.
6 changes: 0 additions & 6 deletions RESOURCES/STANDARD_ROLES.md
Original file line number Diff line number Diff line change
Expand Up @@ -191,12 +191,6 @@
|can show on AlertLogModelView|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
|can list on AlertObservationModelView|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
|can show on AlertObservationModelView|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
|can edit on AccessRequestsModelView|:heavy_check_mark:|O|O|O|
|can list on AccessRequestsModelView|:heavy_check_mark:|O|O|O|
|can show on AccessRequestsModelView|:heavy_check_mark:|O|O|O|
|can add on AccessRequestsModelView|:heavy_check_mark:|O|O|O|
|can delete on AccessRequestsModelView|:heavy_check_mark:|O|O|O|
|muldelete on AccessRequestsModelView|:heavy_check_mark:|O|O|O|
|menu access on Row Level Security|:heavy_check_mark:|O|O|O|
|menu access on Access requests|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
|menu access on Home|:heavy_check_mark:|:heavy_check_mark:|:heavy_check_mark:|O|
Expand Down
1 change: 1 addition & 0 deletions UPDATING.md
Original file line number Diff line number Diff line change
Expand Up @@ -33,6 +33,7 @@ assists people when migrating to a new version.

### Breaking Changes

- [24266](https://github.com/apache/superset/pull/24266) Remove the `ENABLE_ACCESS_REQUEST` config parameter and the associated request/approval workflows.
- [24330](https://github.com/apache/superset/pull/24330) Removes `getUiOverrideRegistry` from `ExtensionsRegistry`.
- [23933](https://github.com/apache/superset/pull/23933) Removes the deprecated Multiple Line Charts.
- [23741](https://github.com/apache/superset/pull/23741) Migrates the TreeMap chart and removes the legacy Treemap code.
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -58,11 +58,6 @@ fetchMock.get(
value: 4,
extra: {},
},
{
text: 'granter',
value: 5,
extra: {},
},
{
text: 'Public',
value: 2,
Expand Down Expand Up @@ -393,7 +388,7 @@ test('should show all roles', async () => {

const options = await findAllSelectOptions();

expect(options).toHaveLength(6);
expect(options).toHaveLength(5);
expect(options[0]).toHaveTextContent('Admin');
});

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ const mockRules = [
},
{
id: 5,
name: 'granter',
name: 'Gamma',
},
],
tables: [
Expand Down Expand Up @@ -79,7 +79,7 @@ const mockRules = [
},
{
id: 5,
name: 'granter',
name: 'Gamma',
},
],
tables: [
Expand Down
4 changes: 0 additions & 4 deletions superset/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -1071,10 +1071,6 @@ def CSV_TO_HIVE_UPLOAD_DIRECTORY_FUNC( # pylint: disable=invalid-name
# example: FLASK_APP_MUTATOR = lambda x: x.before_request = f
FLASK_APP_MUTATOR = None

# Set this to false if you don't want users to be able to request/grant
# datasource access requests from/to other users.
ENABLE_ACCESS_REQUEST = False

# smtp server configuration
EMAIL_NOTIFICATIONS = False # all the emails are sent using dryrun
SMTP_HOST = "localhost"
Expand Down
22 changes: 4 additions & 18 deletions superset/explore/commands/get.py
Original file line number Diff line number Diff line change
Expand Up @@ -19,19 +19,19 @@
from typing import Any, cast, Optional

import simplejson as json
from flask import current_app, request
from flask_babel import gettext as __, lazy_gettext as _
from flask import request
from flask_babel import lazy_gettext as _
from sqlalchemy.exc import SQLAlchemyError

from superset import db, security_manager
from superset import db
from superset.commands.base import BaseCommand
from superset.connectors.base.models import BaseDatasource
from superset.connectors.sqla.models import SqlaTable
from superset.dao.exceptions import DatasourceNotFound
from superset.datasource.dao import DatasourceDAO
from superset.exceptions import SupersetException
from superset.explore.commands.parameters import CommandParameters
from superset.explore.exceptions import DatasetAccessDeniedError, WrongEndpointError
from superset.explore.exceptions import WrongEndpointError
from superset.explore.form_data.commands.get import GetFormDataCommand
from superset.explore.form_data.commands.parameters import (
CommandParameters as FormDataCommandParameters,
Expand Down Expand Up @@ -119,20 +119,6 @@ def run(self) -> Optional[dict[str, Any]]:
except DatasourceNotFound:
pass
datasource_name = datasource.name if datasource else _("[Missing Dataset]")

if datasource:
if current_app.config["ENABLE_ACCESS_REQUEST"] and (
not security_manager.can_access_datasource(datasource)
):
message = __(
security_manager.get_datasource_access_error_msg(datasource)
)
raise DatasetAccessDeniedError(
message=message,
datasource_type=self._datasource_type,
datasource_id=self._datasource_id,
)

viz_type = form_data.get("viz_type")
if not viz_type and datasource and datasource.default_endpoint:
raise WrongEndpointError(redirect=datasource.default_endpoint)
Expand Down
11 changes: 0 additions & 11 deletions superset/initialization/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -154,7 +154,6 @@ def init_views(self) -> None:
from superset.security.api import SecurityRestApi
from superset.sqllab.api import SqlLabRestApi
from superset.tags.api import TagRestApi
from superset.views.access_requests import AccessRequestsModelView
from superset.views.alerts import AlertView, ReportView
from superset.views.all_entities import TaggedObjectsModelView, TaggedObjectView
from superset.views.annotations import AnnotationLayerView
Expand Down Expand Up @@ -419,16 +418,6 @@ def init_views(self) -> None:
category_label=__("Manage"),
)

appbuilder.add_view(
AccessRequestsModelView,
"Access requests",
label=__("Access requests"),
category="Security",
category_label=__("Security"),
icon="fa-table",
menu_cond=lambda: bool(self.config["ENABLE_ACCESS_REQUEST"]),
)

appbuilder.add_view(
RowLevelSecurityView,
"Row Level Security",
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
"""drop access_request
Revision ID: 83e1abbe777f
Revises: ae58e1e58e5c
Create Date: 2023-06-01 13:13:18.147362
"""

# revision identifiers, used by Alembic.
revision = "83e1abbe777f"
down_revision = "ae58e1e58e5c"

import sqlalchemy as sa
from alembic import op


def upgrade():
op.drop_table("access_request")


def downgrade():
op.create_table(
"access_request",
sa.Column("created_on", sa.DateTime(), nullable=True),
sa.Column("changed_on", sa.DateTime(), nullable=True),
sa.Column("id", sa.Integer(), nullable=False),
sa.Column("datasource_type", sa.String(length=200), nullable=True),
sa.Column("datasource_id", sa.Integer(), nullable=True),
sa.Column("changed_by_fk", sa.Integer(), nullable=True),
sa.Column("created_by_fk", sa.Integer(), nullable=True),
sa.ForeignKeyConstraint(["changed_by_fk"], ["ab_user.id"]),
sa.ForeignKeyConstraint(["created_by_fk"], ["ab_user.id"]),
sa.PrimaryKeyConstraint("id"),
)
2 changes: 1 addition & 1 deletion superset/models/__init__.py
Original file line number Diff line number Diff line change
Expand Up @@ -14,4 +14,4 @@
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
from . import core, datasource_access_request, dynamic_plugins, sql_lab, user_attributes
from . import core, dynamic_plugins, sql_lab, user_attributes
97 changes: 0 additions & 97 deletions superset/models/datasource_access_request.py

This file was deleted.

17 changes: 0 additions & 17 deletions superset/security/manager.py
Original file line number Diff line number Diff line change
Expand Up @@ -164,7 +164,6 @@ class SupersetSecurityManager( # pylint: disable=too-many-public-methods

ADMIN_ONLY_VIEW_MENUS = {
"Access Requests",
"AccessRequestsModelView",
"Action Log",
"Log",
"List Users",
Expand Down Expand Up @@ -195,8 +194,6 @@ class SupersetSecurityManager( # pylint: disable=too-many-public-methods
}

ADMIN_ONLY_PERMISSIONS = {
"can_override_role_permissions",
"can_approve",
"can_update_role",
"all_query_access",
"can_grant_guest_token",
Expand Down Expand Up @@ -767,7 +764,6 @@ def sync_role_definitions(self) -> None:
self.set_role("Admin", self._is_admin_pvm)
self.set_role("Alpha", self._is_alpha_pvm)
self.set_role("Gamma", self._is_gamma_pvm)
self.set_role("granter", self._is_granter_pvm)
self.set_role("sql_lab", self._is_sql_lab_pvm)

# Configure public role
Expand Down Expand Up @@ -981,19 +977,6 @@ def _is_sql_lab_pvm(self, pvm: PermissionView) -> bool:
in self.SQLLAB_EXTRA_PERMISSION_VIEWS
)

def _is_granter_pvm( # pylint: disable=no-self-use
self, pvm: PermissionView
) -> bool:
"""
Return True if the user can grant the FAB permission/view, False
otherwise.
:param pvm: The FAB permission/view
:returns: Whether the user can grant the FAB permission/view
"""

return pvm.permission.name in {"can_override_role_permissions", "can_approve"}

def database_after_insert(
self,
mapper: Mapper,
Expand Down
32 changes: 0 additions & 32 deletions superset/templates/email/role_extended.txt

This file was deleted.

Loading

0 comments on commit 0e3f1f6

Please sign in to comment.