Skip to content

fix: db validate parameters permission#24185

Merged
dpgaspar merged 4 commits intoapache:masterfrom
preset-io:fix/db-val-param-perms
Jun 5, 2023
Merged

fix: db validate parameters permission#24185
dpgaspar merged 4 commits intoapache:masterfrom
preset-io:fix/db-val-param-perms

Conversation

@dpgaspar
Copy link
Copy Markdown
Member

@dpgaspar dpgaspar commented May 23, 2023
edited
Loading

SUMMARY

Restricts access to:

  • /api/v1/database/validate_parameters/, changes the necessary permission from can_read to can_write on Database

  • /api/v1/database/test_connection/, changes the necessary permission from can_read to can_write on Database

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

  • Has associated issue:
  • Required feature flags:
  • Changes UI
  • Includes DB Migration (follow approval process in SIP-59)
    • Migration is atomic, supports rollback & is backwards-compatible
    • Confirm DB migration upgrade and downgrade tested
    • Runtime estimates and downtime expectations provided
  • Introduces new feature or API
  • Removes existing feature or API

@codecov
Copy link
Copy Markdown

codecov Bot commented May 23, 2023
edited
Loading

Codecov Report

Merging #24185 (cee1529) into master (18d2257) will not change coverage.
The diff coverage is n/a.

❗ Current head cee1529 differs from pull request most recent head 4e2fd6f. Consider uploading reports for the commit 4e2fd6f to get more accurate results

@@           Coverage Diff           @@
##           master   #24185   +/-   ##
=======================================
  Coverage   57.24%   57.24%           
=======================================
  Files        1957     1957           
  Lines       75624    75624           
  Branches     8223     8223           
=======================================
  Hits        43294    43294           
  Misses      30222    30222           
  Partials     2108     2108
Flag Coverage Δ
hive 53.39% <ø> (ø)
presto 53.32% <ø> (ø)
python 59.93% <ø> (ø)
unit 53.44% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
superset/constants.py 100.00% <ø> (ø)

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

@dpgaspar dpgaspar requested a review from betodealmeida May 23, 2023 10:09
betodealmeida
betodealmeida approved these changes May 23, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@betodealmeida betodealmeida left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do we need to update any of the tests? Or add a new one?

@dpgaspar
Copy link
Copy Markdown
Member Author

dpgaspar commented May 23, 2023

Do we need to update any of the tests? Or add a new one?

Good point! probably a test to make sure Gamma user's don't access these. I'll add it

@john-bodley
Copy link
Copy Markdown
Member

john-bodley commented May 23, 2023
edited
Loading

@dpgaspar why are we changing these from can_read to can_write for both these endpoints given (in theory) they're read requests, i.e., the underlying model is not being augmented.

Maybe providing a more detailed PR description would be helpful.

villebro
villebro approved these changes May 23, 2023
View reviewed changes
Copy link
Copy Markdown
Member

@villebro villebro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for this fix 👍

@michael-s-molina
Copy link
Copy Markdown
Member

michael-s-molina commented May 23, 2023
edited
Loading

@dpgaspar Can you add a note in the Breaking Changes section for this change?

@dpgaspar dpgaspar merged commit 8fab3db into apache:master Jun 5, 2023
@dpgaspar dpgaspar deleted the fix/db-val-param-perms branch June 5, 2023 12:06
eschutho pushed a commit that referenced this pull request Jun 6, 2023
@dpgaspar @eschutho
fix: db validate parameters permission (#24185)
76856d0
eschutho pushed a commit that referenced this pull request Jun 6, 2023
@dpgaspar @eschutho
fix: db validate parameters permission (#24185)
2a74a3a
eschutho pushed a commit that referenced this pull request Jun 14, 2023
@dpgaspar @eschutho
fix: db validate parameters permission (#24185)
e804489
@mistercrunch mistercrunch added 🍒 2.1.1 Cherry-picked to 2.1.1 🍒 2.1.2 Cherry-picked to 2.1.2 🍒 2.1.3 Cherry-picked to 2.1.3 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 3.0.0 First shipped in 3.0.0 labels Mar 8, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@betodealmeida betodealmeida betodealmeida approved these changes

@villebro villebro villebro approved these changes

@michael-s-molina michael-s-molina michael-s-molina approved these changes

@john-bodley john-bodley Awaiting requested review from john-bodley

Assignees

No one assigned

Labels

2.1.1 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels size/XS v2.1 🍒 2.1.1 Cherry-picked to 2.1.1 🍒 2.1.2 Cherry-picked to 2.1.2 🍒 2.1.3 Cherry-picked to 2.1.3 🚢 3.0.0 First shipped in 3.0.0

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

7 participants

@dpgaspar @john-bodley @michael-s-molina @betodealmeida @villebro @mistercrunch @eschutho