superset/commands/utils.py
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
from __future__ import annotations
from collections import Counter
from typing import Optional, TYPE_CHECKING
from flask import g
from flask_appbuilder.security.sqla.models import Role, User
from superset import security_manager
from superset.commands.exceptions import (
DatasourceNotFoundValidationError,
OwnersNotFoundValidationError,
RolesNotFoundValidationError,
TagForbiddenError,
TagNotFoundValidationError,
)
from superset.daos.datasource import DatasourceDAO
from superset.daos.exceptions import DatasourceNotFound
from superset.daos.tag import TagDAO
from superset.tags.models import ObjectType, Tag, TagType
from superset.utils.core import DatasourceType, get_user_id
if TYPE_CHECKING:
from superset.connectors.sqla.models import BaseDatasource
def populate_owner_list(
owner_ids: list[int] | None,
default_to_user: bool,
) -> list[User]:
"""
Helper function for commands, will fetch all users from owners id's
:param owner_ids: list of owners by id's
:param default_to_user: make user the owner if `owner_ids` is None or empty
:raises OwnersNotFoundValidationError: if at least one owner id can't be resolved
:returns: Final list of owners
"""
owner_ids = owner_ids or []
owners = []
if not owner_ids and default_to_user:
return [g.user]
if not (security_manager.is_admin() or get_user_id() in owner_ids):
# make sure non-admins can't remove themselves as owner by mistake
owners.append(g.user)
for owner_id in owner_ids:
owner = security_manager.get_user_by_id(owner_id)
if not owner:
raise OwnersNotFoundValidationError()
owners.append(owner)
return owners
def compute_owner_list(
current_owners: list[User] | None,
new_owners: list[int] | None,
) -> list[User]:
"""
Helper function for update commands, to properly handle the owners list.
Preserve the previous configuration unless included in the update payload.
:param current_owners: list of current owners
:param new_owners: list of new owners specified in the update payload
:returns: Final list of owners
"""
current_owners = current_owners or []
owners_ids = (
[owner.id for owner in current_owners] if new_owners is None else new_owners
)
return populate_owner_list(owners_ids, default_to_user=False)
def populate_roles(role_ids: list[int] | None = None) -> list[Role]:
"""
Helper function for commands, will fetch all roles from roles id's
:raises RolesNotFoundValidationError: If a role in the input list is not found
:param role_ids: A List of roles by id's
"""
roles: list[Role] = []
if role_ids:
roles = security_manager.find_roles_by_id(role_ids)
if len(roles) != len(role_ids):
raise RolesNotFoundValidationError()
return roles
def get_datasource_by_id(datasource_id: int, datasource_type: str) -> BaseDatasource:
try:
return DatasourceDAO.get_datasource(
DatasourceType(datasource_type), datasource_id
)
except DatasourceNotFound as ex:
raise DatasourceNotFoundValidationError() from ex
def validate_tags(
object_type: ObjectType,
current_tags: list[Tag],
new_tag_ids: Optional[list[int]],
) -> None:
"""
Helper function for update commands, to validate the tags list. Users
with `can_write` on `Tag` are allowed to both create new tags and manage
tag association with objects. Users with `can_tag` on `object_type` are
only allowed to manage existing existing tags' associations with the object.
:param current_tags: list of current tags
:param new_tag_ids: list of tags specified in the update payload
"""
# `tags` not part of the update payload
if new_tag_ids is None:
return
# No changes in the list
current_custom_tags = [tag.id for tag in current_tags if tag.type == TagType.custom]
if Counter(current_custom_tags) == Counter(new_tag_ids):
return
# No perm to tags assets
if not (
security_manager.can_access("can_write", "Tag")
or security_manager.can_access("can_tag", object_type.name.capitalize())
):
validation_error = (
f"You do not have permission to manage tags on {object_type.name}s"
)
raise TagForbiddenError(validation_error)
# Validate if new tags already exist
additional_tags = [tag for tag in new_tag_ids if tag not in current_custom_tags]
for tag_id in additional_tags:
if not TagDAO.find_by_id(tag_id):
validation_error = f"Tag ID {tag_id} not found"
raise TagNotFoundValidationError(validation_error)
return
def update_tags(
object_type: ObjectType,
object_id: int,
current_tags: list[Tag],
new_tag_ids: list[int],
) -> None:
"""
Helper function for update commands, to update the tag relationship.
:param object_id: The object (dashboard, chart, etc) ID
:param object_type: The object type
:param current_tags: list of current tags
:param new_tag_ids: list of tags specified in the update payload
"""
current_custom_tags = [tag for tag in current_tags if tag.type == TagType.custom]
current_custom_tag_ids = [
tag.id for tag in current_tags if tag.type == TagType.custom
]
tags_to_delete = [tag for tag in current_custom_tags if tag.id not in new_tag_ids]
for tag in tags_to_delete:
TagDAO.delete_tagged_object(object_type, object_id, tag.name)
tag_ids_to_add = [
tag_id for tag_id in new_tag_ids if tag_id not in current_custom_tag_ids
]
if tag_ids_to_add:
tags_to_add = TagDAO.find_by_ids(tag_ids_to_add)
TagDAO.create_custom_tagged_objects(
object_type, object_id, [tag.name for tag in tags_to_add]
)