fix: allow users to reset their passwords (#12886)

apache · Feb 2, 2021 · 9cc38ac · 9cc38ac
1 parent 36c4311
commit 9cc38ac
Showing 1 changed file with 9 additions and 9 deletions.
diff --git a/superset/security/manager.py b/superset/security/manager.py
@@ -179,7 +179,7 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods
         "metric_access",
     }
 
-    ACCESSIBLE_PERMS = {"can_userinfo"}
+    ACCESSIBLE_PERMS = {"can_userinfo", "resetmypassword"}
 
     data_access_permissions = (
         "database_access",
@@ -710,7 +710,7 @@ def set_role(
         self.get_session.merge(role)
         self.get_session.commit()
 
-    def _is_admin_only(self, pvm: Model) -> bool:
+    def _is_admin_only(self, pvm: PermissionView) -> bool:
         """
         Return True if the FAB permission/view is accessible to only Admin users,
         False otherwise.
@@ -731,7 +731,7 @@ def _is_admin_only(self, pvm: Model) -> bool:
             or pvm.permission.name in self.ADMIN_ONLY_PERMISSIONS
         )
 
-    def _is_alpha_only(self, pvm: PermissionModelView) -> bool:
+    def _is_alpha_only(self, pvm: PermissionView) -> bool:
         """
         Return True if the FAB permission/view is accessible to only Alpha users,
         False otherwise.
@@ -750,7 +750,7 @@ def _is_alpha_only(self, pvm: PermissionModelView) -> bool:
             or pvm.permission.name in self.ALPHA_ONLY_PERMISSIONS
         )
 
-    def _is_accessible_to_all(self, pvm: PermissionModelView) -> bool:
+    def _is_accessible_to_all(self, pvm: PermissionView) -> bool:
         """
         Return True if the FAB permission/view is accessible to all, False
         otherwise.
@@ -761,7 +761,7 @@ def _is_accessible_to_all(self, pvm: PermissionModelView) -> bool:
 
         return pvm.permission.name in self.ACCESSIBLE_PERMS
 
-    def _is_admin_pvm(self, pvm: PermissionModelView) -> bool:
+    def _is_admin_pvm(self, pvm: PermissionView) -> bool:
         """
         Return True if the FAB permission/view is Admin user related, False
         otherwise.
@@ -772,7 +772,7 @@ def _is_admin_pvm(self, pvm: PermissionModelView) -> bool:
 
         return not self._is_user_defined_permission(pvm)
 
-    def _is_alpha_pvm(self, pvm: PermissionModelView) -> bool:
+    def _is_alpha_pvm(self, pvm: PermissionView) -> bool:
         """
         Return True if the FAB permission/view is Alpha user related, False
         otherwise.
@@ -785,7 +785,7 @@ def _is_alpha_pvm(self, pvm: PermissionModelView) -> bool:
             self._is_user_defined_permission(pvm) or self._is_admin_only(pvm)
         ) or self._is_accessible_to_all(pvm)
 
-    def _is_gamma_pvm(self, pvm: PermissionModelView) -> bool:
+    def _is_gamma_pvm(self, pvm: PermissionView) -> bool:
         """
         Return True if the FAB permission/view is Gamma user related, False
         otherwise.
@@ -800,7 +800,7 @@ def _is_gamma_pvm(self, pvm: PermissionModelView) -> bool:
             or self._is_alpha_only(pvm)
         ) or self._is_accessible_to_all(pvm)
 
-    def _is_sql_lab_pvm(self, pvm: PermissionModelView) -> bool:
+    def _is_sql_lab_pvm(self, pvm: PermissionView) -> bool:
         """
         Return True if the FAB permission/view is SQL Lab related, False
         otherwise.
@@ -828,7 +828,7 @@ def _is_sql_lab_pvm(self, pvm: PermissionModelView) -> bool:
         )
 
     def _is_granter_pvm(  # pylint: disable=no-self-use
-        self, pvm: PermissionModelView
+        self, pvm: PermissionView
     ) -> bool:
         """
         Return True if the user can grant the FAB permission/view, False