Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(rls): move to feature flag and disable related view #11575

Merged
merged 2 commits into from
Nov 5, 2020
Merged

chore(rls): move to feature flag and disable related view #11575

merged 2 commits into from
Nov 5, 2020

Conversation

villebro
Copy link
Member

@villebro villebro commented Nov 5, 2020
edited
Loading

SUMMARY

Minor refinements to Row Level Security (RLS) implementation:

  • Move ENABLE_ROW_LEVEL_SECURITY from config flag to feature flag.
  • Remove RLS from table view related view. Currently non-admin users can see all RLS filters that apply to a table, which can be both a security concern and a privacy issue.
  • Disable Row Level Security and Row Level Security Filters view menus for other users than Admin.

TEST PLAN

Local testing

ADDITIONAL INFORMATION

  • Has associated issue:
  • Changes UI
  • Requires DB Migration.
  • Confirm DB Migration upgrade and downgrade tested.
  • Introduces new feature or API
  • Removes existing feature or API

@codecov-io
Copy link

codecov-io commented Nov 5, 2020
edited
Loading

Codecov Report

Merging #11575 into master will decrease coverage by 0.02%.
The diff coverage is 100.00%.

Impacted file tree graph

@@            Coverage Diff             @@
##           master   #11575      +/-   ##
==========================================
- Coverage   59.59%   59.57%   -0.03%     
==========================================
  Files         832      832              
  Lines       40482    40481       -1     
  Branches     3666     3666              
==========================================
- Hits        24126    24117       -9     
- Misses      16187    16195       +8     
  Partials      169      169
Flag Coverage Δ
cypress 55.01% <ø> (+<0.01%) ⬆️
python 62.06% <100.00%> (-0.04%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
superset/config.py 90.11% <ø> (-0.04%) ⬇️
superset/connectors/sqla/views.py 67.26% <ø> (ø)
superset/security/manager.py 90.90% <ø> (ø)
superset/app.py 81.29% <100.00%> (ø)
superset/common/query_context.py 87.87% <100.00%> (ø)
superset/connectors/sqla/models.py 90.36% <100.00%> (-0.27%) ⬇️
superset/viz.py 57.74% <100.00%> (ø)
superset/db_engine_specs/sqlite.py 65.62% <0.00%> (-9.38%) ⬇️
superset/utils/celery.py 82.14% <0.00%> (-3.58%) ⬇️
superset/result_set.py 96.69% <0.00%> (-1.66%) ⬇️
... and 3 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 52145f8...74cf03e. Read the comment docs.

@villebro villebro changed the title [WIP] chore(rls): move to feature flag and disable related view chore(rls): move to feature flag and disable related view Nov 5, 2020
dpgaspar
dpgaspar reviewed Nov 5, 2020
View reviewed changes
UPDATING.md Outdated Show resolved Hide resolved
@villebro villebro merged commit 600a6fa into apache:master Nov 5, 2020
@villebro villebro deleted the villebro/rls-feature-flag branch November 5, 2020 10:51
auxten pushed a commit to auxten/incubator-superset that referenced this pull request Nov 20, 2020
@villebro @auxten
chore(rls): move to feature flag and disable related view (apache#11575)
0043c7d 
* chore(rls): move to feature flag and disable related view

* rename feature flag
@carobaldino carobaldino mentioned this pull request Feb 17, 2021
Closed
3 tasks
@mistercrunch mistercrunch added 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 1.0.0 labels Mar 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@wajdy111 wajdy111 wajdy111 left review comments

@dpgaspar dpgaspar dpgaspar approved these changes

Assignees
No one assigned
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels size/M 🚢 1.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@villebro @codecov-io @dpgaspar @wajdy111 @mistercrunch