From e1f5e9061f55c32ef63979768d869eb30d94ddec Mon Sep 17 00:00:00 2001
From: Lily Kuang <lily@preset.io>
Date: Thu, 27 Jul 2023 12:20:49 -0700
Subject: [PATCH 1/3] remove csstemplatemodelview/list/ and
 annotationlayer/list/ access from gamma user

---
 superset/security/manager.py | 2 --
 1 file changed, 2 deletions(-)

diff --git a/superset/security/manager.py b/superset/security/manager.py
index c265bf2f7844..c4a3e9b96f19 100644
--- a/superset/security/manager.py
+++ b/superset/security/manager.py
@@ -155,8 +155,6 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods
     }
 
     GAMMA_READ_ONLY_MODEL_VIEWS = {
-        "Annotation",
-        "CssTemplate",
         "Dataset",
         "Datasource",
     } | READ_ONLY_MODEL_VIEWS

From 0e58df944f3bbaee15cf851c1d78b51cba7a5a1a Mon Sep 17 00:00:00 2001
From: Lily Kuang <lily@preset.io>
Date: Fri, 28 Jul 2023 15:28:48 -0700
Subject: [PATCH 2/3] fix test

---
 tests/integration_tests/security_tests.py | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/tests/integration_tests/security_tests.py b/tests/integration_tests/security_tests.py
index 139ad263425e..cea16c67f821 100644
--- a/tests/integration_tests/security_tests.py
+++ b/tests/integration_tests/security_tests.py
@@ -1345,7 +1345,6 @@ def assert_cannot_gamma(self, perm_set):
         self.assert_cannot_menu("Alerts & Report", perm_set)
 
     def assert_can_gamma(self, perm_set):
-        self.assert_can_read("CssTemplate", perm_set)
         self.assert_can_read("Dataset", perm_set)
 
         # make sure that user can create slices and dashboards
@@ -1513,8 +1512,6 @@ def test_gamma_permissions(self):
         # make sure that user can create slices and dashboards
         self.assert_can_all("Dashboard", gamma_perm_set)
         self.assert_can_read("Dataset", gamma_perm_set)
-        self.assert_can_read("Annotation", gamma_perm_set)
-        self.assert_can_read("CssTemplate", gamma_perm_set)
 
         # make sure that user can create slices and dashboards
         self.assert_can_all("Chart", gamma_perm_set)

From a5512dbc8d24c4d7dafa1dd1b5cc738d2d7809cd Mon Sep 17 00:00:00 2001
From: Lily Kuang <lily@preset.io>
Date: Mon, 7 Aug 2023 18:35:09 -0700
Subject: [PATCH 3/3] fix permissions

---
 superset/security/manager.py | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

diff --git a/superset/security/manager.py b/superset/security/manager.py
index c4a3e9b96f19..d4049751cfd2 100644
--- a/superset/security/manager.py
+++ b/superset/security/manager.py
@@ -177,19 +177,21 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods
     } | USER_MODEL_VIEWS
 
     ALPHA_ONLY_VIEW_MENUS = {
-        "Manage",
-        "CSS Templates",
-        "Annotation Layers",
-        "Queries",
-        "Import dashboards",
-        "Upload a CSV",
-        "ReportSchedule",
         "Alerts & Report",
-        "TableSchemaView",
-        "CsvToDatabaseView",
+        "Annotation Layers",
+        "Annotation",
+        "CSS Templates",
         "ColumnarToDatabaseView",
+        "CssTemplate",
+        "CsvToDatabaseView",
         "ExcelToDatabaseView",
+        "Import dashboards",
         "ImportExportRestApi",
+        "Manage",
+        "Queries",
+        "ReportSchedule",
+        "TableSchemaView",
+        "Upload a CSV",
     }
 
     ADMIN_ONLY_PERMISSIONS = {