superset详解(三)--权限生成_superset 有什么限制

如果你用admin账户使用superset，一切畅通无阻，没有权限限制，但是不可能每个人都是admin, 大部分人是普通用户，拥有不同的权限。superset的权限是有flaskappbuilder来管理的，整个过程是自动生成的

触发添加权限

appbuilder.add_view  #这个方法会生成菜单的权限 方法会生成基本权限
add_view_no_menu     # 只会把方法生成基本权限


def add_view_no_menu(self, baseview, endpoint=None, static_folder=None):
        """
            Add your views without creating a menu.

            :param baseview:
                A BaseView type class instantiated.

        """
        baseview = self._check_and_init(baseview)
        log.info(LOGMSG_INF_FAB_ADD_VIEW.format(baseview.__class__.__name__, ""))

        if not self._view_exists(baseview):
            baseview.appbuilder = self
            self.baseviews.append(baseview)
            self._process_inner_views()
            if self.app:
                self.register_blueprint(baseview,
                     endpoint=endpoint, static_folder=static_folder)
                self._add_permission(baseview)    # 添加权限
        else:
            log.warning(LOGMSG_WAR_FAB_VIEW_EXISTS.format(baseview.__class__.__name__))
        return baseview
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

添加权限

    def _add_permission(self, baseview): 
        if self.update_perms:     # 这个值在Appbuilder中默认是True
            try:
                self.sm.add_permissions_view(baseview.base_permissions, baseview.__class__.__name__)
            except Exception as e:
                log.exception(e)
                log.error(LOGMSG_ERR_FAB_ADD_PERMISSION_VIEW.format(str(e)))

把baseview的base_permissions中的值添加到权限表中，并更新视图表和权限视图表
1
2
3
4
5
6
7
8
9

给方法添加_permission_name

def has_access(f):
    if hasattr(f, '_permission_name'):
        permission_str = f._permission_name
    else:
        permission_str = f.__name__

    def wraps(self, *args, **kwargs):
        permission_str = PERMISSION_PREFIX + f._permission_name
        if self.appbuilder.sm.has_access(permission_str, self.__class__.__name__):
            return f(self, *args, **kwargs)
        else:
            log.warning(LOGMSG_ERR_SEC_ACCESS_DENIED.format(permission_str, self.__class__.__name__))
            flash(as_unicode(FLAMSG_ERR_SEC_ACCESS_DENIED), "danger")
        return redirect(url_for(self.appbuilder.sm.auth_view.__class__.__name__ + ".login"))
    f._permission_name = permission_str       # 给方法添加_permission_name
    return functools.update_wrapper(wraps, f)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16

再需要权限控制的方法上使用装饰器has_access，就会为相应的方法生成基本权限

生成base_permissions

BaseView的代码：

    def __init__(self):
        """
            Initialization of base permissions
            based on exposed methods and actions

            Initialization of extra args
        """
        if self.base_permissions is None:
            self.base_permissions = set()
            for attr_name in dir(self):
                if hasattr(getattr(self, attr_name), '_permission_name'):
                    permission_name = getattr(getattr(self, attr_name), '_permission_name')
                    self.base_permissions.add('can_' + permission_name)   #把具有_permission_name的属性的方法添加到base_permissions中
            self.base_permissions = list(self.base_permissions)
1
2
3
4
5
6
7
8
9
10
11
12
13
14

至此权限的生成就说完了