scripts/permissions_cleanup.py - superset - Git at Google

 # Licensed to the Apache Software Foundation (ASF) under one
 # or more contributor license agreements.  See the NOTICE file
 # distributed with this work for additional information
 # regarding copyright ownership.  The ASF licenses this file
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
 #
 #   http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 # KIND, either express or implied.  See the License for the
 # specific language governing permissions and limitations
 # under the License.
 from collections import defaultdict

 from superset import security_manager


 def cleanup_permissions():
     # 1. Clean up duplicates.
     pvms = security_manager.get_session.query(
         security_manager.permissionview_model
     ).all()
     print("# of permission view menues is: {}".format(len(pvms)))
     pvms_dict = defaultdict(list)
     for pvm in pvms:
         pvms_dict[(pvm.permission, pvm.view_menu)].append(pvm)
     duplicates = [v for v in pvms_dict.values() if len(v) > 1]
     len(duplicates)

     for pvm_list in duplicates:
         first_prm = pvm_list[0]
         roles = set(first_prm.role)
         for pvm in pvm_list[1:]:
             roles = roles.union(pvm.role)
             security_manager.get_session.delete(pvm)
         first_prm.roles = list(roles)
     security_manager.get_session.commit()

     pvms = security_manager.get_session.query(
         security_manager.permissionview_model
     ).all()
     print("Stage 1: # of permission view menues is: {}".format(len(pvms)))

     # 2. Clean up None permissions or view menues
     pvms = security_manager.get_session.query(
         security_manager.permissionview_model
     ).all()
     for pvm in pvms:
         if not (pvm.view_menu and pvm.permission):
             security_manager.get_session.delete(pvm)
     security_manager.get_session.commit()

     pvms = security_manager.get_session.query(
         security_manager.permissionview_model
     ).all()
     print("Stage 2: # of permission view menues is: {}".format(len(pvms)))

     # 3. Delete empty permission view menues from roles
     roles = security_manager.get_session.query(security_manager.role_model).all()
     for role in roles:
         role.permissions = [p for p in role.permissions if p]
     security_manager.get_session.commit()

     # 4. Delete empty roles from permission view menues
     pvms = security_manager.get_session.query(
         security_manager.permissionview_model
     ).all()
     for pvm in pvms:
         pvm.role = [r for r in pvm.role if r]
     security_manager.get_session.commit()


 cleanup_permissions()
	# Licensed to the Apache Software Foundation (ASF) under one
	# or more contributor license agreements. See the NOTICE file
	# distributed with this work for additional information
	# regarding copyright ownership. The ASF licenses this file
	# to you under the Apache License, Version 2.0 (the
	# "License"); you may not use this file except in compliance
	# with the License. You may obtain a copy of the License at
	#
	# http://www.apache.org/licenses/LICENSE-2.0
	#
	# Unless required by applicable law or agreed to in writing,
	# software distributed under the License is distributed on an
	# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
	# KIND, either express or implied. See the License for the
	# specific language governing permissions and limitations
	# under the License.
	from collections import defaultdict

	from superset import security_manager


	def cleanup_permissions():
	# 1. Clean up duplicates.
	pvms = security_manager.get_session.query(
	security_manager.permissionview_model
	).all()
	print("# of permission view menues is: {}".format(len(pvms)))
	pvms_dict = defaultdict(list)
	for pvm in pvms:
	pvms_dict[(pvm.permission, pvm.view_menu)].append(pvm)
	duplicates = [v for v in pvms_dict.values() if len(v) > 1]
	len(duplicates)

	for pvm_list in duplicates:
	first_prm = pvm_list[0]
	roles = set(first_prm.role)
	for pvm in pvm_list[1:]:
	roles = roles.union(pvm.role)
	security_manager.get_session.delete(pvm)
	first_prm.roles = list(roles)
	security_manager.get_session.commit()

	pvms = security_manager.get_session.query(
	security_manager.permissionview_model
	).all()
	print("Stage 1: # of permission view menues is: {}".format(len(pvms)))

	# 2. Clean up None permissions or view menues
	pvms = security_manager.get_session.query(
	security_manager.permissionview_model
	).all()
	for pvm in pvms:
	if not (pvm.view_menu and pvm.permission):
	security_manager.get_session.delete(pvm)
	security_manager.get_session.commit()

	pvms = security_manager.get_session.query(
	security_manager.permissionview_model
	).all()
	print("Stage 2: # of permission view menues is: {}".format(len(pvms)))

	# 3. Delete empty permission view menues from roles
	roles = security_manager.get_session.query(security_manager.role_model).all()
	for role in roles:
	role.permissions = [p for p in role.permissions if p]
	security_manager.get_session.commit()

	# 4. Delete empty roles from permission view menues
	pvms = security_manager.get_session.query(
	security_manager.permissionview_model
	).all()
	for pvm in pvms:
	pvm.role = [r for r in pvm.role if r]
	security_manager.get_session.commit()


	cleanup_permissions()