(#34) | add missing role api call and script

avniproject · Nov 27, 2024 · 88bc9fc · 88bc9fc
1 parent a5c6ce9
commit 88bc9fc
Show file tree

Hide file tree

Showing 2 changed files with 158 additions and 0 deletions.
diff --git a/reportingSystem/superset/assets/RoleUpgrade.js b/reportingSystem/superset/assets/RoleUpgrade.js
@@ -0,0 +1,114 @@
+const username = ""; // add admin username
+
+const password = ""; // add password
+
+const roleIds = []; // add roles
+
+const permissionIdList = []; // add permission Ids
+
+const baseurl = "https://test-reporting-superset.avniproject.org";
+
+let auth_token = null;
+
+
+const  login = async () => {
+
+    const request = new Request(`${baseurl}/api/v1/security/login`,{
+        method : "POST",
+        headers:{
+            'Accept': 'application/json',
+            'Content-Type': 'application/json'
+        },
+        body: JSON.stringify({"username":username, "password":password, "provider": "db", "refresh": true})
+    });
+
+    const response = await fetch(request).then((response)=>{
+        if(response.status === 200 && response.headers.get("content-type").includes("application/json")) {
+            return  response.json();
+        }
+        else{
+            console.log("Issue in login response"+response);
+            process.exit(0);
+        }
+    }).catch((error)=>{
+        console.log(error)
+        process.exit(0);
+    });
+
+    auth_token = response.access_token;
+    console.log(`token is ${auth_token}`);
+}
+
+const addPermissionInRole = async (roleId,permissionSet,newPermission) => {
+    if(permissionSet.has(newPermission)){
+        console.log(`${newPermission} already in ${roleId}`);
+        return;
+    }
+    permissionSet.add(newPermission);
+    const response = await fetch(`${baseurl}/api/v1/security/roles/${roleId}/permissions`,{
+        method : 'POST',
+        headers: {
+            'Accept': 'application/json',
+            'Content-Type': 'application/json',
+            "Authorization":`Bearer ${auth_token}`
+        },
+        body: JSON.stringify({
+            "permission_view_menu_ids": permissionSet
+        })
+    }).then((response)=>{
+        if(response.status === 200) {
+            return response.json();
+        }
+        else{
+            console.log("Not updated");
+            process.exit(0);
+        }
+    }).catch((error)=>{
+        console.log(error)
+        process.exit(0);
+    })
+
+    if(response.result && response.result.permission_view_menu_ids && permissionSet.size === response.result.permission_view_menu_ids.length){
+        console.log(`${newPermission} added to role ${roleId}`);
+    }
+
+}
+
+const getPermissionSet = async(roleId)=>{
+
+    const response = await fetch(`${baseurl}/api/v1/security/roles/${roleId}/permissions/`,{
+        method : 'GET',
+        headers: {
+            'Accept': 'application/json',
+            'Content-Type': 'application/json',
+            "Authorization":`Bearer ${auth_token}`
+        }
+    }).then((response)=>{
+        if(response.status === 200 && response.headers.get("content-type").includes("application/json")) {
+            return  response.json();
+        }
+        else{
+            console.log("Not getting permission");
+            process.exit(0);
+        }
+    }).catch((error)=>{
+        console.log(error)
+        process.exit(0);
+    })
+    const set = new Set();
+    response.result.map((element)=>element.id).forEach(element=>set.add(element));
+    return set;
+}
+
+
+const doTask = async () => {
+    await login();
+    for(role of roleIds){
+        for(permission of permissionIdList) {
+            const permissionList = await getPermissionSet(role);
+            await addPermissionInRole(role, permissionList, permission);
+        }
+    }
+};
+
+doTask();
diff --git a/reportingSystem/superset/assets/role_permission_upgrade.sql b/reportingSystem/superset/assets/role_permission_upgrade.sql
@@ -0,0 +1,44 @@
+---------- update recent activity ------------------------------
+
+select apv.id
+from ab_permission p
+         join ab_permission_view apv on p.id = apv.permission_id
+         join ab_view_menu avm on apv.view_menu_id = avm.id
+where p.name =  'can_recent_activity' and avm.name = 'Superset';
+-- permission_view_id : 124
+
+select role.id, role.name
+from ab_role role
+where role.id not in(
+    select role_id
+    from ab_permission p
+             join ab_permission_view apv on p.id = apv.permission_id
+             join ab_view_menu avm on apv.view_menu_id = avm.id
+             join ab_permission_view_role apvr on apv.id = apvr.permission_view_id
+    where p.name =  'can_recent_activity' and avm.name = 'Superset'
+)and role.name not in ('Public', 'granter', 'sql_lab');
+-- role ids : [17, 18, 20, 22, 23, 24, 26, 27, 29, 38, 39, 25, 44]
+
+
+------------ update explore --------------------------------------
+
+select apv.id
+from ab_permission p
+         join ab_permission_view apv on p.id = apv.permission_id
+         join ab_view_menu avm on apv.view_menu_id = avm.id
+where p.name =  'can_read' and avm.name = 'Explore';
+-- permission_view_id : 5890
+
+
+select role.id, role.name
+from ab_role role
+where role.id not in(
+    select role_id
+    from ab_permission p
+             join ab_permission_view apv on p.id = apv.permission_id
+             join ab_view_menu avm on apv.view_menu_id = avm.id
+             join ab_permission_view_role apvr on apv.id = apvr.permission_view_id
+    where p.name =  'can_read' and avm.name = 'Explore'
+)and role.name ilike '%gam%' ;
+-- role ids : [29, 30, 31, 32, 33, 34, 35, 36, 37, 39]
+