Search code examples
apache-superset

Apache Superset API Request rison filters for nested attributes on permission resources

I am attempting to apply filters to the permissions-resources API endpoint.

The _info endpoint shows these are the possible filter options:

api/v1/security/permissions-resources/_info?q=(keys:!(filters))

{"filters"=>
  {"permission"=> [
    {"name"=>"Relation", "operator"=>"rel_o_m"},
    {"name"=>"No Relation", "operator"=>"nrel_o_m"}
  ],
   "role"=>[
     {"name"=>"Relation as Many", "operator"=>"rel_m_m"}
   ],
   "view_menu"=>[
     {"name"=>"Relation", "operator"=>"rel_o_m"},
     {"name"=>"No Relation", "operator"=>"nrel_o_m"}
   ]
  }
}

Without filters, the full list of permissions-resources shows this in result:

api/v1/security/permissions-resources/

"result"=>
  [{"id"=>1, "permission"=>{"name"=>"can_read"}, "view_menu"=>{"name"=>"SavedQuery"}},
   {"id"=>2, "permission"=>{"name"=>"can_write"}, "view_menu"=>{"name"=>"SavedQuery"}},
   {"id"=>3, "permission"=>{"name"=>"can_read"}, "view_menu"=>{"name"=>"CssTemplate"}},
   {"id"=>4, "permission"=>{"name"=>"can_write"}, "view_menu"=>{"name"=>"CssTemplate"}},
....

Have had few attempts at retrieving the nested can_read permissions, all failing so far:

api/v1/security/permissions-resources/?q=(filters:!((col:permission,opr:rel_o_m,value:can_read)))
The request was incorrectly performed

# not sure if the format is different for nested values
api/v1/security/permissions-resources/?q=(filters:(permission:!((col:name,opr:rel_o_m,value:can_read))))
The request was incorrectly performed

# without the extra internal bracket
api/v1/security/permissions-resources/?q=(filters:(permission:!(col:name,opr:rel_o_m,value:can_read)))
The request was incorrectly performed

I have tried a few other variations on the rison filters with no success. Hopefully someone can point me to what I am missing?

Solution

  • As far as I can tell you can't filter on the nested fields, what you instead need to do is query the individual tables first to get the IDs you need and then query permissions-resources

    Example, we want to find the permissions-resources entry where permission.name == 'can_read' and view_menu.name == 'foo'

    First query the permissions endpoint to find the ID of the can_read permission

    GET
/api/v1/security/permissions/
?q=(filters:!((col:name,opr:eq,value:'can_read')))

    let's say the ID you get is 1

    Then query the resources endpoint to find the ID of the foo view menu

    GET
/api/v1/security/resources/
?q=(filters:!((col:name,opr:eq,value:'foo')))

    let's say the ID you get is 100

    Finally you can query permissions-resources using the rel_o_m operator to filter using the IDs you just found

    GET
/api/v1/security/permissions-resources/
?q=(filters:!((col:permission,opr:rel_o_m,value:1),(col:view_menu,opr:rel_o_m,value:100)))