From 9404ab8c19e8eb1ea9495f1ef3c26d92acf6810a Mon Sep 17 00:00:00 2001
From: Kasia Kucharczyk <katarzyna.kucharczyk@polidea.com>
Date: Mon, 14 Dec 2020 19:15:49 +0100
Subject: [PATCH 1/6] Added migration for logs security converge

---
 .../4b84f97828aa_log_converge_annotations.py  | 74 +++++++++++++++++++
 1 file changed, 74 insertions(+)
 create mode 100644 superset/migrations/versions/4b84f97828aa_log_converge_annotations.py

diff --git a/superset/migrations/versions/4b84f97828aa_log_converge_annotations.py b/superset/migrations/versions/4b84f97828aa_log_converge_annotations.py
new file mode 100644
index 0000000000000..1a0119d49ab36
--- /dev/null
+++ b/superset/migrations/versions/4b84f97828aa_log_converge_annotations.py
@@ -0,0 +1,74 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+"""security converge logs
+
+Revision ID: 4b84f97828aa
+Revises: 5daced1f0e76
+Create Date: 2020-12-14 13:40:46.492449
+
+"""
+
+from alembic import op
+from sqlalchemy.exc import SQLAlchemyError
+from sqlalchemy.orm import Session
+
+from superset.migrations.shared.security_converge import (
+    add_pvms,
+    get_reversed_new_pvms,
+    get_reversed_pvm_map,
+    migrate_roles,
+    Pvm,
+)
+
+revision = "4b84f97828aa"
+down_revision = "5daced1f0e76"
+
+NEW_PVMS = {"Log": ("can_read", "can_write",)}
+PVM_MAP = {
+    Pvm("LogModelView", "can_show"): (Pvm("Log", "can_read"),),
+    Pvm("LogModelView", "can_add",): (Pvm("Log", "can_write"),),
+    Pvm("LogModelView", "can_list"): (Pvm("Log", "can_read"),),
+}
+
+
+def upgrade():
+    bind = op.get_bind()
+    session = Session(bind=bind)
+
+    # Add the new permissions on the migration itself
+    add_pvms(session, NEW_PVMS)
+    migrate_roles(session, PVM_MAP)
+    try:
+        session.commit()
+    except SQLAlchemyError as ex:
+        print(f"An error occurred while upgrading Logs permissions: {ex}")
+        session.rollback()
+
+
+def downgrade():
+    bind = op.get_bind()
+    session = Session(bind=bind)
+
+    # Add the old permissions on the migration itself
+    add_pvms(session, get_reversed_new_pvms(PVM_MAP))
+    migrate_roles(session, get_reversed_pvm_map(PVM_MAP))
+    try:
+        session.commit()
+    except SQLAlchemyError as ex:
+        print(f"An error occurred while downgrading Logs permissions: {ex}")
+        session.rollback()
+    pass

From 4254803b998b4e8544e2276f32d14888678145b7 Mon Sep 17 00:00:00 2001
From: Kasia Kucharczyk <katarzyna.kucharczyk@polidea.com>
Date: Mon, 14 Dec 2020 19:17:57 +0100
Subject: [PATCH 2/6] Changed class permission name and method permission in
 LogModelView and LogRestApi

---
 superset/views/log/api.py   | 4 +++-
 superset/views/log/views.py | 4 +++-
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/superset/views/log/api.py b/superset/views/log/api.py
index 7f14112b18667..f4436635d59e0 100644
--- a/superset/views/log/api.py
+++ b/superset/views/log/api.py
@@ -19,13 +19,15 @@
 import superset.models.core as models
 from superset.views.base_api import BaseSupersetModelRestApi
 
+from ...constants import MODEL_API_RW_METHOD_PERMISSION_MAP
 from . import LogMixin
 
 
 class LogRestApi(LogMixin, BaseSupersetModelRestApi):
     datamodel = SQLAInterface(models.Log)
     include_route_methods = {"get_list", "get", "post"}
-    class_permission_name = "LogModelView"
+    class_permission_name = "Log"
+    method_permission_name = MODEL_API_RW_METHOD_PERMISSION_MAP
     resource_name = "log"
     allow_browser_login = True
     list_columns = [
diff --git a/superset/views/log/views.py b/superset/views/log/views.py
index 7139d348517e5..02205622ab8ab 100644
--- a/superset/views/log/views.py
+++ b/superset/views/log/views.py
@@ -17,7 +17,7 @@
 from flask_appbuilder.models.sqla.interface import SQLAInterface
 
 import superset.models.core as models
-from superset.constants import RouteMethod
+from superset.constants import MODEL_VIEW_RW_METHOD_PERMISSION_MAP, RouteMethod
 from superset.views.base import SupersetModelView
 
 from . import LogMixin
@@ -26,3 +26,5 @@
 class LogModelView(LogMixin, SupersetModelView):  # pylint: disable=too-many-ancestors
     datamodel = SQLAInterface(models.Log)
     include_route_methods = {RouteMethod.LIST, RouteMethod.SHOW}
+    class_permission_name = "Log"
+    method_permission_name = MODEL_VIEW_RW_METHOD_PERMISSION_MAP

From ceca4643aabae20891deb58fe708a505cdc68792 Mon Sep 17 00:00:00 2001
From: Kasia Kucharczyk <katarzyna.kucharczyk@polidea.com>
Date: Tue, 15 Dec 2020 19:29:21 +0100
Subject: [PATCH 3/6] Updated recent revision and filename

---
 ..._annotations.py => 4b84f97828aa_security_converge_logs.py} | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)
 rename superset/migrations/versions/{4b84f97828aa_log_converge_annotations.py => 4b84f97828aa_security_converge_logs.py} (97%)

diff --git a/superset/migrations/versions/4b84f97828aa_log_converge_annotations.py b/superset/migrations/versions/4b84f97828aa_security_converge_logs.py
similarity index 97%
rename from superset/migrations/versions/4b84f97828aa_log_converge_annotations.py
rename to superset/migrations/versions/4b84f97828aa_security_converge_logs.py
index 1a0119d49ab36..4b0e6459da665 100644
--- a/superset/migrations/versions/4b84f97828aa_log_converge_annotations.py
+++ b/superset/migrations/versions/4b84f97828aa_security_converge_logs.py
@@ -17,7 +17,7 @@
 """security converge logs
 
 Revision ID: 4b84f97828aa
-Revises: 5daced1f0e76
+Revises: ccb74baaa89b
 Create Date: 2020-12-14 13:40:46.492449
 
 """
@@ -35,7 +35,7 @@
 )
 
 revision = "4b84f97828aa"
-down_revision = "5daced1f0e76"
+down_revision = "ccb74baaa89b"
 
 NEW_PVMS = {"Log": ("can_read", "can_write",)}
 PVM_MAP = {

From c3600b01cd7130efbb91ea4b20ec305c15c58d6a Mon Sep 17 00:00:00 2001
From: Kasia Kucharczyk <katarzyna.kucharczyk@polidea.com>
Date: Wed, 16 Dec 2020 14:38:34 +0100
Subject: [PATCH 4/6] Changed name of Log perm in manager. Updated
 TestRolePermission to have correct menu and permission.

---
 superset/security/manager.py | 2 +-
 tests/security_tests.py      | 6 ++----
 2 files changed, 3 insertions(+), 5 deletions(-)

diff --git a/superset/security/manager.py b/superset/security/manager.py
index 04744879972c3..46ccbb1dc89ce 100644
--- a/superset/security/manager.py
+++ b/superset/security/manager.py
@@ -133,7 +133,7 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods
         "Refresh Druid Metadata",
         "ResetPasswordView",
         "RoleModelView",
-        "LogModelView",
+        "Log",
         "Security",
         "Row Level Security",
         "Row Level Security Filters",
diff --git a/tests/security_tests.py b/tests/security_tests.py
index 5625fd9636b1c..b92845eda5619 100644
--- a/tests/security_tests.py
+++ b/tests/security_tests.py
@@ -728,13 +728,11 @@ def test_is_admin_only(self):
             )
         )
 
-        log_permissions = ["can_list", "can_show"]
+        log_permissions = ["can_read"]
         for log_permission in log_permissions:
             self.assertTrue(
                 security_manager._is_admin_only(
-                    security_manager.find_permission_view_menu(
-                        log_permission, "LogModelView"
-                    )
+                    security_manager.find_permission_view_menu(log_permission, "Log")
                 )
             )
 

From 52e5ea2e3086747211e6f01d5147354efca721f5 Mon Sep 17 00:00:00 2001
From: Kasia Kucharczyk <katarzyna.kucharczyk@polidea.com>
Date: Wed, 16 Dec 2020 14:43:47 +0100
Subject: [PATCH 5/6] Updated latest migration revision

---
 .../versions/4b84f97828aa_security_converge_logs.py           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/superset/migrations/versions/4b84f97828aa_security_converge_logs.py b/superset/migrations/versions/4b84f97828aa_security_converge_logs.py
index 4b0e6459da665..9206ff54fb807 100644
--- a/superset/migrations/versions/4b84f97828aa_security_converge_logs.py
+++ b/superset/migrations/versions/4b84f97828aa_security_converge_logs.py
@@ -17,7 +17,7 @@
 """security converge logs
 
 Revision ID: 4b84f97828aa
-Revises: ccb74baaa89b
+Revises: c25cb2c78727
 Create Date: 2020-12-14 13:40:46.492449
 
 """
@@ -35,7 +35,7 @@
 )
 
 revision = "4b84f97828aa"
-down_revision = "ccb74baaa89b"
+down_revision = "c25cb2c78727"
 
 NEW_PVMS = {"Log": ("can_read", "can_write",)}
 PVM_MAP = {

From b8105674fd5e1f1d7cf745fa56ecb8f3239909f1 Mon Sep 17 00:00:00 2001
From: Kasia Kucharczyk <katarzyna.kucharczyk@polidea.com>
Date: Wed, 16 Dec 2020 16:37:08 +0100
Subject: [PATCH 6/6] Updated latest migration revision

---
 .../versions/4b84f97828aa_security_converge_logs.py           | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/superset/migrations/versions/4b84f97828aa_security_converge_logs.py b/superset/migrations/versions/4b84f97828aa_security_converge_logs.py
index 9206ff54fb807..51862e3430513 100644
--- a/superset/migrations/versions/4b84f97828aa_security_converge_logs.py
+++ b/superset/migrations/versions/4b84f97828aa_security_converge_logs.py
@@ -17,7 +17,7 @@
 """security converge logs
 
 Revision ID: 4b84f97828aa
-Revises: c25cb2c78727
+Revises: 45731db65d9c
 Create Date: 2020-12-14 13:40:46.492449
 
 """
@@ -35,7 +35,7 @@
 )
 
 revision = "4b84f97828aa"
-down_revision = "c25cb2c78727"
+down_revision = "45731db65d9c"
 
 NEW_PVMS = {"Log": ("can_read", "can_write",)}
 PVM_MAP = {