dpgaspar/Flask-AppBuilder

base_filters: g.user – AttributeError: 'user'

schrecksim opened this issue · 2 comments

Environment

Flask-Appbuilder version: 4.3.6

pip freeze output:

  • aiohttp==3.8.4
  • aiosignal==1.3.1
  • alembic==1.11.1
  • apispec==6.3.0
  • async-timeout==4.0.2
  • attrs==23.1.0
  • Babel==2.12.1
  • black==23.3.0
  • blinker==1.6.2
  • boto3==1.24.59
  • boto3-stubs==1.26.151
  • botocore==1.27.96
  • botocore-stubs==1.29.151
  • certifi==2023.5.7
  • cffi==1.15.1
  • charset-normalizer==3.1.0
  • click==8.1.3
  • colorama==0.4.6
  • coverage==7.2.7
  • cryptography==41.0.1
  • Deprecated==1.2.14
  • dnspython==2.3.0
  • docker==6.1.3
  • email-validator==1.3.1
  • exceptiongroup==1.1.1
  • flake8==6.0.0
  • Flask==2.3.2
  • Flask-AppBuilder==4.3.6
  • Flask-Babel==2.0.0
  • Flask-JWT-Extended==4.5.2
  • Flask-Limiter==3.3.1
  • Flask-Login==0.6.2
  • Flask-Migrate==4.0.4
  • Flask-SQLAlchemy==2.5.1
  • Flask-WTF==1.1.1
  • freezegun==1.2.2
  • frozenlist==1.3.3
  • ghp-import==2.1.0
  • greenlet==2.0.2
  • griffe==0.29.0
  • idna==3.4
  • importlib-resources==5.12.0
  • iniconfig==2.0.0
  • invoke==1.7.3
  • isort==5.12.0
  • itsdangerous==2.1.2
  • Jinja2==3.1.2
  • jmespath==1.0.1
  • jsonschema==4.17.3
  • limits==3.5.0
  • Mako==1.2.4
  • Markdown==3.3.7
  • markdown-it-py==2.2.0
  • MarkupSafe==2.1.3
  • marshmallow==3.19.0
  • marshmallow-sqlalchemy==0.26.1
  • mccabe==0.7.0
  • mdurl==0.1.2
  • mergedeep==1.3.4
  • mike==1.1.2
  • mkdocs==1.4.3
  • mkdocs-autorefs==0.4.1
  • mkdocs-gen-files==0.5.0
  • mkdocs-literate-nav==0.6.0
  • mkdocs-material==9.1.15
  • mkdocs-material-extensions==1.1.1
  • mkdocs-section-index==0.3.5
  • mkdocstrings==0.22.0
  • mkdocstrings-python==0.10.1
  • moto==4.1.11
  • multidict==6.0.4
  • mypy==1.3.0
  • mypy-boto3-cloudformation==1.26.149
  • mypy-boto3-dynamodb==1.26.115
  • mypy-boto3-ec2==1.26.147
  • mypy-boto3-lambda==1.26.147
  • mypy-boto3-rds==1.26.144
  • mypy-boto3-s3==1.26.127
  • mypy-boto3-sqs==1.26.148
  • mypy-boto3-ssm==1.26.97
  • mypy-boto3-stepfunctions==1.26.21
  • mypy-boto3-sts==1.26.136
  • mypy-extensions==1.0.0
  • ordered-set==4.1.0
  • packaging==23.1
  • pathspec==0.11.1
  • platformdirs==3.5.3
  • pluggy==1.0.0
  • prison==0.2.1
  • psycopg2-binary==2.9.6
  • pycodestyle==2.10.0
  • pycparser==2.21
  • pydantic==1.10.9
  • pyflakes==3.0.1
  • Pygments==2.15.1
  • PyJWT==2.7.0
  • pymdown-extensions==9.11
  • pyrsistent==0.19.3
  • pytest==7.3.2
  • pytest-cov==4.1.0
  • python-dateutil==2.8.2
  • python-dotenv==0.21.1
  • pytz==2022.7.1
  • PyYAML==6.0
  • pyyaml_env_tag==0.1
  • regex==2023.6.3
  • requests==2.31.0
  • responses==0.23.1
  • rich==13.4.1
  • s3transfer==0.6.1
  • six==1.16.0
  • SQLAlchemy==1.4.48
  • SQLAlchemy-Utils==0.41.1
  • tomli==2.0.1
  • types-awscrt==0.16.19
  • types-PyYAML==6.0.12.10
  • types-s3transfer==0.6.1
  • typing_extensions==4.6.3
  • urllib3==1.26.16
  • verspec==0.1.0
  • watchdog==3.0.0
  • websocket-client==1.5.3
  • Werkzeug==2.3.6
  • wrapt==1.15.0
  • WTForms==3.0.1
  • xmltodict==0.13.0
  • yarl==1.9.2

Describe the expected results

The g.user should return the username to filter on it.
If I place a string like UserGlobalProvider.username == 'someuser' it works totally fine.
The g.user should return the username, if possible, as a string to use it like shown below.

I know that probably I could do the solution shorter like:
def get_user_ben():
return g.user.ben_id

but it needs to work like that as well for getting user information in other context of the application as well.

# my sec_models file
class UserGlobalProvider(User):

        __tablename__ = 'ab_user'
        
            ben_id = Column(VARCHAR(19))
        
            def __repr__(self):
                return self.username

# view utils file
def get_user_ben():
    user_ben_id = app_builder.session.query(UserGlobalProvider.ben_id).filter(UserGlobalProvider.username == g.user)
    return user_ben_id

# view file
base_filters = [['ben_id', FilterEqual, get_user_ben()]]

Describe the actual results

Failed to create app.
Traceback (most recent call last):
  File "/home/simon/workspace/meta-map-ui/meta_map_ui/app.py", line 28, in create_app
    init_views()
  File "/home/simon/workspace/meta-map-ui/meta_map_ui/views/tech/data_domain.py", line 9, in <module>
    from ..data.models import DataModelsView
  File "/home/simon/workspace/meta-map-ui/meta_map_ui/views/data/models.py", line 24, in <module>
    class DataModelsBaseView(BaseClassViewQuality):
  File "/home/simon/workspace/meta-map-ui/meta_map_ui/views/data/models.py", line 62, in DataModelsBaseView
    base_filters = [['ben_id', FilterEqual, get_user_ben()]]
  File "/home/simon/workspace/meta-map-ui/meta_map_ui/views/view_utils.py", line 27, in get_user_ben
    user_ben_id = app_builder.session.query(UserGlobalProvider.ben_id).filter(UserGlobalProvider.username == g.user)
  File "/home/simon/workspace/meta-map-ui/.venv/lib/python3.10/site-packages/flask/ctx.py", line 54, in __getattr__
    raise AttributeError(name) from None
AttributeError: user

It seems that the g.user isn't set, although besides what is written above there is nothing else done to the security manager than shown above with a sec_view to implement the new attribute ben_id. The sec.py file is also done like written in the documentation.

Hey,

I can't test the code right now, but I think that the problem is with the way the base filter is written. What you want is this:

from flask_appbuilder.models.sqla.filters import FilterEqualFunction
base_filters = [['ben_id', FilterEqualFunction, get_user_ben]]

The two changes are using FilterEqualFunction instead of Filter Equal (obviously) and only giving the function without calling it right away (might be easier to overlook :)).
See also here in the documentation: https://flask-appbuilder.readthedocs.io/en/latest/advanced.html#base-filtering
And i recommend scanning this page to get an idea of what filters are available to you: https://github.com/dpgaspar/Flask-AppBuilder/blob/master/flask_appbuilder/models/sqla/filters.py#L17

To add some context: FAB tries to evaluate your filter when starting the app, at which point there is no g.user available. That's why the error points at Flask not being able to start the app instead of the error occuring when trying to access the view. The new code let's FAB evaluate the filter when accessing the view, so now you have g.user and everything should work out nicely.

Let me know if it's still not working!

Works now, thanks for your support. I wasn't aware about the difference between FilterEqual & FilterEqualFunction. Thanks for explaining.