Use the User.permissions property instead of groups.

redash/models.py

@@ -19,16 +19,17 @@ class BaseModel(db.Model):
 
 class AnonymousUser(AnonymousUserMixin):
     @property
-    def groups(self):
+    def permissions(self):
         return []
 
+
 class ApiUser(UserMixin):
     def __init__(self, api_key):
         self.id = api_key
 
     @property
-    def groups(self):
-        return ['api']
+    def permissions(self):
+        return ['view_query']
 
 
 class Group(BaseModel):
@@ -419,11 +420,12 @@ class Widget(BaseModel):
 
 all_models = (DataSource, User, QueryResult, Query, Dashboard, Visualization, Widget, ActivityLog, Group)
 
+
 def init_db():
     Group.insert(name='admin', permissions=['admin'], tables=['*']).execute()
-    Group.insert(name='api', permissions=['view_query'], tables=['*']).execute()
     Group.insert(name='default', permissions=Group.DEFAULT_PERMISSIONS, tables=['*']).execute()
 
+
 def create_db(create_tables, drop_tables):
     db.connect_db()
 

redash/permissions.py

@@ -1,6 +1,4 @@
 import functools
-import itertools
-import models
 from flask.ext.login import current_user
 from flask.ext.restful import abort
 
@@ -12,13 +10,8 @@ class require_permissions(object):
     def __call__(self, fn):
         @functools.wraps(fn)
         def decorated(*args, **kwargs):
-            if len(current_user.groups) > 0:
-                permissions = list(itertools.chain(*[g.permissions for g in models.Group.select().where(models.Group.name << current_user.groups)]))
-            else:
-                permissions = []
-            
             has_permissions = reduce(lambda a, b: a and b,
-                                      map(lambda permission: permission in permissions,
+                                      map(lambda permission: permission in current_user.permissions,
                                           self.permissions),
                                       True)