apache · jinghua-qa · Apr 17, 2022 · Apr 14, 2022 · Apr 13, 2022 · eschutho
diff --git a/superset/databases/api.py b/superset/databases/api.py
@@ -169,10 +169,7 @@ class DatabaseRestApi(BaseSupersetModelRestApi):
 
     edit_columns = add_columns
 
-    search_filters = {
-        "allow_file_upload": [DatabaseUploadEnabledFilter],
-        "expose_in_sqllab": [DatabaseFilter],
-    }
+    search_filters = {"allow_file_upload": [DatabaseUploadEnabledFilter]}
 
     list_select_columns = list_columns + ["extra", "sqlalchemy_uri", "password"]
     order_columns = [

diff --git a/superset/databases/filters.py b/superset/databases/filters.py
@@ -69,8 +69,6 @@ class DatabaseUploadEnabledFilter(BaseFilter):  # pylint: disable=too-few-public
     def apply(self, query: Query, value: Any) -> Query:
         filtered_query = query.filter(Database.allow_file_upload)
 
-        database_perms = security_manager.user_view_menu_names("database_access")
-        schema_access_databases = can_access_databases("schema_access")
         datasource_access_databases = can_access_databases("datasource_access")
 
         if hasattr(g, "user"):
@@ -82,19 +80,10 @@ def apply(self, query: Query, value: Any) -> Query:
             if len(allowed_schemas):
                 return filtered_query
 
-        filtered_query = filtered_query.filter(
+        return filtered_query.filter(
             or_(
                 cast(Database.extra, JSON)["schemas_allowed_for_file_upload"]
                 is not None,
                 cast(Database.extra, JSON)["schemas_allowed_for_file_upload"] != [],
             )
         )
-
-        return filtered_query.filter(
-            or_(
-                self.model.perm.in_(database_perms),
-                self.model.database_name.in_(
-                    [*schema_access_databases, *datasource_access_databases]
-                ),
-            )
-        )
diff --git a/tests/integration_tests/databases/api_tests.py b/tests/integration_tests/databases/api_tests.py
@@ -1135,7 +1135,7 @@ def test_get_allow_file_upload_false_csv(self):
             uri = f"api/v1/database/?q={prison.dumps(arguments)}"
             rv = self.client.get(uri)
             data = json.loads(rv.data.decode("utf-8"))
-            assert data["count"] == 0
+            assert data["count"] == 1
 
     def test_get_allow_file_upload_filter_no_permission(self):
         """