feat: Dashboard Level Access : dashboard lists #10594
Closed
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
We would appreciate it if you could provide us with more info about this issue/pr! Please do not leave the |
Codecov Report
@@ Coverage Diff @@
## master #10594 +/- ##
==========================================
+ Coverage 61.64% 61.69% +0.04%
==========================================
Files 815 816 +1
Lines 38498 38646 +148
Branches 3620 3620
==========================================
+ Hits 23733 23843 +110
- Misses 14579 14617 +38
Partials 186 186
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
feat delete dashboard permission on delete dashboard
# Conflicts: # superset/models/dashboard.py
test are failing bc of the after insert that prevents fetching the dashboard with FK relationships
superset/models/dashboard.py
Outdated
| @@ -496,3 +548,13 @@ def event_after_dashboard_changed( # pylint: disable=unused-argument | |||
| if is_feature_enabled("THUMBNAILS_SQLA_LISTENERS"): | |||
| sqla.event.listen(Dashboard, "after_insert", event_after_dashboard_changed) | |||
| sqla.event.listen(Dashboard, "after_update", event_after_dashboard_changed) | |||
|
|
|||
|
|
|||
| sqla.event.listen(Dashboard, "after_insert", SecuredMixin.after_insert) | |||
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
There was a problem hiding this comment.
some more details
We implemented it by subscribing to 'after_insert' event and insert the new objects by using the passed connection
added 7 commits
August 26, 2020 13:35
feat delete dashboard permission on delete dashboard
added 18 commits
September 18, 2020 06:39
…g and end of relevant tests
…beginning and end of relevant tests" This reverts commit bf1b80c
Ofeknielsen
changed the title
Ofeknielsen
changed the title
…l_access/dashboard_by_id_endpoints * upstream/master: (29 commits) fix(presto): default unknown types to string type (apache#10753) feat(row-level-security): add base filter type and filter grouping (apache#10946) docs: add gallery screenshot & link in README (apache#10988) docs: add a "Gallery" page (apache#10968) build: add PR lint action (apache#10990) adding filters back that caused issues (apache#10989) chore: selectors refactor in SQLLab test suite (Cypress) (apache#10944) ESLint: Remove ts-ignore comments (apache#10933) style: fix checkbox color (apache#10970) fix: changed disabled rules in datasets module (apache#10979) fix: update the time filter for 'Last Year' option in explore (apache#10829) fix: use nullpool even for user lookup in the celery (apache#10938) Allow empty observations in alerting (apache#10939) fix: re-enabling several globally disabled lint rules (apache#10957) fix: setting specific exceptions common/query_context.py (apache#10942) Pylint disabled rule `pointless-string-statement` is not raising warining anymore - removing (apache#10975) fix: pylint disabled rules in dashboard/api.py (apache#10976) fix: removed disabled lint rule `too-many-locals` in connectors/base/models.py (apache#10958) ESLint: Re-enable rule no-access-state-in-setstate (apache#10870) fix: simply is_adhoc_metric (apache#10964) ...
amitmiran137
approved these changes
Sep 22, 2020
Ofeknielsen
changed the title
added 5 commits
September 23, 2020 22:43
…boards_permissions * upstream/master: (46 commits) fix: surface connection error messages on the client (apache#11077) fix(jest): using UTC mock date (apache#11079) removing unused component (apache#11072) changing to the correct hex color (apache#11073) style: remove unecessary padding (apache#11071) fix: database list checkboxes (apache#11068) feat: adding all icons from the design system to the codebase (apache#11033) fix: sql lab autocomplete width (apache#11063) clickable labels have outlines, storybook shows them (apache#11034) fixed routes for customer in docs (apache#11052) Revert "style: fix checkbox color (apache#10970)" (apache#11051) feat: add "created by" to dashboard CRUD view (apache#11030) Changed `tags.py` and `helpers.py` in `models` module: removed disabled pylint rule `unused_import`, changed unused arguments to private and removed disabled rule `unused-argument. Removed redundant rules.` (apache#11037) chore: updated lint rules in models module (apache#11036) Removed disable global pytlint rule `standarderror-builtin` which isn't appearing for Python3 (apache#11038) Enabled argument-differ for bulk_delete (apache#11039) Enabled no-self-use pylint rule in security. Formatter (apache#11041) Changed variable name from capitals to lowercase and changed lint rule (apache#11044) Revert "ESLint: Re-enable rule default-props-match-prop-types (apache#10868)" (apache#11050) feat(saved_queries): add custom api filter for all string & text fields (apache#11031) ... # Conflicts: # superset/config.py # tests/dashboards/api_tests.py
…boards_permissions * upstream/master: (46 commits) fix: surface connection error messages on the client (apache#11077) fix(jest): using UTC mock date (apache#11079) removing unused component (apache#11072) changing to the correct hex color (apache#11073) style: remove unecessary padding (apache#11071) fix: database list checkboxes (apache#11068) feat: adding all icons from the design system to the codebase (apache#11033) fix: sql lab autocomplete width (apache#11063) clickable labels have outlines, storybook shows them (apache#11034) fixed routes for customer in docs (apache#11052) Revert "style: fix checkbox color (apache#10970)" (apache#11051) feat: add "created by" to dashboard CRUD view (apache#11030) Changed `tags.py` and `helpers.py` in `models` module: removed disabled pylint rule `unused_import`, changed unused arguments to private and removed disabled rule `unused-argument. Removed redundant rules.` (apache#11037) chore: updated lint rules in models module (apache#11036) Removed disable global pytlint rule `standarderror-builtin` which isn't appearing for Python3 (apache#11038) Enabled argument-differ for bulk_delete (apache#11039) Enabled no-self-use pylint rule in security. Formatter (apache#11041) Changed variable name from capitals to lowercase and changed lint rule (apache#11044) Revert "ESLint: Re-enable rule default-props-match-prop-types (apache#10868)" (apache#11050) feat(saved_queries): add custom api filter for all string & text fields (apache#11031) ... # Conflicts: # superset/config.py # tests/dashboards/api_tests.py
…missions' into feat/add_all_dashboards_permissions * ofekNIelsen/feat/add_all_dashboards_permissions: # Conflicts: # tests/dashboards/api_tests.py # tests/dashboards/dashboard_test_utils.py
| @@ -308,6 +308,7 @@ def _try_json_readsha( # pylint: disable=unused-argument | |||
| "TAGGING_SYSTEM": False, | |||
| "SQLLAB_BACKEND_PERSISTENCE": False, | |||
| "LISTVIEWS_DEFAULT_CARD_VIEW": False, | |||
| "DASHBOARD_LEVEL_ACCESS": False, | |||
| } | |||
|
|
|||
There was a problem hiding this comment.
move DASHBOARD_LEVEL_MODE=[""] as a config
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
As the first phase of SIP-51 "Proposal for Dashboard Level Access", added dashboard permission enforcement for getting dashboards list (via superset API or view).
The feature is activated by turn the flag "DASHBOARD_LEVEL_ACCESS" on.
When request to get dashboard list is handled, the "dashboard filter" filter the dashboards by the user dashboard access permissions, indeed answer the question does the user have "all dashboards permissions" or permissions for specific dashboards.
As default behavior, Gamma users have all dashboards access permission
On create/edit/copy dashboards - dashboards view menu and permissionView are created/updated.
On delete, the dashboards view menu and permissionView are deleted
On superset init phase (while the flag is on) - permissions created for all the exists dashboards.
TEST PLAN
Added new github action: Feature Flag - Dashboard Level Access
Using "pytest skip-if" on tests which tests previous logic (when the flag is off)
ADDITIONAL INFORMATION
With the feature, we have tried to increase the quality of the code by meeting the standard programming principles:
Don't Repeat Yourself principle
Separation Of Concerns and Single Responsibility principles
Tests - dashboard test refactor
Python best practises
resolve #10408