-
Notifications
You must be signed in to change notification settings - Fork 13.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: Dashboard Level Access : dashboard lists #10594
feat: Dashboard Level Access : dashboard lists #10594
Conversation
We would appreciate it if you could provide us with more info about this issue/pr! Please do not leave the |
Codecov Report
@@ Coverage Diff @@
## master #10594 +/- ##
==========================================
+ Coverage 61.64% 61.69% +0.04%
==========================================
Files 815 816 +1
Lines 38498 38646 +148
Branches 3620 3620
==========================================
+ Hits 23733 23843 +110
- Misses 14579 14617 +38
Partials 186 186
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
feat delete dashboard permission on delete dashboard
# Conflicts: # superset/models/dashboard.py
test are failing bc of the after insert that prevents fetching the dashboard with FK relationships
superset/models/dashboard.py
Outdated
@@ -496,3 +548,13 @@ def event_after_dashboard_changed( # pylint: disable=unused-argument | |||
if is_feature_enabled("THUMBNAILS_SQLA_LISTENERS"): | |||
sqla.event.listen(Dashboard, "after_insert", event_after_dashboard_changed) | |||
sqla.event.listen(Dashboard, "after_update", event_after_dashboard_changed) | |||
|
|||
|
|||
sqla.event.listen(Dashboard, "after_insert", SecuredMixin.after_insert) |
This comment was marked as resolved.
This comment was marked as resolved.
Sorry, something went wrong.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
some more details
We implemented it by subscribing to 'after_insert' event and insert the new objects by using the passed connection
feat delete dashboard permission on delete dashboard
…g and end of relevant tests
…beginning and end of relevant tests" This reverts commit bf1b80c
…l_access/dashboard_by_id_endpoints * upstream/master: (29 commits) fix(presto): default unknown types to string type (apache#10753) feat(row-level-security): add base filter type and filter grouping (apache#10946) docs: add gallery screenshot & link in README (apache#10988) docs: add a "Gallery" page (apache#10968) build: add PR lint action (apache#10990) adding filters back that caused issues (apache#10989) chore: selectors refactor in SQLLab test suite (Cypress) (apache#10944) ESLint: Remove ts-ignore comments (apache#10933) style: fix checkbox color (apache#10970) fix: changed disabled rules in datasets module (apache#10979) fix: update the time filter for 'Last Year' option in explore (apache#10829) fix: use nullpool even for user lookup in the celery (apache#10938) Allow empty observations in alerting (apache#10939) fix: re-enabling several globally disabled lint rules (apache#10957) fix: setting specific exceptions common/query_context.py (apache#10942) Pylint disabled rule `pointless-string-statement` is not raising warining anymore - removing (apache#10975) fix: pylint disabled rules in dashboard/api.py (apache#10976) fix: removed disabled lint rule `too-many-locals` in connectors/base/models.py (apache#10958) ESLint: Re-enable rule no-access-state-in-setstate (apache#10870) fix: simply is_adhoc_metric (apache#10964) ...
…boards_permissions * upstream/master: (46 commits) fix: surface connection error messages on the client (apache#11077) fix(jest): using UTC mock date (apache#11079) removing unused component (apache#11072) changing to the correct hex color (apache#11073) style: remove unecessary padding (apache#11071) fix: database list checkboxes (apache#11068) feat: adding all icons from the design system to the codebase (apache#11033) fix: sql lab autocomplete width (apache#11063) clickable labels have outlines, storybook shows them (apache#11034) fixed routes for customer in docs (apache#11052) Revert "style: fix checkbox color (apache#10970)" (apache#11051) feat: add "created by" to dashboard CRUD view (apache#11030) Changed `tags.py` and `helpers.py` in `models` module: removed disabled pylint rule `unused_import`, changed unused arguments to private and removed disabled rule `unused-argument. Removed redundant rules.` (apache#11037) chore: updated lint rules in models module (apache#11036) Removed disable global pytlint rule `standarderror-builtin` which isn't appearing for Python3 (apache#11038) Enabled argument-differ for bulk_delete (apache#11039) Enabled no-self-use pylint rule in security. Formatter (apache#11041) Changed variable name from capitals to lowercase and changed lint rule (apache#11044) Revert "ESLint: Re-enable rule default-props-match-prop-types (apache#10868)" (apache#11050) feat(saved_queries): add custom api filter for all string & text fields (apache#11031) ... # Conflicts: # superset/config.py # tests/dashboards/api_tests.py
…boards_permissions * upstream/master: (46 commits) fix: surface connection error messages on the client (apache#11077) fix(jest): using UTC mock date (apache#11079) removing unused component (apache#11072) changing to the correct hex color (apache#11073) style: remove unecessary padding (apache#11071) fix: database list checkboxes (apache#11068) feat: adding all icons from the design system to the codebase (apache#11033) fix: sql lab autocomplete width (apache#11063) clickable labels have outlines, storybook shows them (apache#11034) fixed routes for customer in docs (apache#11052) Revert "style: fix checkbox color (apache#10970)" (apache#11051) feat: add "created by" to dashboard CRUD view (apache#11030) Changed `tags.py` and `helpers.py` in `models` module: removed disabled pylint rule `unused_import`, changed unused arguments to private and removed disabled rule `unused-argument. Removed redundant rules.` (apache#11037) chore: updated lint rules in models module (apache#11036) Removed disable global pytlint rule `standarderror-builtin` which isn't appearing for Python3 (apache#11038) Enabled argument-differ for bulk_delete (apache#11039) Enabled no-self-use pylint rule in security. Formatter (apache#11041) Changed variable name from capitals to lowercase and changed lint rule (apache#11044) Revert "ESLint: Re-enable rule default-props-match-prop-types (apache#10868)" (apache#11050) feat(saved_queries): add custom api filter for all string & text fields (apache#11031) ... # Conflicts: # superset/config.py # tests/dashboards/api_tests.py
…missions' into feat/add_all_dashboards_permissions * ofekNIelsen/feat/add_all_dashboards_permissions: # Conflicts: # tests/dashboards/api_tests.py # tests/dashboards/dashboard_test_utils.py
@@ -308,6 +308,7 @@ def _try_json_readsha( # pylint: disable=unused-argument | |||
"TAGGING_SYSTEM": False, | |||
"SQLLAB_BACKEND_PERSISTENCE": False, | |||
"LISTVIEWS_DEFAULT_CARD_VIEW": False, | |||
"DASHBOARD_LEVEL_ACCESS": False, | |||
} | |||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
move DASHBOARD_LEVEL_MODE=[""] as a config
Summary
As the first phase of SIP-51 "Proposal for Dashboard Level Access", added dashboard permission enforcement for getting dashboards list (via superset API or view).
The feature is activated by turn the flag "DASHBOARD_LEVEL_ACCESS" on.
When request to get dashboard list is handled, the "dashboard filter" filter the dashboards by the user dashboard access permissions, indeed answer the question does the user have "all dashboards permissions" or permissions for specific dashboards.
As default behavior, Gamma users have all dashboards access permission
On create/edit/copy dashboards - dashboards view menu and permissionView are created/updated.
On delete, the dashboards view menu and permissionView are deleted
On superset init phase (while the flag is on) - permissions created for all the exists dashboards.
TEST PLAN
Added new github action: Feature Flag - Dashboard Level Access
Using "pytest skip-if" on tests which tests previous logic (when the flag is off)
ADDITIONAL INFORMATION
With the feature, we have tried to increase the quality of the code by meeting the standard programming principles:
Don't Repeat Yourself principle
Separation Of Concerns and Single Responsibility principles
Tests - dashboard test refactor
Python best practises
resolve #10408