feat: customize recent activity access

[villebro]

SUMMARY

Adds a config flag ENABLE_BROAD_ACTIVITY_ACCESS that makes it possible to disable access to other users' recent activity data, both via the API and the profile page. In addition, a security manager method raise_for_user_activity_access is introduced to make it possible to fine tune who can and can't access recent activity data.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

When the flag is set to false, trying to access other users' activity data returns a 403 which is displayed on the profile page tables with the message "Access to user activity data is restricted" (in the screenshot the user is viewing another user's profile page):

With the default settings, accessing other users' activity data is allowed (current behavior unchanged):

TESTING INSTRUCTIONS

1. set ENABLE_BROAD_ACTIVITY_ACCESS = False in superset_config.py
2. login as admin
3. create a user test
4. go to /superset/profile/test
5. notice the message "Access to user activity data is restricted" in all activity tables
6. comment out ENABLE_BROAD_ACTIVITY_ACCESS flag in superset_config.py
7. go to /superset/profile/test
8. notice that access is unrestricted

ADDITIONAL INFORMATION

• Has associated issue:
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[codecov]

Codecov Report

Merging #17589 (8a5ebce) into master (2ae83fa) will increase coverage by 0.01%.
The diff coverage is 91.83%.

❗ Current head 8a5ebce differs from pull request most recent head fda6f0a. Consider uploading reports for the commit fda6f0a to get more accurate results

@@            Coverage Diff             @@
##           master   #17589      +/-   ##
==========================================
+ Coverage   68.85%   68.86%   +0.01%     
==========================================
  Files        1597     1597              
  Lines       65251    65283      +32     
  Branches     6950     6950              
==========================================
+ Hits        44927    44959      +32     
  Misses      18439    18439              
  Partials     1885     1885              

Flag	Coverage Δ
hive	81.71% <93.02%> (+0.01%)	⬆️
mysql	82.12% <93.02%> (+0.01%)	⬆️
postgres	82.13% <93.02%> (+0.01%)	⬆️
python	82.48% <93.02%> (+0.01%)	⬆️
sqlite	81.82% <93.02%> (+0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...ugins/legacy-plugin-chart-calendar/src/Calendar.js	0.00% <ø> (ø)
...legacy-plugin-chart-calendar/src/transformProps.js	0.00% <0.00%> (ø)
superset/views/core.py	77.80% <91.66%> (+0.42%)	⬆️
...rset-frontend/src/components/TableLoader/index.tsx	96.77% <100.00%> (ø)
superset/config.py	91.58% <100.00%> (+0.02%)	⬆️
superset/errors.py	94.28% <100.00%> (+0.08%)	⬆️
superset/security/manager.py	91.96% <100.00%> (+0.10%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 2ae83fa...fda6f0a. Read the comment docs.

[kgabryje]

2 minor nits, otherwise looks and works great!

[geido]

LGTM!