fix: revert back to use security manager authz for dashboard when get by uuid

[zephyring]

SUMMARY

The patch breaks some folks functionality around report schedule for draft dashboard, permalink. This PR should:

1. bring back access check from security manager when getting dashboard by id_or_slug.
2. don't apply Dashboard base filter if it's getting by uuid.
3. dashboard create permalink should use the uuid. This allows whoever has permalink to be able to access dashboard after access check from security manager.
4. update report execution to use the dashboard uuid link rather than the int link.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

• Has associated issue:
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[codecov]

Codecov Report

Merging #23330 (3a1e788) into master (b99d38d) will increase coverage by 1.76%.
The diff coverage is 84.75%.

❗ Current head 3a1e788 differs from pull request most recent head c117aaa. Consider uploading reports for the commit c117aaa to get more accurate results

@@            Coverage Diff             @@
##           master   #23330      +/-   ##
==========================================
+ Coverage   65.81%   67.58%   +1.76%     
==========================================
  Files        1910     1907       -3     
  Lines       73471    73507      +36     
  Branches     7975     7977       +2     
==========================================
+ Hits        48357    49677    +1320     
+ Misses      23065    21782    -1283     
+ Partials     2049     2048       -1     

Flag	Coverage Δ
hive	52.76% <40.17%> (-0.01%)	⬇️
mysql	78.45% <83.92%> (?)
postgres	78.52% <84.82%> (+0.03%)	⬆️
presto	52.68% <40.17%> (?)
python	82.30% <92.85%> (+3.56%)	⬆️
sqlite	77.00% <83.92%> (+0.03%)	⬆️
unit	52.48% <54.46%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...rt-controls/src/shared-controls/customControls.tsx	17.39% <0.00%> (ø)
...-core/src/hooks/useChangeEffect/useChangeEffect.ts	100.00% <ø> (ø)
...hooks/useComponentDidMount/useComponentDidMount.ts	100.00% <ø> (ø)
...oks/useComponentDidUpdate/useComponentDidUpdate.ts	100.00% <ø> (ø)
...src/hooks/useElementOnScreen/useElementOnScreen.ts	100.00% <ø> (ø)
...erset-ui-core/src/hooks/usePrevious/usePrevious.ts	100.00% <ø> (ø)
...re/src/hooks/useTruncation/useCSSTextTruncation.ts	100.00% <ø> (ø)
...c/hooks/useTruncation/useChildElementTruncation.ts	100.00% <ø> (ø)
...d/src/SqlLab/components/AceEditorWrapper/index.tsx	59.25% <ø> (ø)
...frontend/src/SqlLab/components/ResultSet/index.tsx	62.65% <ø> (ø)
... and 117 more

... and 62 files with indirect coverage changes

📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more

[dpgaspar]

this will not apply any security settings in here

[zephyring]

the check from security manager will still apply at below, as the base defense line, even though we have the cls.base_filter applied on int id.

[dpgaspar]

Looking good, can you add an integration test for the API where the request by uuid?

[dpgaspar]

should we change this method name to get_by_id_slug_or_uuid?

[zephyring]

maybe a better naming could just be get_by_identifier but it could touches too many files if we want to change every id_or_slug to identifier. Note that uuid is also id in general though. So I think this naming should be fine.

[dpgaspar]

should we change this method name also?