You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2021/11/22 17:07:52 UTC
[GitHub] [superset] michael-s-molina opened a new pull request #17511: fix: Dashboard access when DASHBOARD_RBAC is disabled
michael-s-molina opened a new pull request #17511:
URL: https://github.com/apache/superset/pull/17511
### SUMMARY
This PR fixes the security manager to also check for dashboard access when `DASHBOARD_RBAC` is disabled. Previously, if `DASHBOARD_RBAC` was disabled this piece of code was skipped:
```
can_access = (
is_user_admin()
or is_owner(dashboard, g.user)
or (dashboard.published and has_rbac_access)
)
```
### ADDITIONAL INFORMATION
- [ ] Has associated issue:
- [ ] Required feature flags:
- [ ] Changes UI
- [ ] Includes DB Migration (follow approval process in [SIP-59](https://github.com/apache/superset/issues/13351))
- [ ] Migration is atomic, supports rollback & is backwards-compatible
- [ ] Confirm DB migration upgrade and downgrade tested
- [ ] Runtime estimates and downtime expectations provided
- [ ] Introduces new feature or API
- [ ] Removes existing feature or API
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] betodealmeida commented on a change in pull request #17511: fix: Dashboard access when DASHBOARD_RBAC is disabled
Posted by GitBox <gi...@apache.org>.
betodealmeida commented on a change in pull request #17511:
URL: https://github.com/apache/superset/pull/17511#discussion_r754530288
##########
File path: tests/integration_tests/dashboards/api_tests.py
##########
@@ -395,7 +395,7 @@ def test_get_dashboard_no_data_access(self):
self.login(username="gamma")
uri = f"api/v1/dashboard/{dashboard.id}"
rv = self.client.get(uri)
- self.assertEqual(rv.status_code, 200)
+ self.assertEqual(rv.status_code, 403)
Review comment:
Nit (I know this was already using `self.assertEqual`, but might as well update it):
```suggestion
assert rv.status_code == 403
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] michael-s-molina commented on pull request #17511: fix: Dashboard access when DASHBOARD_RBAC is disabled
Posted by GitBox <gi...@apache.org>.
michael-s-molina commented on pull request #17511:
URL: https://github.com/apache/superset/pull/17511#issuecomment-975870169
@villebro @amitmiran137 these tests in `dashboard/api_tests.py` are checking for specific conditions:
```
@pytest.mark.usefixtures("load_world_bank_dashboard_with_slices")
def test_get_draft_dashboard_datasets(self):
"""
All users should have access to dashboards without roles
"""
self.login(username="gamma")
uri = "api/v1/dashboard/world_health/datasets"
response = self.get_assert_metric(uri, "get_datasets")
self.assertEqual(response.status_code, 200)
@pytest.mark.usefixtures("create_dashboards")
def test_get_draft_dashboard_charts(self):
"""
All users should have access to draft dashboards without roles
"""
self.login(username="gamma")
dashboard = self.dashboards[0]
uri = f"api/v1/dashboard/{dashboard.id}/charts"
response = self.get_assert_metric(uri, "get_charts")
assert response.status_code == 200
```
I added the following line giving access to any user if the dashboard is not published and has no roles.
https://github.com/apache/superset/blob/893595ec1a5e9d2d7b27ac7a7c7cf053905cf124/superset/security/manager.py#L1189
Can you confirm that this is the expected behavior?
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] codecov[bot] edited a comment on pull request #17511: fix: Dashboard access when DASHBOARD_RBAC is disabled
Posted by GitBox <gi...@apache.org>.
codecov[bot] edited a comment on pull request #17511:
URL: https://github.com/apache/superset/pull/17511#issuecomment-976430548
# [Codecov](https://codecov.io/gh/apache/superset/pull/17511?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#17511](https://codecov.io/gh/apache/superset/pull/17511?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (e993221) into [master](https://codecov.io/gh/apache/superset/commit/1f8eff72defe7d0b42058b799a8945c59756f730?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (1f8eff7) will **decrease** coverage by `0.21%`.
> The diff coverage is `70.00%`.
[](https://codecov.io/gh/apache/superset/pull/17511?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
```diff
@@ Coverage Diff @@
## master #17511 +/- ##
==========================================
- Coverage 76.99% 76.77% -0.22%
==========================================
Files 1046 1047 +1
Lines 56491 56505 +14
Branches 7798 7798
==========================================
- Hits 43494 43384 -110
- Misses 12741 12865 +124
Partials 256 256
```
| Flag | Coverage Δ | |
|---|---|---|
| hive | `?` | |
| mysql | `81.99% <70.00%> (-0.01%)` | :arrow_down: |
| postgres | `82.00% <70.00%> (-0.01%)` | :arrow_down: |
| presto | `?` | |
| python | `82.08% <70.00%> (-0.42%)` | :arrow_down: |
| sqlite | `81.68% <70.00%> (-0.01%)` | :arrow_down: |
Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#carryforward-flags-in-the-pull-request-comment) to find out more.
| [Impacted Files](https://codecov.io/gh/apache/superset/pull/17511?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [superset/dashboards/api.py](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvZGFzaGJvYXJkcy9hcGkucHk=) | `92.15% <50.00%> (-0.89%)` | :arrow_down: |
| [superset/security/manager.py](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvc2VjdXJpdHkvbWFuYWdlci5weQ==) | `91.86% <100.00%> (+0.02%)` | :arrow_up: |
| [superset/db\_engines/hive.py](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvZGJfZW5naW5lcy9oaXZlLnB5) | `0.00% <0.00%> (-85.19%)` | :arrow_down: |
| [superset/db\_engine\_specs/hive.py](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvZGJfZW5naW5lX3NwZWNzL2hpdmUucHk=) | `70.27% <0.00%> (-16.22%)` | :arrow_down: |
| [superset/db\_engine\_specs/presto.py](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvZGJfZW5naW5lX3NwZWNzL3ByZXN0by5weQ==) | `83.50% <0.00%> (-6.89%)` | :arrow_down: |
| [superset/commands/utils.py](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvY29tbWFuZHMvdXRpbHMucHk=) | `97.05% <0.00%> (-2.95%)` | :arrow_down: |
| [superset/views/database/mixins.py](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvdmlld3MvZGF0YWJhc2UvbWl4aW5zLnB5) | `81.03% <0.00%> (-1.73%)` | :arrow_down: |
| [superset/connectors/sqla/models.py](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvY29ubmVjdG9ycy9zcWxhL21vZGVscy5weQ==) | `86.79% <0.00%> (-1.59%)` | :arrow_down: |
| [superset/models/core.py](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvbW9kZWxzL2NvcmUucHk=) | `89.26% <0.00%> (-0.74%)` | :arrow_down: |
| [superset/db\_engine\_specs/base.py](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvZGJfZW5naW5lX3NwZWNzL2Jhc2UucHk=) | `88.20% <0.00%> (-0.39%)` | :arrow_down: |
| ... and [6 more](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | |
------
[Continue to review full report at Codecov](https://codecov.io/gh/apache/superset/pull/17511?src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by [Codecov](https://codecov.io/gh/apache/superset/pull/17511?src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Last update [1f8eff7...e993221](https://codecov.io/gh/apache/superset/pull/17511?src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] villebro commented on pull request #17511: fix: Dashboard access when DASHBOARD_RBAC is disabled
Posted by GitBox <gi...@apache.org>.
villebro commented on pull request #17511:
URL: https://github.com/apache/superset/pull/17511#issuecomment-976253519
I tagged @john-bodley and @etr2460 for reviews - can you think of a reason why dashboard access should not be enforced? The `raise_for_dashboard_access` method was added in #12875 - previously this didn't exist at all. To me it seems this access should be enforced.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] villebro commented on pull request #17511: fix: Dashboard access when DASHBOARD_RBAC is disabled
Posted by GitBox <gi...@apache.org>.
villebro commented on pull request #17511:
URL: https://github.com/apache/superset/pull/17511#issuecomment-976247249
> The original intention here was to keep the old behaviour before DASHBOARD_RBAC era where there was no enforcement to dashboard access at all
>
> But I agree that access should be enforced.
>
> There was another idea by @dpgaspar That We might want to consider switching to 404 this would prevent malicious API calls from finding out which dashboard IDs exist and which are not.
>
> Altough personaly I prefer 403
Right, I remember we were pretty prudent during review in making sure the behavior was unchanged when the feature flag was disabled. Regarding 403/404 , I'm also more a 403 type of guy for this sort of stuff, but I'm ok with 404 if that's the security pattern we've chosen.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] dpgaspar commented on a change in pull request #17511: fix: Dashboard access when DASHBOARD_RBAC is disabled
Posted by GitBox <gi...@apache.org>.
dpgaspar commented on a change in pull request #17511:
URL: https://github.com/apache/superset/pull/17511#discussion_r755020862
##########
File path: superset/dashboards/api.py
##########
@@ -327,6 +332,8 @@ def get_datasets(self, id_or_slug: str) -> Response:
$ref: '#/components/responses/400'
401:
$ref: '#/components/responses/401'
+ 403:
+ $ref: '#/components/responses/403'
Review comment:
I'm fine with returning 403, although it's more coherent with the current setup that we return 404, note that the dashboard filter is serving has security so we only "show" resources that are available to the user. Also, exposing less detailed info about why a resource is not available for access to a user the better.
RFC is not 100% clear regarding this:
https://datatracker.ietf.org/doc/html/rfc7231#section-6.5.3
https://datatracker.ietf.org/doc/html/rfc7231#section-6.5.4
it's acceptable to return 404 if we don't want to disclose that the dashboard exists but it's access is forbidden to the user.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] codecov[bot] commented on pull request #17511: fix: Dashboard access when DASHBOARD_RBAC is disabled
Posted by GitBox <gi...@apache.org>.
codecov[bot] commented on pull request #17511:
URL: https://github.com/apache/superset/pull/17511#issuecomment-976430548
# [Codecov](https://codecov.io/gh/apache/superset/pull/17511?src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) Report
> Merging [#17511](https://codecov.io/gh/apache/superset/pull/17511?src=pr&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (e993221) into [master](https://codecov.io/gh/apache/superset/commit/1f8eff72defe7d0b42058b799a8945c59756f730?el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) (1f8eff7) will **decrease** coverage by `0.21%`.
> The diff coverage is `70.00%`.
[](https://codecov.io/gh/apache/superset/pull/17511?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
```diff
@@ Coverage Diff @@
## master #17511 +/- ##
==========================================
- Coverage 76.99% 76.77% -0.22%
==========================================
Files 1046 1047 +1
Lines 56491 56505 +14
Branches 7798 7798
==========================================
- Hits 43494 43384 -110
- Misses 12741 12865 +124
Partials 256 256
```
| Flag | Coverage Δ | |
|---|---|---|
| hive | `?` | |
| mysql | `81.99% <70.00%> (-0.01%)` | :arrow_down: |
| postgres | `82.00% <70.00%> (-0.01%)` | :arrow_down: |
| presto | `?` | |
| python | `82.08% <70.00%> (-0.42%)` | :arrow_down: |
| sqlite | `81.68% <70.00%> (-0.01%)` | :arrow_down: |
Flags with carried forward coverage won't be shown. [Click here](https://docs.codecov.io/docs/carryforward-flags?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#carryforward-flags-in-the-pull-request-comment) to find out more.
| [Impacted Files](https://codecov.io/gh/apache/superset/pull/17511?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | Coverage Δ | |
|---|---|---|
| [superset/dashboards/api.py](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvZGFzaGJvYXJkcy9hcGkucHk=) | `92.15% <50.00%> (-0.89%)` | :arrow_down: |
| [superset/security/manager.py](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvc2VjdXJpdHkvbWFuYWdlci5weQ==) | `91.86% <100.00%> (+0.02%)` | :arrow_up: |
| [superset/db\_engines/hive.py](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvZGJfZW5naW5lcy9oaXZlLnB5) | `0.00% <0.00%> (-85.19%)` | :arrow_down: |
| [superset/db\_engine\_specs/hive.py](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvZGJfZW5naW5lX3NwZWNzL2hpdmUucHk=) | `70.27% <0.00%> (-16.22%)` | :arrow_down: |
| [superset/db\_engine\_specs/presto.py](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvZGJfZW5naW5lX3NwZWNzL3ByZXN0by5weQ==) | `83.50% <0.00%> (-6.89%)` | :arrow_down: |
| [superset/commands/utils.py](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvY29tbWFuZHMvdXRpbHMucHk=) | `97.05% <0.00%> (-2.95%)` | :arrow_down: |
| [superset/views/database/mixins.py](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvdmlld3MvZGF0YWJhc2UvbWl4aW5zLnB5) | `81.03% <0.00%> (-1.73%)` | :arrow_down: |
| [superset/connectors/sqla/models.py](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvY29ubmVjdG9ycy9zcWxhL21vZGVscy5weQ==) | `86.79% <0.00%> (-1.59%)` | :arrow_down: |
| [superset/models/core.py](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvbW9kZWxzL2NvcmUucHk=) | `89.26% <0.00%> (-0.74%)` | :arrow_down: |
| [superset/db\_engine\_specs/base.py](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation#diff-c3VwZXJzZXQvZGJfZW5naW5lX3NwZWNzL2Jhc2UucHk=) | `88.20% <0.00%> (-0.39%)` | :arrow_down: |
| ... and [6 more](https://codecov.io/gh/apache/superset/pull/17511/diff?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation) | |
------
[Continue to review full report at Codecov](https://codecov.io/gh/apache/superset/pull/17511?src=pr&el=continue&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
> **Legend** - [Click here to learn more](https://docs.codecov.io/docs/codecov-delta?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation)
> `Δ = absolute <relative> (impact)`, `ø = not affected`, `? = missing data`
> Powered by [Codecov](https://codecov.io/gh/apache/superset/pull/17511?src=pr&el=footer&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Last update [1f8eff7...e993221](https://codecov.io/gh/apache/superset/pull/17511?src=pr&el=lastupdated&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation). Read the [comment docs](https://docs.codecov.io/docs/pull-request-comments?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=The+Apache+Software+Foundation).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] michael-s-molina commented on a change in pull request #17511: fix: Dashboard access when DASHBOARD_RBAC is disabled
Posted by GitBox <gi...@apache.org>.
michael-s-molina commented on a change in pull request #17511:
URL: https://github.com/apache/superset/pull/17511#discussion_r755195260
##########
File path: superset/dashboards/api.py
##########
@@ -327,6 +332,8 @@ def get_datasets(self, id_or_slug: str) -> Response:
$ref: '#/components/responses/400'
401:
$ref: '#/components/responses/401'
+ 403:
+ $ref: '#/components/responses/403'
Review comment:
@dpgaspar We have other endpoints also returning 403. I'll bring this discussion to our meeting today and if we decide to return 404 I'll open another PR fixing all endpoints.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org
[GitHub] [superset] michael-s-molina merged pull request #17511: fix: Dashboard access when DASHBOARD_RBAC is disabled
Posted by GitBox <gi...@apache.org>.
michael-s-molina merged pull request #17511:
URL: https://github.com/apache/superset/pull/17511
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org