You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@superset.apache.org by su...@apache.org on 2021/12/11 10:40:42 UTC

[superset] branch guest-token-authz updated (048d4b2 -> 52c453b)

This is an automated email from the ASF dual-hosted git repository.

suddjian pushed a change to branch guest-token-authz
in repository https://gitbox.apache.org/repos/asf/superset.git.


    from 048d4b2  guest token dashboard authz
     new 07a78b2  adjust csrf exempt list
     new 52c453b  eums don't work that way

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 superset/config.py             | 6 +++++-
 superset/dashboards/filters.py | 2 +-
 2 files changed, 6 insertions(+), 2 deletions(-)

[superset] 02/02: eums don't work that way

Posted by su...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

suddjian pushed a commit to branch guest-token-authz
in repository https://gitbox.apache.org/repos/asf/superset.git

commit 52c453bad27b6ffc5cbee6dd9d8acf7ae0771362
Author: David Aaron Suddjian <aa...@gmail.com>
AuthorDate: Sat Dec 11 02:35:35 2021 -0800

    eums don't work that way
---
 superset/dashboards/filters.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/superset/dashboards/filters.py b/superset/dashboards/filters.py
index 3d49978..e398af9 100644
--- a/superset/dashboards/filters.py
+++ b/superset/dashboards/filters.py
@@ -137,7 +137,7 @@ class DashboardAccessFilter(BaseFilter):  # pylint: disable=too-few-public-metho
             embedded_dashboard_ids = [
                 r["id"]
                 for r in guest_user.resources
-                if r["type"] == GuestTokenResourceType.DASHBOARD
+                if r["type"] == GuestTokenResourceType.DASHBOARD.value
             ]
             if len(embedded_dashboard_ids) != 0:
                 feature_flagged_filters.append(Dashboard.id.in_(embedded_dashboard_ids))

[superset] 01/02: adjust csrf exempt list

Posted by su...@apache.org.

This is an automated email from the ASF dual-hosted git repository.

suddjian pushed a commit to branch guest-token-authz
in repository https://gitbox.apache.org/repos/asf/superset.git

commit 07a78b232c10958840267a518c692ba4602024e9
Author: David Aaron Suddjian <aa...@gmail.com>
AuthorDate: Sat Dec 11 02:35:24 2021 -0800

    adjust csrf exempt list
---
 superset/config.py | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/superset/config.py b/superset/config.py
index 2ff2f1a..f7a5bc5 100644
--- a/superset/config.py
+++ b/superset/config.py
@@ -191,7 +191,11 @@ QUERY_SEARCH_LIMIT = 1000
 WTF_CSRF_ENABLED = True
 
 # Add endpoints that need to be exempt from CSRF protection
-WTF_CSRF_EXEMPT_LIST = ["superset.views.core.log", "superset.charts.data.api.data"]
+WTF_CSRF_EXEMPT_LIST = [
+    "superset.views.core.log",
+    "superset.views.core.explore_json",
+    "superset.charts.data.api.data",
+]
 
 # Whether to run the web server in debug mode or not
 DEBUG = os.environ.get("FLASK_ENV") == "development"