You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2019/01/13 05:01:03 UTC
[GitHub] mistercrunch commented on a change in pull request #4725: Add
"Published" feature to dashboards
mistercrunch commented on a change in pull request #4725: Add "Published" feature to dashboards
URL: https://github.com/apache/incubator-superset/pull/4725#discussion_r247334045
##########
File path: superset/views/core.py
##########
@@ -94,36 +95,54 @@ def apply(self, query, func): # noqa
class DashboardFilter(SupersetFilter):
+ """
+ List dashboards with the following criteria:
+ 1. Those which the user owns
+ 2. Those which the user has favorited
+ 3. Those which have been published (if they have access to at least one slice)
- """List dashboards for which users have access to at least one slice or are owners"""
+ Show all dashboards for users which have the 'all_datasource_access' permission
+ """
def apply(self, query, func): # noqa
+ Dash = models.Dashboard
+ User = ab_models.User
+ Slice = models.Slice # noqa
+ Favorites = models.FavStar
+
+ # If user has all_datasource_access, show all dashboards
if security_manager.all_datasource_access():
return query
- Slice = models.Slice # noqa
- Dash = models.Dashboard # noqa
- User = security_manager.user_model
- # TODO(bogdan): add `schema_access` support here
+
datasource_perms = self.get_view_menus('datasource_access')
- slice_ids_qry = (
- db.session
- .query(Slice.id)
- .filter(Slice.perm.in_(datasource_perms))
- )
- owner_ids_qry = (
- db.session
- .query(Dash.id)
- .join(Dash.owners)
- .filter(User.id == User.get_user_id())
- )
- query = query.filter(
- or_(Dash.id.in_(
- db.session.query(Dash.id)
- .distinct()
+
+ published_dash_query = (
+ db.session.query(Dash.id)
.join(Dash.slices)
- .filter(Slice.id.in_(slice_ids_qry)),
- ), Dash.id.in_(owner_ids_qry)),
+ .filter(sqla.and_(Dash.published == True, # noqa
+ Slice.perm.in_(list(datasource_perms))))
)
+
+ if not g.user.is_anonymous:
+ users_favorite_dash_query = (
+ db.session.query(Favorites.obj_id)
+ .filter(sqla.and_(Favorites.user_id == User.get_user_id(),
+ Favorites.class_name == 'Dashboard'))
+ )
+ owner_ids_query = (
+ db.session.query(Dash.id)
+ .join(Dash.owners)
+ .filter(User.id == User.get_user_id())
+ )
+
+ query = query.filter(sqla.or_(
+ Dash.id.in_(owner_ids_query),
+ Dash.id.in_(published_dash_query),
+ Dash.id.in_(users_favorite_dash_query),
+ ))
+ else:
+ query = query.filter(Dash.id.in_(published_dash_query))
Review comment:
Should logged off users see anything?
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org