You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by jo...@apache.org on 2018/06/20 19:08:19 UTC
[incubator-superset] branch master updated: Allow users to view
dashboards they own (#4520)
This is an automated email from the ASF dual-hosted git repository.
johnbodley pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-superset.git
The following commit(s) were added to refs/heads/master by this push:
new 2a3d297 Allow users to view dashboards they own (#4520)
2a3d297 is described below
commit 2a3d297950b44f60b45e6581d83ed7c72df414ef
Author: Jeffrey Wang <je...@gmail.com>
AuthorDate: Wed Jun 20 15:08:16 2018 -0400
Allow users to view dashboards they own (#4520)
* Allow owners to view their own dashboards
* Update docstring
* update sm variable
* Add unit test
* misc linter
---
superset/views/core.py | 15 +++++++++++----
tests/dashboard_tests.py | 36 ++++++++++++++++++++++++++++++++++++
2 files changed, 47 insertions(+), 4 deletions(-)
diff --git a/superset/views/core.py b/superset/views/core.py
index 753c538..61fe7eb 100755
--- a/superset/views/core.py
+++ b/superset/views/core.py
@@ -26,7 +26,7 @@ import pandas as pd
import simplejson as json
from six import text_type
import sqlalchemy as sqla
-from sqlalchemy import and_, create_engine, update
+from sqlalchemy import and_, create_engine, or_, update
from sqlalchemy.engine.url import make_url
from sqlalchemy.exc import IntegrityError
from unidecode import unidecode
@@ -151,13 +151,14 @@ class SliceFilter(SupersetFilter):
class DashboardFilter(SupersetFilter):
- """List dashboards for which users have access to at least one slice"""
+ """List dashboards for which users have access to at least one slice or are owners"""
def apply(self, query, func): # noqa
if self.has_all_datasource_access():
return query
Slice = models.Slice # noqa
Dash = models.Dashboard # noqa
+ User = security_manager.user_model
# TODO(bogdan): add `schema_access` support here
datasource_perms = self.get_view_menus('datasource_access')
slice_ids_qry = (
@@ -165,13 +166,19 @@ class DashboardFilter(SupersetFilter):
.query(Slice.id)
.filter(Slice.perm.in_(datasource_perms))
)
+ owner_ids_qry = (
+ db.session
+ .query(Dash.id)
+ .join(Dash.owners)
+ .filter(User.id == User.get_user_id())
+ )
query = query.filter(
- Dash.id.in_(
+ or_(Dash.id.in_(
db.session.query(Dash.id)
.distinct()
.join(Dash.slices)
.filter(Slice.id.in_(slice_ids_qry)),
- ),
+ ), Dash.id.in_(owner_ids_qry)),
)
return query
diff --git a/tests/dashboard_tests.py b/tests/dashboard_tests.py
index 3c8ed76..60c749b 100644
--- a/tests/dashboard_tests.py
+++ b/tests/dashboard_tests.py
@@ -295,6 +295,42 @@ class DashboardTests(SupersetTestCase):
db.session.commit()
self.test_save_dash('alpha')
+ def test_owners_can_view_empty_dashboard(self):
+ dash = (
+ db.session
+ .query(models.Dashboard)
+ .filter_by(slug='empty_dashboard')
+ .first()
+ )
+ if not dash:
+ dash = models.Dashboard()
+ dash.dashboard_title = 'Empty Dashboard'
+ dash.slug = 'empty_dashboard'
+ else:
+ dash.slices = []
+ dash.owners = []
+ db.session.merge(dash)
+ db.session.commit()
+
+ gamma_user = security_manager.find_user('gamma')
+ self.login(gamma_user.username)
+
+ resp = self.get_resp('/dashboardmodelview/list/')
+ self.assertNotIn('/superset/dashboard/empty_dashboard/', resp)
+
+ dash = (
+ db.session
+ .query(models.Dashboard)
+ .filter_by(slug='empty_dashboard')
+ .first()
+ )
+ dash.owners = [gamma_user]
+ db.session.merge(dash)
+ db.session.commit()
+
+ resp = self.get_resp('/dashboardmodelview/list/')
+ self.assertIn('/superset/dashboard/empty_dashboard/', resp)
+
if __name__ == '__main__':
unittest.main()