You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by "mgorsk1 (via GitHub)" <gi...@apache.org> on 2023/04/27 02:52:20 UTC

[GitHub] [superset] mgorsk1 opened a new pull request, #22454: fix(ui): disable json download when `can csv on Superset` is not allowed

mgorsk1 opened a new pull request, #22454:
URL: https://github.com/apache/superset/pull/22454

   ### SUMMARY
   
   Disables saving artifacts to JSON when `canDownloadCSV` is not allowed. This is required to prevent leaking data from superset. `can csv on Superset` is a permission aiming to prevent downloading structured data from Superset but it's not covering JSON exports. This PR aims to fix this.
   
   ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
   <!--- Skip this if not applicable -->
   
   ### TESTING INSTRUCTIONS
   <!--- Required! What steps can be taken to manually verify the changes? -->
   
   ### ADDITIONAL INFORMATION
   <!--- Check any relevant boxes with "x" -->
   <!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue -->
   - [x] Has associated issue: https://github.com/apache/superset/issues/19535
   - [ ] Required feature flags:
   - [x] Changes UI
   - [ ] Includes DB Migration (follow approval process in [SIP-59](https://github.com/apache/superset/issues/13351))
     - [ ] Migration is atomic, supports rollback & is backwards-compatible
     - [ ] Confirm DB migration upgrade and downgrade tested
     - [ ] Runtime estimates and downtime expectations provided
   - [ ] Introduces new feature or API
   - [ ] Removes existing feature or API
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] villebro commented on pull request #22454: fix(ui): disable json download when `can csv on Superset` is not allowed

Posted by GitBox <gi...@apache.org>.

villebro commented on PR #22454:
URL: https://github.com/apache/superset/pull/22454#issuecomment-1358034719

   @mgorsk1 can you check if you were actually able to download the JSON data? I assume you should get an error if you don't have the right perms, and if you're not, we need to also fix this in the API.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

Re: [PR] fix(ui): disable json download when `can csv on Superset` is not allowed [superset]

Posted by "rusackas (via GitHub)" <gi...@apache.org>.

rusackas commented on PR #22454:
URL: https://github.com/apache/superset/pull/22454#issuecomment-2092087004

   @mgorsk1 would you mind rebasing this so we can merge it?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

Re: [PR] fix(ui): disable json download when `can csv on Superset` is not allowed [superset]

Posted by "rusackas (via GitHub)" <gi...@apache.org>.

rusackas closed pull request #22454: fix(ui): disable json download when `can csv on Superset` is not allowed
URL: https://github.com/apache/superset/pull/22454


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] mgorsk1 commented on pull request #22454: fix(ui): disable json download when `can csv on Superset` is not allowed

Posted by "mgorsk1 (via GitHub)" <gi...@apache.org>.

mgorsk1 commented on PR #22454:
URL: https://github.com/apache/superset/pull/22454#issuecomment-1415916300

   fixed linting (I hope), feel free to re-run the CI @rusackas 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

Re: [PR] fix(ui): disable json download when `can csv on Superset` is not allowed [superset]

Posted by "mgorsk1 (via GitHub)" <gi...@apache.org>.

mgorsk1 commented on PR #22454:
URL: https://github.com/apache/superset/pull/22454#issuecomment-1798254574

   rebased @rusackas 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

Re: [PR] fix(ui): disable json download when `can csv on Superset` is not allowed [superset]

Posted by "michael-s-molina (via GitHub)" <gi...@apache.org>.

michael-s-molina commented on PR #22454:
URL: https://github.com/apache/superset/pull/22454#issuecomment-1961992923

   Ci is failing with:
   
   `SyntaxError: /home/runner/work/superset/superset/superset-frontend/src/types/dom-to-pdf.d.ts: A 'const' initializer in an ambient context must be a string or numeric literal or literal enum reference.`
   
   https://github.com/apache/superset/pull/27236 was merged recently, so I think this PR just needs a rebase and it will be good to go.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] mgorsk1 commented on pull request #22454: fix(ui): disable json download when `can csv on Superset` is not allowed

Posted by GitBox <gi...@apache.org>.

mgorsk1 commented on PR #22454:
URL: https://github.com/apache/superset/pull/22454#issuecomment-1376911451

   bump @villebro 


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] rusackas commented on pull request #22454: fix(ui): disable json download when `can csv on Superset` is not allowed

Posted by "rusackas (via GitHub)" <gi...@apache.org>.

rusackas commented on PR #22454:
URL: https://github.com/apache/superset/pull/22454#issuecomment-1539107928

   Unit tests seem to be failing pretty reliably... can you run/address the tests locally? I also believe that a unit tests was fixed on master not long ago, so you might get lucky with a rebase.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] rusackas commented on pull request #22454: fix(ui): disable json download when `can csv on Superset` is not allowed

Posted by "rusackas (via GitHub)" <gi...@apache.org>.

rusackas commented on PR #22454:
URL: https://github.com/apache/superset/pull/22454#issuecomment-1646288387

   @mgorsk1 just checking to see if you have any interest in pursuing this still.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

Re: [PR] fix(ui): disable json download when `can csv on Superset` is not allowed [superset]

Posted by "rusackas (via GitHub)" <gi...@apache.org>.

rusackas commented on PR #22454:
URL: https://github.com/apache/superset/pull/22454#issuecomment-1795911812

   Closing and re-opening to see if anything magically changes, but unless @mgorsk1 wants to check/fix unit tests, we might wind up closing this one for good.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] rusackas commented on pull request #22454: fix(ui): disable json download when `can csv on Superset` is not allowed

Posted by "rusackas (via GitHub)" <gi...@apache.org>.

rusackas commented on PR #22454:
URL: https://github.com/apache/superset/pull/22454#issuecomment-1419581265

   Resolved the conflict... hopefully CI passes ;)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] rusackas commented on pull request #22454: fix(ui): disable json download when `can csv on Superset` is not allowed

Posted by "rusackas (via GitHub)" <gi...@apache.org>.

rusackas commented on PR #22454:
URL: https://github.com/apache/superset/pull/22454#issuecomment-1524536089

   Ugh... I can't reboot the unit tests (which were probably just flaky) for some reason, so I'm going to close/reopen this to kick-start CI (again)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] rusackas closed pull request #22454: fix(ui): disable json download when `can csv on Superset` is not allowed

Posted by "rusackas (via GitHub)" <gi...@apache.org>.

rusackas closed pull request #22454: fix(ui): disable json download when `can csv on Superset` is not allowed
URL: https://github.com/apache/superset/pull/22454


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

Re: [PR] fix(ui): disable json download when `can csv on Superset` is not allowed [superset]

Posted by "rusackas (via GitHub)" <gi...@apache.org>.

rusackas commented on PR #22454:
URL: https://github.com/apache/superset/pull/22454#issuecomment-1928026075

   Closing/reopening to kick CI.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] villebro commented on pull request #22454: fix(ui): disable json download when `can csv on Superset` is not allowed

Posted by GitBox <gi...@apache.org>.

villebro commented on PR #22454:
URL: https://github.com/apache/superset/pull/22454#issuecomment-1377524867

   Hi @mgorsk1 - CI is failing due to a linting issue: 
   ![image](https://user-images.githubusercontent.com/33317356/211606667-2e6e8c06-76fc-4ca1-aa6c-0dd0379f1d3a.png)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] mgorsk1 commented on pull request #22454: fix(ui): disable json download when `can csv on Superset` is not allowed

Posted by GitBox <gi...@apache.org>.

mgorsk1 commented on PR #22454:
URL: https://github.com/apache/superset/pull/22454#issuecomment-1358952031

   hey villebro, on a second thought I think that downloading JSON itself might be always valuable and we shall just strip it of `data` section when `canDownloadCSV` is false. wdyt?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] rusackas commented on pull request #22454: fix(ui): disable json download when `can csv on Superset` is not allowed

Posted by "rusackas (via GitHub)" <gi...@apache.org>.

rusackas commented on PR #22454:
URL: https://github.com/apache/superset/pull/22454#issuecomment-1402799396

   @mgorsk1 feel free to hit us up on Slack if we can help with linting. It also appears there are some conflicts to mitigate, hopefully that's straightforward-ish :) Would love to see https://github.com/apache/superset/issues/19535 closed. @Larissa-Rocha might also want to take a look at this PR on that note.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

Re: [PR] fix(ui): disable json download when `can csv on Superset` is not allowed [superset]

Posted by "rusackas (via GitHub)" <gi...@apache.org>.

rusackas closed pull request #22454: fix(ui): disable json download when `can csv on Superset` is not allowed
URL: https://github.com/apache/superset/pull/22454


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

Re: [PR] fix(ui): disable json download when `can csv on Superset` is not allowed [superset]

Posted by "rusackas (via GitHub)" <gi...@apache.org>.

rusackas commented on PR #22454:
URL: https://github.com/apache/superset/pull/22454#issuecomment-1946884996

   Tests still seem to be failing on this. Any chance you can run them locally and see if you can get them to pass? I wonder if it's because the UI changed since the PR was opened.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org