You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2022/01/13 09:10:07 UTC
[GitHub] [superset] BinRoq commented on issue #17914: [SIP] Proposal for controlling View Only access to Dashboards
BinRoq commented on issue #17914:
URL: https://github.com/apache/superset/issues/17914#issuecomment-1011937745
@has_access
@expose("/dashboard/<dashboard_id>/")
def dashboard(self, dashboard_id):
"""Server side rendering for a dashboard"""
def check_owner_or_viewer(obj):
#See if current user has either owner or viewer permission
if not obj:
return False
if g.user.is_anonymous:
return False
roles = [r.name for r in get_user_roles()]
if "Admin" in roles:
return True
owners = []
owners += obj.owners
owners += obj.viewers
owner_names = [o.username for o in owners if o]
if g.user and hasattr(g.user, "username") and g.user.username in owner_names:
return True
return False
session = db.session()
qry = session.query(models.Dashboard)
if dashboard_id.isdigit():
qry = qry.filter_by(id=int(dashboard_id))
else:
qry = qry.filter_by(slug=dashboard_id)
dash = qry.one_or_none()
if not dash:
abort(404)
if check_owner_or_viewer( dash ) == False:
bootstrap_data = {
"user_id": g.user.get_id(),
"user_name": g.user.username,
"user.first_name": g.user.first_name,
"user.last_name": g.user.last_name,
"dashboard_id": dash.id,
"dashboard_title": dash.dashboard_title,
"error": "Need either Owner or Viewer privilege to view this dashboard",
}
flash(__("You have no permission to view this dashboard"), "danger")
return json_success(json.dumps(bootstrap_data))
datasources = set()
for slc in dash.slices:
datasource = slc.datasource
if datasource:
datasources.add(datasource)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org