john-bodley closed pull request #4520: Allow users to view dashboards they own
URL: https://github.com/apache/incubator-superset/pull/4520
This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:
As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):
diff --git a/superset/views/core.py b/superset/views/core.py
index 40d24b268a..8cfeee903b 100755
--- a/superset/views/core.py
+++ b/superset/views/core.py
@@ -26,7 +26,7 @@
import simplejson as json
from six import text_type
import sqlalchemy as sqla
-from sqlalchemy import and_, create_engine, update
+from sqlalchemy import and_, create_engine, or_, update
from sqlalchemy.engine.url import make_url
from sqlalchemy.exc import IntegrityError
from unidecode import unidecode
@@ -158,13 +158,14 @@ def apply(self, query, func): # noqa
class DashboardFilter(SupersetFilter):
- """List dashboards for which users have access to at least one slice"""
+ """List dashboards for which users have access to at least one slice or
are owners"""
def apply(self, query, func): # noqa
if self.has_all_datasource_access():
return query
Slice = models.Slice # noqa
Dash = models.Dashboard # noqa
+ User = security_manager.user_model
# TODO(bogdan): add `schema_access` support here
datasource_perms = self.get_view_menus('datasource_access')
slice_ids_qry = (
@@ -172,13 +173,19 @@ def apply(self, query, func): # noqa
.query(Slice.id)
.filter(Slice.perm.in_(datasource_perms))
)
+ owner_ids_qry = (
+ db.session
+ .query(Dash.id)
+ .join(Dash.owners)
+ .filter(User.id == User.get_user_id())
+ )
query = query.filter(
- Dash.id.in_(
+ or_(Dash.id.in_(
db.session.query(Dash.id)
.distinct()
.join(Dash.slices)
.filter(Slice.id.in_(slice_ids_qry)),
- ),
+ ), Dash.id.in_(owner_ids_qry)),
)
return query
diff --git a/tests/dashboard_tests.py b/tests/dashboard_tests.py
index 3c8ed76e24..60c749bbf2 100644
--- a/tests/dashboard_tests.py
+++ b/tests/dashboard_tests.py
@@ -295,6 +295,42 @@ def test_only_owners_can_save(self):
db.session.commit()
self.test_save_dash('alpha')
+ def test_owners_can_view_empty_dashboard(self):
+ dash = (
+ db.session
+ .query(models.Dashboard)
+ .filter_by(slug='empty_dashboard')
+ .first()
+ )
+ if not dash:
+ dash = models.Dashboard()
+ dash.dashboard_title = 'Empty Dashboard'
+ dash.slug = 'empty_dashboard'
+ else:
+ dash.slices = []
+ dash.owners = []
+ db.session.merge(dash)
+ db.session.commit()
+
+ gamma_user = security_manager.find_user('gamma')
+ self.login(gamma_user.username)
+
+ resp = self.get_resp('/dashboardmodelview/list/')
+ self.assertNotIn('/superset/dashboard/empty_dashboard/', resp)
+
+ dash = (
+ db.session
+ .query(models.Dashboard)
+ .filter_by(slug='empty_dashboard')
+ .first()
+ )
+ dash.owners = [gamma_user]
+ db.session.merge(dash)
+ db.session.commit()
+
+ resp = self.get_resp('/dashboardmodelview/list/')
+ self.assertIn('/superset/dashboard/empty_dashboard/', resp)
+
if __name__ == '__main__':
unittest.main()
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
