gkneighb opened a new pull request, #41843:
URL: https://github.com/apache/superset/pull/41843

   ### SUMMARY
   
   Makes the "you don't have access to this data" experience actionable for 
viewers, in two coordinated pieces:
   
   **Backend — templated `PERMISSION_INSTRUCTIONS_LINK`.** The config option 
(previously a static URL) may template `{datasource_id}`, `{datasource_name}`, 
`{table_names}`, and `{username}`, all URL-encoded, so the "Request access" 
link can deep-link into an organization's access-request tool with the denied 
resource pre-filled (e.g. a ServiceNow/Jira form or an internal portal). 
Rendering happens in a single helper (`_render_permission_instructions_link`) 
used by both the datasource- and table-level denial paths. Fully backwards 
compatible: a plain URL without placeholders renders unchanged, an empty value 
keeps the current behavior, and unknown placeholders are left intact rather 
than raising.
   
   **Frontend — `DatasourceSecurityAccessErrorMessage`.** A new error component 
registered for `DATASOURCE_SECURITY_ACCESS_ERROR` and 
`TABLE_SECURITY_ACCESS_ERROR` replaces the raw technical error for viewers: a 
plain-language title, the dataset/table names, the chart owners to contact 
(already available via `useChartOwnerNames`), and a prominent "Request access" 
link from the templated URL. The technical detail (issue code, raw message) 
stays available in a collapsible section. When no link is configured, the 
component degrades to the owner-contact guidance.
   
   The rationale: a Gamma/viewer hitting a permission wall today gets 
issue-code jargon and no path forward. Pointing them at the right form with the 
right context pre-filled turns a dead end into a self-service flow, without 
changing any authorization behavior.
   
   ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
   
   The change was verified live end-to-end (viewer hitting a restricted chart 
sees the new message with a working deep-link). Screenshots to follow in a 
comment.
   
   ### TESTING INSTRUCTIONS
   
   ```bash
   # Backend (templating, URL-encoding, empty/plain/anonymous cases)
   pytest tests/unit_tests/security/test_permission_instructions_link.py
   
   # Frontend (title, owner contact, request link, admin fallback, table case)
   cd superset-frontend
   npx jest 
src/components/ErrorMessage/DatasourceSecurityAccessErrorMessage.test.tsx
   ```
   
   Manual: set in `superset_config.py`:
   
   ```python
   PERMISSION_INSTRUCTIONS_LINK = (
       
"https://access.example.com/request?resource={datasource_name}&user={username}";
   )
   ```
   
   Then, as a user without access to a dataset, open a chart built on it — the 
error panel shows the friendly message with a "Request access" link carrying 
the encoded dataset name and username.
   
   ### ADDITIONAL INFORMATION
   
   - [ ] Has associated issue:
   - [ ] Required feature flags:
   - [x] Changes UI
   - [ ] Includes DB Migration (follow approval process in 
[SIP-59](https://github.com/apache/superset/issues/13351))
     - [ ] Migration is atomic, supports rollback & is backwards-compatible
     - [ ] Confirm DB migration upgrade and downgrade tested
     - [ ] Runtime estimates and downtime expectations provided
   - [x] Introduces new feature or API
   - [ ] Removes existing feature or API
   
   🤖 Generated with [Claude Code](https://claude.com/claude-code)
   
   https://claude.ai/code/session_014z1fQxTadTEvpCJLx9WnB8
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to