villebro commented on issue #10408: URL: https://github.com/apache/incubator-superset/issues/10408#issuecomment-725919143
Thanks for updating the SIP @amitNielsen ! I think the current state of the proposal captures the motivations and required changes well. If we can keep this behind a feature flag and not cause backwards incompatible changes, then I'm all for the change. By introducing the option to allow access to dashboards/charts with a signed token provided by the backend, we should be able to do this securely, without compromising leakage. I believe it should be possible to keep the necessary code changes mostly within the security manager, avoiding unnecessary additional code complexity. I envision a flow that would look something like this: 1) User requests dashboard. If user is not permitted to access the dashboard, a 403 is returned. If user does have access, a signed token based on the user id and dashboard are returned with the bootstrap data. 2) the dashboard requests data for all charts in the dashboard, appending the token to the requests. 3) the backend verifies that the token is valid, and ensures that the chart is indeed in the dashboard. If something doesn't add up, a 403 is returned, otherwise the chart data is returned. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
