nickdomnin opened a new issue #13964: URL: https://github.com/apache/superset/issues/13964
User can access dashboards in any states via link although they are not shown in user's dashboard list. In case of RLS enabled and user without permissions for any datasources used on dashboard this case should be considered as security issue. ### Expected results Error message about denied access to that dashboard and redirection to previous page or welcome/dashboard list page. ### Actual results Dashboard page opened with access errors on all charts. #### How to reproduce the bug 1. Create dashboard on any datasource which is not accessible by all users of SuperSet 2. Save dashboard url 3. Relogin with user without access to used datasource 4. Open saved link ### Environment Reproduced on 1.0.1, 1.1.0rc1 and master. ### Checklist Make sure to follow these steps before submitting your issue - thank you! - [x] I have checked the superset logs for python stacktraces and included it here as text if there are any. - [x] I have reproduced the issue with at least the latest released version of superset. - [x] I have checked the issue tracker for the same issue and I haven't found one similar. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
