This is an automated email from the ASF dual-hosted git repository. johnbodley pushed a commit to branch master in repository https://gitbox.apache.org/repos/asf/incubator-superset.git
The following commit(s) were added to refs/heads/master by this push: new 2a3d297 Allow users to view dashboards they own (#4520) 2a3d297 is described below commit 2a3d297950b44f60b45e6581d83ed7c72df414ef Author: Jeffrey Wang <jeffreywan...@gmail.com> AuthorDate: Wed Jun 20 15:08:16 2018 -0400 Allow users to view dashboards they own (#4520) * Allow owners to view their own dashboards * Update docstring * update sm variable * Add unit test * misc linter --- superset/views/core.py | 15 +++++++++++---- tests/dashboard_tests.py | 36 ++++++++++++++++++++++++++++++++++++ 2 files changed, 47 insertions(+), 4 deletions(-) diff --git a/superset/views/core.py b/superset/views/core.py index 753c538..61fe7eb 100755 --- a/superset/views/core.py +++ b/superset/views/core.py @@ -26,7 +26,7 @@ import pandas as pd import simplejson as json from six import text_type import sqlalchemy as sqla -from sqlalchemy import and_, create_engine, update +from sqlalchemy import and_, create_engine, or_, update from sqlalchemy.engine.url import make_url from sqlalchemy.exc import IntegrityError from unidecode import unidecode @@ -151,13 +151,14 @@ class SliceFilter(SupersetFilter): class DashboardFilter(SupersetFilter): - """List dashboards for which users have access to at least one slice""" + """List dashboards for which users have access to at least one slice or are owners""" def apply(self, query, func): # noqa if self.has_all_datasource_access(): return query Slice = models.Slice # noqa Dash = models.Dashboard # noqa + User = security_manager.user_model # TODO(bogdan): add `schema_access` support here datasource_perms = self.get_view_menus('datasource_access') slice_ids_qry = ( @@ -165,13 +166,19 @@ class DashboardFilter(SupersetFilter): .query(Slice.id) .filter(Slice.perm.in_(datasource_perms)) ) + owner_ids_qry = ( + db.session + .query(Dash.id) + .join(Dash.owners) + .filter(User.id == User.get_user_id()) + ) query = query.filter( - Dash.id.in_( + or_(Dash.id.in_( db.session.query(Dash.id) .distinct() .join(Dash.slices) .filter(Slice.id.in_(slice_ids_qry)), - ), + ), Dash.id.in_(owner_ids_qry)), ) return query diff --git a/tests/dashboard_tests.py b/tests/dashboard_tests.py index 3c8ed76..60c749b 100644 --- a/tests/dashboard_tests.py +++ b/tests/dashboard_tests.py @@ -295,6 +295,42 @@ class DashboardTests(SupersetTestCase): db.session.commit() self.test_save_dash('alpha') + def test_owners_can_view_empty_dashboard(self): + dash = ( + db.session + .query(models.Dashboard) + .filter_by(slug='empty_dashboard') + .first() + ) + if not dash: + dash = models.Dashboard() + dash.dashboard_title = 'Empty Dashboard' + dash.slug = 'empty_dashboard' + else: + dash.slices = [] + dash.owners = [] + db.session.merge(dash) + db.session.commit() + + gamma_user = security_manager.find_user('gamma') + self.login(gamma_user.username) + + resp = self.get_resp('/dashboardmodelview/list/') + self.assertNotIn('/superset/dashboard/empty_dashboard/', resp) + + dash = ( + db.session + .query(models.Dashboard) + .filter_by(slug='empty_dashboard') + .first() + ) + dash.owners = [gamma_user] + db.session.merge(dash) + db.session.commit() + + resp = self.get_resp('/dashboardmodelview/list/') + self.assertIn('/superset/dashboard/empty_dashboard/', resp) + if __name__ == '__main__': unittest.main()