Access control on the explore page

[x4base]

I want to build dashboards for the users, but don't want them to send custom queries. If I take away their can_save and can_edit permission, they still can sent custom queries. So I want to prohibit the user from entering the pages like /caravel/explore/druid/3 . But if I take away their can_explore permission, they will be unable to see the slices on the dashboard. So this is what I am trying to add in view.py:

def explore(self, datasource_type, datasource_id):
    ...
    slice_custom_query_perm = self.appbuilder.sm.has_access(
        'can_custom_query', 'SliceModelView')

    if request.args.get("json") == "true":
        ...
    elif request.args.get("csv") == "true":
        ...
    else:
        if request.args.get("standalone") == "true":
            template = "caravel/standalone.html"
        else:
            if not slice_custom_query_perm:
                flash(_("You don't seem to have the permission "
                        "to customize the slices"), "danger")
                return redirect(error_redirect)

            template = "caravel/explore.html"

Do you think it is a good idea to design it this way? How can I create the new permission "can_custom_query" in caravel init? Thanks

[shrutimkrishnan]

Have you had any further feedback on this @x4base - we're trying to understand how to do the same (new to superset!)

[mistercrunch]

Seems like removing can_explore from a role should work now since we now have a different view for the json (can_explore_json)

[shrutimkrishnan]

Tried it out @mistercrunch but not sure if my requirement was the same as described here. I'm looking for user to have restricted access to explore view to only be able to view the chart in greater detail + download the CSV data behind the chart. Right now if I give them can_explore permission they can do everything in the explore view including changing the slice configuration from the left menu which we don't want them to do

[mistercrunch]

@shrutimkrishnan I'm guessing if you could export CSV from the dashboard view you wouldn't need explore at all

[shrutimkrishnan]

@mistercrunch yup exactly, saw you're taking this feature on in the other entry so thanks a lot!

Sent from my Google Pixel using FastHub