feat(dashboard_rbac): dashboard_view access enforcement

[amitmiran137]

SUMMARY

resolves #10408

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TEST PLAN

go to the dashboard(http://127.0.0.01/superset/dashboard//) to which you have no access (no role nor dataset access)
dashboard should not be visible and should get forbidden 403

ADDITIONAL INFORMATION

• Has associated issue:
• Changes UI
• Requires DB Migration.
• Confirm DB Migration upgrade and downgrade tested.
• Introduces new feature or API
• Removes existing feature or API

[ktmud]

A couple of code style suggestions. Mostly non-blockers.

The HTML error renderer could be a large refactoring effort that'd worth a discussion thread or separate PR.

[codecov-io]

Codecov Report

Merging #12875 (34deaf5) into master (51195af) will decrease coverage by 7.67%.
The diff coverage is 92.15%.

@@            Coverage Diff             @@
##           master   #12875      +/-   ##
==========================================
- Coverage   66.93%   59.25%   -7.68%     
==========================================
  Files        1022      966      -56     
  Lines       50186    45927    -4259     
  Branches     5204     4444     -760     
==========================================
- Hits        33591    27216    -6375     
- Misses      16455    18711    +2256     
+ Partials      140        0     -140     

Flag	Coverage Δ
cypress	45.42% <ø> (-4.35%)	⬇️
javascript	?
python	67.55% <92.15%> (+3.47%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
superset/views/core.py	74.90% <85.71%> (-0.52%)	⬇️
superset/utils/decorators.py	94.44% <86.95%> (-5.56%)	⬇️
superset/dashboards/commands/exceptions.py	100.00% <100.00%> (ø)
superset/models/dashboard.py	77.82% <100.00%> (+2.08%)	⬆️
...uperset-frontend/src/dashboard/util/dnd-reorder.js	0.00% <0.00%> (-100.00%)	⬇️
...rset-frontend/src/dashboard/util/getEmptyLayout.js	0.00% <0.00%> (-100.00%)	⬇️
...t-frontend/src/dashboard/containers/SliceAdder.jsx	0.00% <0.00%> (-100.00%)	⬇️
...frontend/src/dashboard/util/dropOverflowsParent.js	0.00% <0.00%> (-100.00%)	⬇️
...frontend/src/dashboard/util/newEntitiesFromDrop.js	0.00% <0.00%> (-100.00%)	⬇️
...rontend/src/dashboard/util/componentIsResizable.ts	0.00% <0.00%> (-100.00%)	⬇️
... and 446 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 51195af...34deaf5. Read the comment docs.

[ktmud]

Code LGTM. Thanks for all the updates. Just one more comment that's non-blocking, too.

Let's leave this PR open for a couple of more hours just in case others have thoughts.

[MM-Lehmann]

Unfortunately, this feature breaks my dataset-based access. I can either use dashboard level OR dataset level. I've ran a db upgrade after setting the FF as well. What went wrong? (I am on 1.4.1)