Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add permission checks to save_or_overwrite_slice #4346

Merged
merged 4 commits into from
Feb 9, 2018
Merged

Add permission checks to save_or_overwrite_slice #4346

merged 4 commits into from
Feb 9, 2018

Conversation

jaylindquist
Copy link

This PR is meant to resolve issue #3498

  • Add Slice permission check for saveas to explore request
  • Add Dashboard permission check for add_to_dash == existing to explore request
  • Add Dashboard permission check for add_to_dash == new to explore request

mistercrunch
mistercrunch reviewed Feb 8, 2018
View reviewed changes
superset/views/core.py Outdated
@@ -1182,6 +1182,11 @@ def explore(self, datasource_type, datasource_id):
"You don't have the rights to alter this slice",
status=400)

if action == 'saveas' and not slice_add_perm:
return json_error_response(
"You don't have the rights to create this slice",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

You be great to make this translatable using _("Translatable"). Also we're moving away from slice in favor of chart.
To minimize the number of strings to translate you may want to break it into chunks:
_("You don't have the rights to ") + _("create this ") + _("slice")

@mistercrunch
Copy link
Member

Sorry our linter configuration is picky about ' over ".

As a sidenote (may be out-of-scope for this PR) we need to write a solid test suite around accessibility/security. I'll create an issue for it.

@mistercrunch mistercrunch merged commit 54d3875 into apache:master Feb 9, 2018
michellethomas pushed a commit to michellethomas/panoramix that referenced this pull request May 24, 2018
@michellethomas
Add permission checks to save_or_overwrite_slice (apache#4346)
b0e23f0 
* Add permissions checks for save_or_overwrite_slice

* Change is_owner to check_ownership

* Add translation to chart and dashboard error messages

* Appease the python linter by using single quotes
wenchma pushed a commit to wenchma/incubator-superset that referenced this pull request Nov 16, 2018
@mistercrunch
Add permission checks to save_or_overwrite_slice (apache#4346)
bb21c3f 
* Add permissions checks for save_or_overwrite_slice

* Change is_owner to check_ownership

* Add translation to chart and dashboard error messages

* Appease the python linter by using single quotes
@ktmud ktmud mentioned this pull request Feb 12, 2021
Closed
@m-ajay m-ajay mentioned this pull request Feb 12, 2024
Open
@mistercrunch mistercrunch added 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 0.23.0 labels Feb 27, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mistercrunch mistercrunch mistercrunch left review comments

Assignees
No one assigned
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 0.23.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jaylindquist @mistercrunch