* first pass migrating config to ff
* nixing a console log from testing
* adding an entry to `UPDATING.md`
* linting ✨
* Adding ENABLE_JAVASCRIPT_CONTROLS to FEATURE_FLAGS.md
* no longer in need of state!
* Turning the flag back off
* linting... le sigh
* and more linting...
* added NL translations
* added Dutch to config
* fixed end of line on .po file
Co-authored-by: pablo.guerra-at-026399402087 <pablo.guerra@026399402087>
* add aud claim and type for guest token
* update test
* lint
* make jwt audience configurable
* lint
* Apply suggestions from code review
Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com>
* verify aud
* add tests for aud and type claim
Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com>
* feat(dashboard): embedded dashboard UI configuration (#17175) (#17450)
* setup embedded provider
* update ui configuration
* fix test
* feat: Guest token (for embedded dashboard auth) (#17517)
* generate an embed token
* improve existing tests
* add some auth setup, and rename token
* fix the stuff for compatibility with external request loaders
* docs, standard jwt claims, tweaks
* black
* lint
* tests, and safer token decoding
* linting
* type annotation
* prettier
* add feature flag
* quiet pylint
* apparently typing is a problem again
* Make guest role name configurable
* fake being a non-anonymous user
* just one log entry
* customizable algo
* lint
* lint again
* 403 works now!
* get guest token from header instead of cookie
* Revert "403 works now!"
This reverts commit df2f49a6d4.
* fix tests
* Revert "Revert "403 works now!""
This reverts commit 883dff38f1.
* rename method
* correct import
* feat: entry for embedded dashboard (#17529)
* create entry for embedded dashboard in webpack
* add cookies
* lint
* token message handshake
* guestTokenHeaderName
* use setupClient instead of calling configure
* rename the webpack chunk
* simplified handshake
* embedded entrypoint: render a proper app
* make the embedded page accept anonymous connections
* format
* lint
* fix test
# Conflicts:
# superset-frontend/src/embedded/index.tsx
# superset/views/core.py
* lint
* Update superset-frontend/src/embedded/index.tsx
Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com>
* comment out origins checks
* move embedded for core to dashboard
* pylint
* isort
Co-authored-by: David Aaron Suddjian <aasuddjian@gmail.com>
Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com>
* feat: Authorizing guest access to embedded dashboards (#17757)
* helper methods and dashboard access
* guest token dashboard authz
* adjust csrf exempt list
* eums don't work that way
* Remove unnecessary import
* move row level security tests to their own file
* a bit of refactoring
* add guest token security tests
* refactor tests
* clean imports
* variable names can be too long apparently
* missing argument to get_user_roles
* don't redefine builtins
* remove unused imports
* fix test import
* default to global user when getting roles
* missing import
* mock it
* test get_user_roles
* infer g.user for ease of tests
* remove redundant check
* tests for guest user security manager fns
* use algo to get rid of warning messages
* tweaking access checks
* fix guest token security tests
* missing imports
* more tests
* more testing and also some small refactoring
* move validation out of parsing
* fix dashboard access check again
* add more test
Co-authored-by: Lily Kuang <lily@preset.io>
* feat: Row Level Security rules for guest tokens (#17836)
* helper methods and dashboard access
* guest token dashboard authz
* adjust csrf exempt list
* eums don't work that way
* Remove unnecessary import
* move row level security tests to their own file
* a bit of refactoring
* add guest token security tests
* refactor tests
* clean imports
* variable names can be too long apparently
* missing argument to get_user_roles
* don't redefine builtins
* remove unused imports
* fix test import
* default to global user when getting roles
* missing import
* mock it
* test get_user_roles
* infer g.user for ease of tests
* remove redundant check
* tests for guest user security manager fns
* use algo to get rid of warning messages
* tweaking access checks
* fix guest token security tests
* missing imports
* more tests
* more testing and also some small refactoring
* move validation out of parsing
* fix dashboard access check again
* rls rules for guest tokens
* test guest token rls rules
* more flexible rls rules
* lint
* fix tests
* fix test
* defaults
* fix some tests
* fix some tests
* lint
Co-authored-by: Lily Kuang <lily@preset.io>
* SupersetClient guest token test
* Apply suggestions from code review
Co-authored-by: Lily Kuang <lily@preset.io>
Co-authored-by: Lily Kuang <lily@preset.io>
* feat: Adds a key-value endpoint to store charts form data
* Fixes linting problems
* Removes the query_params from the endpoints
* Refactors the commands
* Removes unused imports
* Changes the parameters to use dataclass
* Adds more access tests
* Gets the first dataset while testing
* Adds unit tests for the check_access function
* Changes the can_access check
* Always check for dataset access
* Redirect on 401
* Bump FAB
* Format
* Update Cypress save test
* Revert Cypress change
* Bump FAB 3.4.1rc2
* Update test
* Update return statement
* Update api test
* Update datasets api test
* Update datasets api 401s to 403s
* Add typeguard
* Use Promise.resolve
* Update callApiAndParseWithhTimeout test
* Disable parseResponse test
* Try catch
* Handle npm 8 issues
* feat: Adds a key-value endpoint to store the state of dashboard filters
* Fixes pylint issues
* Adds openapi schemas
* Adds more tests, move logic to commands and use singular form for the endpoint name
* Fixes model description
* Removes database model
* Adds open api specs
* Simplifies the commands
* Adds more tests
* Validates the value content and submits the correct http status code
* Fixes import order
* Skips flakky test
* Fixes tests
* Updates UPDATING.md
* fix: feature flags typing
* fix tests
* add note in UPDATING.md
* fix frontend
* also move SCHEDULED_QUERIES to top level
* fix test
Co-authored-by: Ville Brofeldt <ville.v.brofeldt@gmail.com>
* abstract boilerplate code into class and rename csv to file
* add db migration
* fix some stuff
* more renaming of csv to file
* rename in translations
* update down revision
* update down revision
* bump chart version
* switch to alter column name approach in db migration
* fix db migration for MySQL
* db migration conflict
* feat: add global max limit
* fix lint and tests
* leave SAMPLES_ROW_LIMIT unchanged
* fix sample rowcount test
* replace max global limit with existing sql max row limit
* fix test
* make max_limit optional in util
* improve comments
* allow csv upload to accept parquet file
* fix mypy
* fix if statement
* add test for specificying columns in CSV upload
* clean up test
* change order in test
* fix failures
* upload parquet to seperate table in test
* fix error message
* fix mypy again
* rename other extensions to columnar
* add new form for columnar upload
* add support for zip files
* undo csv form changes except usecols
* add more tests for zip
* isort & black
* pylint
* fix trailing space
* address more review comments
* pylint
* black
* resolve remaining issues
* Make ghost buttons clickable
* Popover for column control
* Make column dnd ghost button clickable
* Prefill operator only if column is defined
* Remove data-tests
* lint fix
* Hide new features behind a feature flag
* Change ghost button texts
* Remove caret for non clickable columns
