* feat(dashboard): embedded dashboard UI configuration (#17175) (#17450)
* setup embedded provider
* update ui configuration
* fix test
* feat: Guest token (for embedded dashboard auth) (#17517)
* generate an embed token
* improve existing tests
* add some auth setup, and rename token
* fix the stuff for compatibility with external request loaders
* docs, standard jwt claims, tweaks
* black
* lint
* tests, and safer token decoding
* linting
* type annotation
* prettier
* add feature flag
* quiet pylint
* apparently typing is a problem again
* Make guest role name configurable
* fake being a non-anonymous user
* just one log entry
* customizable algo
* lint
* lint again
* 403 works now!
* get guest token from header instead of cookie
* Revert "403 works now!"
This reverts commit df2f49a6d4.
* fix tests
* Revert "Revert "403 works now!""
This reverts commit 883dff38f1.
* rename method
* correct import
* feat: entry for embedded dashboard (#17529)
* create entry for embedded dashboard in webpack
* add cookies
* lint
* token message handshake
* guestTokenHeaderName
* use setupClient instead of calling configure
* rename the webpack chunk
* simplified handshake
* embedded entrypoint: render a proper app
* make the embedded page accept anonymous connections
* format
* lint
* fix test
# Conflicts:
# superset-frontend/src/embedded/index.tsx
# superset/views/core.py
* lint
* Update superset-frontend/src/embedded/index.tsx
Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com>
* comment out origins checks
* move embedded for core to dashboard
* pylint
* isort
Co-authored-by: David Aaron Suddjian <aasuddjian@gmail.com>
Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com>
* feat: Authorizing guest access to embedded dashboards (#17757)
* helper methods and dashboard access
* guest token dashboard authz
* adjust csrf exempt list
* eums don't work that way
* Remove unnecessary import
* move row level security tests to their own file
* a bit of refactoring
* add guest token security tests
* refactor tests
* clean imports
* variable names can be too long apparently
* missing argument to get_user_roles
* don't redefine builtins
* remove unused imports
* fix test import
* default to global user when getting roles
* missing import
* mock it
* test get_user_roles
* infer g.user for ease of tests
* remove redundant check
* tests for guest user security manager fns
* use algo to get rid of warning messages
* tweaking access checks
* fix guest token security tests
* missing imports
* more tests
* more testing and also some small refactoring
* move validation out of parsing
* fix dashboard access check again
* add more test
Co-authored-by: Lily Kuang <lily@preset.io>
* feat: Row Level Security rules for guest tokens (#17836)
* helper methods and dashboard access
* guest token dashboard authz
* adjust csrf exempt list
* eums don't work that way
* Remove unnecessary import
* move row level security tests to their own file
* a bit of refactoring
* add guest token security tests
* refactor tests
* clean imports
* variable names can be too long apparently
* missing argument to get_user_roles
* don't redefine builtins
* remove unused imports
* fix test import
* default to global user when getting roles
* missing import
* mock it
* test get_user_roles
* infer g.user for ease of tests
* remove redundant check
* tests for guest user security manager fns
* use algo to get rid of warning messages
* tweaking access checks
* fix guest token security tests
* missing imports
* more tests
* more testing and also some small refactoring
* move validation out of parsing
* fix dashboard access check again
* rls rules for guest tokens
* test guest token rls rules
* more flexible rls rules
* lint
* fix tests
* fix test
* defaults
* fix some tests
* fix some tests
* lint
Co-authored-by: Lily Kuang <lily@preset.io>
* SupersetClient guest token test
* Apply suggestions from code review
Co-authored-by: Lily Kuang <lily@preset.io>
Co-authored-by: Lily Kuang <lily@preset.io>
* feat: Adds a key-value endpoint to store charts form data
* Fixes linting problems
* Removes the query_params from the endpoints
* Refactors the commands
* Removes unused imports
* Changes the parameters to use dataclass
* Adds more access tests
* Gets the first dataset while testing
* Adds unit tests for the check_access function
* Changes the can_access check
* Always check for dataset access
* chore: use new FAB functionality for component schemas and update OpenAPI spec
* remove unused import
* fix spec and lint
* EOF fix
* update open api spec with latest master
* feat: Adds a key-value endpoint to store the state of dashboard filters
* Fixes pylint issues
* Adds openapi schemas
* Adds more tests, move logic to commands and use singular form for the endpoint name
* Fixes model description
* Removes database model
* Adds open api specs
* Simplifies the commands
* Adds more tests
* Validates the value content and submits the correct http status code
* Fixes import order
* Skips flakky test
* Fixes tests
* Updates UPDATING.md
* fix: Dashboard access when RBAC is disabled
* Sends 403 when forbidden
* Fixes issort
* Changes assertion
* Allow access to unpublished dashboards that don't have roles
* Fixes the test_get_dashboard_changed_on test
* feat: command to import configuration from a directory
This allows us to keep Superset updated from a repo:
```bash
$ superset import-directory /path/to/configs/
```
For example, I created a simple dashboard with a single chart:
PLACEHOLDER
I then exported it to a file `dashboard_export_20210714T104600.zip` and
unzipped it. After deleting the dashboard, chart, dataset, and database
I imported everything back with:
```bash
$ superset import-directory ~/Downloads/dashboard_export_20210714T104600/
```
I then changed the chart title in `~/Downloads/dashboard_export_20210714T104600/charts/Cnt_per_country_1.yaml` and ran the command again. The chart was succesfully updated:
PLACEHOLDER
* Small fixes
