* add aud claim and type for guest token
* update test
* lint
* make jwt audience configurable
* lint
* Apply suggestions from code review
Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com>
* verify aud
* add tests for aud and type claim
Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com>
* feat(dashboard): embedded dashboard UI configuration (#17175) (#17450)
* setup embedded provider
* update ui configuration
* fix test
* feat: Guest token (for embedded dashboard auth) (#17517)
* generate an embed token
* improve existing tests
* add some auth setup, and rename token
* fix the stuff for compatibility with external request loaders
* docs, standard jwt claims, tweaks
* black
* lint
* tests, and safer token decoding
* linting
* type annotation
* prettier
* add feature flag
* quiet pylint
* apparently typing is a problem again
* Make guest role name configurable
* fake being a non-anonymous user
* just one log entry
* customizable algo
* lint
* lint again
* 403 works now!
* get guest token from header instead of cookie
* Revert "403 works now!"
This reverts commit df2f49a6d4.
* fix tests
* Revert "Revert "403 works now!""
This reverts commit 883dff38f1.
* rename method
* correct import
* feat: entry for embedded dashboard (#17529)
* create entry for embedded dashboard in webpack
* add cookies
* lint
* token message handshake
* guestTokenHeaderName
* use setupClient instead of calling configure
* rename the webpack chunk
* simplified handshake
* embedded entrypoint: render a proper app
* make the embedded page accept anonymous connections
* format
* lint
* fix test
# Conflicts:
# superset-frontend/src/embedded/index.tsx
# superset/views/core.py
* lint
* Update superset-frontend/src/embedded/index.tsx
Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com>
* comment out origins checks
* move embedded for core to dashboard
* pylint
* isort
Co-authored-by: David Aaron Suddjian <aasuddjian@gmail.com>
Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com>
* feat: Authorizing guest access to embedded dashboards (#17757)
* helper methods and dashboard access
* guest token dashboard authz
* adjust csrf exempt list
* eums don't work that way
* Remove unnecessary import
* move row level security tests to their own file
* a bit of refactoring
* add guest token security tests
* refactor tests
* clean imports
* variable names can be too long apparently
* missing argument to get_user_roles
* don't redefine builtins
* remove unused imports
* fix test import
* default to global user when getting roles
* missing import
* mock it
* test get_user_roles
* infer g.user for ease of tests
* remove redundant check
* tests for guest user security manager fns
* use algo to get rid of warning messages
* tweaking access checks
* fix guest token security tests
* missing imports
* more tests
* more testing and also some small refactoring
* move validation out of parsing
* fix dashboard access check again
* add more test
Co-authored-by: Lily Kuang <lily@preset.io>
* feat: Row Level Security rules for guest tokens (#17836)
* helper methods and dashboard access
* guest token dashboard authz
* adjust csrf exempt list
* eums don't work that way
* Remove unnecessary import
* move row level security tests to their own file
* a bit of refactoring
* add guest token security tests
* refactor tests
* clean imports
* variable names can be too long apparently
* missing argument to get_user_roles
* don't redefine builtins
* remove unused imports
* fix test import
* default to global user when getting roles
* missing import
* mock it
* test get_user_roles
* infer g.user for ease of tests
* remove redundant check
* tests for guest user security manager fns
* use algo to get rid of warning messages
* tweaking access checks
* fix guest token security tests
* missing imports
* more tests
* more testing and also some small refactoring
* move validation out of parsing
* fix dashboard access check again
* rls rules for guest tokens
* test guest token rls rules
* more flexible rls rules
* lint
* fix tests
* fix test
* defaults
* fix some tests
* fix some tests
* lint
Co-authored-by: Lily Kuang <lily@preset.io>
* SupersetClient guest token test
* Apply suggestions from code review
Co-authored-by: Lily Kuang <lily@preset.io>
Co-authored-by: Lily Kuang <lily@preset.io>
* fix: Dashboard access when RBAC is disabled
* Sends 403 when forbidden
* Fixes issort
* Changes assertion
* Allow access to unpublished dashboards that don't have roles
* Fixes the test_get_dashboard_changed_on test
* feat: auto sync dataset metadata when change dataset
* diablo sync button when edit mode
* handle undefine schema
* fix py UT
* fix FE UT
* improve test coverage
* fix UT
* refactor(api): csrf token on the new REST API
* improve OpenAPI spec description
* fix test
* remove public role like has default for all tests
* fix test
* first attempts at dynamic plugin loading
* dynamic import working for explore
* memoize appropriately
* add a backend for dynamic plugins
* hack at getting dynamic plugins working with dashboards
* more work on making it work, + feature flag
* lint
* actions to fix explore state when plugins load
* handle dynamic control panel, functionify ExploreViewContainer
* fix: rearrange migrations branch
* fix: name and key as strings with length 50
* bundle url length 2000
* bundle url to text
for some reason not supported on my sql
* fix: too long varchart
* fix: pre-commit typing
* fix: licenses
* fix: add slice container was not initing feature flags
* fix: undo linting issue
* fix: adjust down revision again
* fix: adjust down revision again
* isort
* pylint
* god damn linters
* remove unnecessary(?) loading message
* only log non-standard errors
* testing
* python is terrible
* see above commit message
* fix imports in DynamicPluginProvider
* fix
* shift migration forward
* lint
* fix form data calculations to handle missing control config
* temp commit - waiting for superset-ui changes and crud fixes
* remove unnecessary todo
* use new superset-ui shared module function
* fetch the plugins instead of hardcoding the test one
* migration sort
* remove duplicated import statement
* format
* try moving the import 🙄
* copy
* fix frontend tests
* safe access
* comment out dead code
* isort
* disable pylint on necessary lines
* use @superset-ui/logging instead of console
* remove temp code
* rearrange some code
* try triggering mouseover in cypress before click
* use loading spinner instead of text
* trying to fix cypress
* attempt cypress fix
* customize permissions
* update package lock
* only admins can write to plugins by default
* better copy
* disable flaky tests
* use makeApi
* flaky tests
* cleanup code
* flaaaakkkyyyyyy
* dry
Co-authored-by: amitNielsen <amit.miran@nielsen.com>
* Added migration for logs security converge
* Changed class permission name and method permission in LogModelView and LogRestApi
* Updated recent revision and filename
* Changed name of Log perm in manager. Updated TestRolePermission to have correct menu and permission.
* Updated latest migration revision
* Updated latest migration revision
* Restored docs page on roles in security, executed other touchups, and renamed docs readme.txt to readme.md
* missed a url anchor on the security page
* fixed licensing issue and limited char width to 80
* fixed licensing issue and limited char width to 80
* whitespace experiments
* removed 2 periods
* staging whitespace
* addressed Robs feedback
* implemented robs second round of feedback on public_role_like
* feat(row-level-security): add filter type and group key
* simplify tests and add custom list widget
* address comments
* use enum value to ensure case sensitive value is used
* fix: change public role like gamma procedure
* lint and updating UPDATING with breaking change
* fix updating text
* add test and support PUBLIC_ROLE_LIKE_GAMMA
* fix, cleanup tests
* fix, new test
* fix, public default
* Update superset/config.py
Co-authored-by: Ville Brofeldt <33317356+villebro@users.noreply.github.com>
* add simple public welcome page
Co-authored-by: Ville Brofeldt <33317356+villebro@users.noreply.github.com>
* fix(permissions): alpha role is inconsistent
* reverse and allow Alpha to access manager menu
* Bump FAB to 3.0.1rc1 to include del permission fix
* add docs, tests and UPDATING
* EOL
* Fix query view for Alpha
* Re-enable lint on 5 files
* revert something questionable
* Address PR feedback
* One more PR comment...
* black?
* Update code wrapping
* Disable bugged check
* Add a disable for a failure that's only showing up in CI.
* Fix bad refactor
* A little more lint fixing, bug fixing
* Add multiple table filters for Row Level Security
* Set ENABLE_ROW_LEVEL_SECURITY back to False (default)
* Merge DB migrations
* Drop table_id column and foreign key on PostgreSQL, MySQL, SQLite
* Support db records migration also
* Support downgrading from the new-fashioned formatted records
* Straighten up migrations
* Update migration's down_revision to comply master branch
