Evan
4415b8a400
feat(security): terminate active sessions when an account is disabled
...
Disabling a user account (active=False) terminates that user's
outstanding sessions on their next request via a per-user invalidation
epoch (user_attribute.sessions_invalidated_at). Works for both
client-side cookie sessions and server-side session stores. Inert for
users that were never disabled (NULL epoch). The migration backfills the
epoch for accounts already disabled at upgrade time.
Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com >
2026-06-10 11:24:30 -07:00
Evan Rusackas
5a0e3f15ca
feat(embedded): add guest token revocation support ( #40671 )
...
Co-authored-by: Claude Code <noreply@anthropic.com >
2026-06-10 09:17:30 -07:00
Amin Ghadersohi
7d69f76127
fix(mcp): API key authentication for MCP — transport, validation, and RBAC ( #39604 )
2026-06-04 15:04:43 -04:00
Shaitan
faa76f6741
fix(embedding): add optional dataset allowlist to guest tokens ( #39302 )
...
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com >
2026-06-03 12:55:09 +01:00
Michael Gerber
041ecbc248
fix(embedded): resolve guest user permissions in user_view_menu_names ( #39197 )
...
Co-authored-by: Evan Rusackas <evan@preset.io >
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com >
Co-authored-by: Claude Code <noreply@anthropic.com >
2026-06-01 10:30:05 -07:00
Beto Dealmeida
cb53745d43
feat: semantic layer extension ( #37815 )
2026-05-05 12:07:46 -04:00
Daniel Vaz Gaspar
5815665cc6
feat: role/user CRUD events and login/logout tracking in the action log ( #39121 )
...
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com >
2026-04-09 15:55:25 +01:00
Amin Ghadersohi
811dcb3715
feat(api-keys): add API key authentication via FAB SecurityManager ( #37973 )
...
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com >
Co-authored-by: Kamil Gabryjelski <kamil.gabryjelski@gmail.com >
2026-03-24 13:37:26 -04:00
Mehmet Salih Yavuz
95f61bd223
fix: add parent_slice_id for multilayer charts to embed ( #38243 )
2026-03-12 21:21:43 +03:00
Yuriy Krasilnikov
09e9c6a522
fix(embedded): prevent double RLS application in virtual datasets ( #37395 )
2026-03-12 14:12:59 +01:00
Hugh A. Miles II
61fbfda501
feat(security): add granular export controls (Phase 1) ( #38361 )
2026-03-09 16:44:56 -04:00
Kamil Gabryjelski
3e3c9686de
perf(dashboard): Batch RLS filter lookups for dashboard digest computation ( #37941 )
2026-02-16 21:35:55 +01:00
Alexandru Soare
9ea5ded988
fix(dashboard): Prevent fatal error when database connection is unavailable ( #37576 )
2026-02-06 20:52:17 -08:00
Beto Dealmeida
ecb4e483df
fix: apply EXCLUDE_USERS_FROM_LISTS to /api/v1/security/users/ ( #36742 )
...
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com >
2025-12-23 15:18:34 -08:00
Daniel Vaz Gaspar
a9fb853e3e
fix: Bump FAB to 5.X ( #33055 )
...
Co-authored-by: Joe Li <joe@preset.io >
2025-09-12 09:21:37 +01:00
Maxime Beauchemin
246181a546
feat(docker): Add pytest support to docker-compose-light.yml ( #34373 )
...
Co-authored-by: Claude <noreply@anthropic.com >
2025-08-06 00:17:50 -04:00
Maxime Beauchemin
3f8472ca7b
chore: move some rules from ruff -> pylint ( #34292 )
2025-07-24 09:40:49 -07:00
Beto Dealmeida
a26e1d822a
chore: remove sqlparse ( #33564 )
2025-06-04 19:31:41 -04:00
Daniel Vaz Gaspar
a4bb11c755
chore: bump FAB to 4.7.0 ( #33607 )
2025-05-29 08:34:00 +01:00
Enzo Martellucci
013379eb86
feat(List Users): Migrate List Users FAB to React ( #32882 )
2025-04-15 17:04:28 +03:00
Enzo Martellucci
4f0020d0df
feat(List Roles): Migrate FAB view to React ( #32432 )
...
Co-authored-by: Diego Pucci <diegopucci.me@gmail.com >
2025-04-02 14:06:17 +03:00
Maxime Beauchemin
e51b95ffa8
chore: enforce more ruff rules ( #31447 )
...
Co-authored-by: Elizabeth Thompson <eschutho@gmail.com >
2024-12-18 17:41:34 -08:00
Beto Dealmeida
7f2e752796
fix: check orderby ( #31156 )
2024-11-26 10:15:06 -05:00
Geido
90572be95a
fix(Dashboard): Retain colors when color scheme not set ( #30646 )
2024-11-21 19:58:32 +02:00
Beto Dealmeida
e0172a24b8
fix(embedded): sankey charts ( #30491 )
2024-10-02 13:45:35 -04:00
Beto Dealmeida
39209c2b40
fix: handle empty catalog when DB supports them ( #29840 )
2024-08-13 10:08:43 -04:00
Beto Dealmeida
fb15278f97
fix: catalog permission check ( #29581 )
2024-07-12 21:00:13 -04:00
Beto Dealmeida
a56f656a83
fix: small fixes to the catalog migration ( #29579 )
2024-07-12 20:49:30 -04:00
Beto Dealmeida
67df4e3ce3
fix: prevent guest users from changing columns ( #29530 )
2024-07-10 12:26:51 -04:00
John Bodley
8fb8199a55
chore(dao/command): Add transaction decorator to try to enforce "unit of work" ( #24969 )
2024-06-28 12:33:56 -07:00
Beto Dealmeida
8e15d4807f
chore: s/MockFixture/MockerFixture/g ( #29160 )
2024-06-10 12:35:07 -04:00
Beto Dealmeida
ba2cf5dbbc
chore: unit tests for catalog_access ( #28406 )
2024-05-09 14:41:33 -04:00
Beto Dealmeida
e90246fd1f
feat(SIP-95): permissions for catalogs ( #28317 )
2024-05-06 11:41:58 -04:00
Beto Dealmeida
36290ce72f
fix: guest queries ( #27566 )
2024-03-19 11:20:52 -04:00
Beto Dealmeida
376bfd05bd
fix: pass valid SQL to SM ( #27464 )
2024-03-18 15:38:58 -04:00
Beto Dealmeida
36fd3c0bf8
feat: improve _extract_tables_from_sql ( #26748 )
2024-03-18 13:02:58 -04:00
Beto Dealmeida
735b895dd5
fix: check if guest user modified query ( #27484 )
2024-03-12 21:28:06 -04:00
Daniel Vaz Gaspar
ceda51617b
fix: CSRF exempt unit_tests ( #27168 )
2024-02-20 16:18:30 +00:00
Daniel Vaz Gaspar
5b34395689
fix: chart import validation ( #26993 )
2024-02-06 12:14:02 +00:00
Beto Dealmeida
fade4806ce
fix: prevent guest user from modifying metrics ( #26749 )
2024-01-29 12:59:33 -05:00
Daniel Vaz Gaspar
549abb542b
fix: REST API CSRF exempt list ( #25590 )
2023-10-10 12:53:37 +01:00
Beto Dealmeida
42e8d1b498
chore: improve schema security ( #23385 )
2023-03-17 08:05:50 -07:00
Beto Dealmeida
1b95da7487
fix: table schema permissions ( #23356 )
2023-03-14 15:18:18 -07:00