Commit Graph

270 Commits

Author SHA1 Message Date
Ville Brofeldt
2112fbd379 feat(subjects): add read-only Subject REST API and DAO (#41897) 2026-07-10 04:29:34 -07:00
Gabriel Torres Ruiz
1fd43ffe52 feat(mcp): scope embedded-guest data reads to the token's dashboards (#41753) 2026-07-09 14:58:01 -03:00
Ville Brofeldt
33f0fc93ed feat: introduce Subject model and entity editors/viewers (#38831) 2026-07-08 11:00:03 -07:00
Mike Bridge
04f8b700d7 feat(datasets): soft-delete and restore (#40130)
Co-authored-by: Mike Bridge <michael.bridge@ext.preset.io>
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
2026-07-07 08:57:08 -07:00
Yuriy Krasilnikov
ab0e77c1cb fix(embedded): allow guest users to sort by visible columns (#37371)
Co-authored-by: Amin Ghadersohi <amin.ghadersohi@gmail.com>
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
2026-07-02 15:50:56 -07:00
Evan Rusackas
adc03ce525 refactor: make import/expression layer SQLAlchemy 2.0-compatible (#41179)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-29 11:38:59 -07:00
Evan Rusackas
0fd244b5c6 fix(security): reject unknown fields on guest-token RLS rules (#41217)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-24 16:16:43 -07:00
Evan Rusackas
386893f9f2 feat(security): record audit metadata on guest token issuance (#41305)
Co-authored-by: Amin Ghadersohi <amin.ghadersohi@gmail.com>
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
2026-06-23 11:25:44 -07:00
Evan Rusackas
1d3daf2ac8 fix(security): return generic error and log internally in RoleRestAPI.get_list (#41295)
Co-authored-by: Amin Ghadersohi <amin.ghadersohi@gmail.com>
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
2026-06-23 11:24:26 -07:00
Evan Rusackas
5e8a0c0244 fix(embedded): allow guest users to sort table columns in embedded dashboards (#41218)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-23 10:10:55 -07:00
Harshit-Tiwary
36781fbf47 fix(i18n): wrap table access error message with gettext for translation (#38489)
Co-authored-by: Evan <evan@preset.io>
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-22 20:28:05 -07:00
Alexandru Soare
6d08e79259 feat(security): Add extension hooks for custom access control, ownership, and asset lifecycle (#40707) 2026-06-16 15:25:03 +03:00
Evan Rusackas
e16bb29faf fix(embedded): allow guests to apply a Time Grain native filter (#32768) (#41017)
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Claude Fable 5 <noreply@anthropic.com>
2026-06-15 15:22:21 -07:00
Evan Rusackas
d120b1c250 feat(security): enforce password complexity policy (min length + common-password blocklist) (#40670)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-13 16:31:23 -07:00
Shaitan
aa3d2b9e81 fix(dashboard): validate native-filter data requests against filter targets (#40979)
Co-authored-by: sha174n <pedro.sousa@preset.io>
Co-authored-by: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
2026-06-13 19:02:28 +01:00
Evan Rusackas
814b72c6f9 feat(security): force password change on first use (opt-in) (#40669)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-11 22:23:10 -07:00
Evan Rusackas
663b47aa75 feat: support guest-token revocation per embedded dashboard (#40676)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-11 19:37:22 -07:00
Evan Rusackas
9938ee273f feat: terminate active sessions when an account is disabled (#40695)
Co-authored-by: Claude Opus 4.8 <noreply@anthropic.com>
2026-06-11 19:37:13 -07:00
Evan Rusackas
5a0e3f15ca feat(embedded): add guest token revocation support (#40671)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-10 09:17:30 -07:00
Amin Ghadersohi
7d69f76127 fix(mcp): API key authentication for MCP — transport, validation, and RBAC (#39604) 2026-06-04 15:04:43 -04:00
Evan Rusackas
aa547da960 fix: remove registration_hash in the registrations API (#40643)
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-04 09:43:03 -07:00
Shaitan
faa76f6741 fix(embedding): add optional dataset allowlist to guest tokens (#39302)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-06-03 12:55:09 +01:00
Shaitan
6eaee211aa fix(sqllab): require dataset match for raw query access (#40409)
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
2026-06-02 21:50:27 +01:00
Michael Gerber
041ecbc248 fix(embedded): resolve guest user permissions in user_view_menu_names (#39197)
Co-authored-by: Evan Rusackas <evan@preset.io>
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Claude Code <noreply@anthropic.com>
2026-06-01 10:30:05 -07:00
Shaitan
afc4f3c9b3 fix(database): extend URI blocklist to cover duckdb dialect (#40402)
Co-authored-by: Claude Opus 4.7 <noreply@anthropic.com>
2026-05-30 13:26:38 -07:00
Mike Bridge
b2320820b4 feat(core): SoftDeleteMixin and restore infrastructure (#39977)
Co-authored-by: Mike Bridge <michael.bridge@ext.preset.io>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-29 13:08:10 -07:00
Shaitan
f663f47628 fix(embedding): require non-default JWT secret when embedded dashboards are enabled (#39999)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-28 14:26:40 -07:00
Shaitan
407321e394 fix(database): extend shillelagh URI pattern to cover all driver variants (#39995)
Co-authored-by: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-15 12:04:34 +01:00
Beto Dealmeida
cb53745d43 feat: semantic layer extension (#37815) 2026-05-05 12:07:46 -04:00
Beto Dealmeida
edf4d03218 chore: bump rison to 2.0.0 (#39529) 2026-04-24 15:52:42 -04:00
Daniel Vaz Gaspar
f6c5219e89 fix(security): add UserSAMLModelView to USER_MODEL_VIEWS (#39568)
Co-authored-by: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-22 17:47:41 +01:00
Vitor Avila
c7955a38ef fix: Drill to Detail for Embedded (#39214)
Co-authored-by: Maxime Beauchemin <maximebeauchemin@gmail.com>
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-09 17:01:48 -03:00
Daniel Vaz Gaspar
5815665cc6 feat: role/user CRUD events and login/logout tracking in the action log (#39121)
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
2026-04-09 15:55:25 +01:00
Ville Brofeldt
e56f8cc4fb fix(security_manager): custom auth_view issue (#39098) 2026-04-06 09:04:59 -07:00
Mehmet Salih Yavuz
95f61bd223 fix: add parent_slice_id for multilayer charts to embed (#38243) 2026-03-12 21:21:43 +03:00
Enzo Martellucci
a17f38a4e2 fix(embedded): add CurrentUserRestApi read permission to Public role defaults (#38474) 2026-03-10 00:08:37 +01:00
Hugh A. Miles II
61fbfda501 feat(security): add granular export controls (Phase 1) (#38361) 2026-03-09 16:44:56 -04:00
Kamil Gabryjelski
3e3c9686de perf(dashboard): Batch RLS filter lookups for dashboard digest computation (#37941) 2026-02-16 21:35:55 +01:00
Jonathan Alberth Quispe Fuentes
88ce1425e2 fix(roles): optimize user fetching and resolve N+1 query issue (#37235) 2026-02-12 09:32:19 -08:00
Alexandru Soare
9ea5ded988 fix(dashboard): Prevent fatal error when database connection is unavailable (#37576) 2026-02-06 20:52:17 -08:00
Martyn Gigg
e4f649e49c fix(superset-frontend): Fixes for broken functionality when an application root is defined (#36058) 2026-01-23 14:13:48 -08:00
Sam Firke
2c1a33fd32 fix(roles): allow Public role to read themes (#37295) 2026-01-21 10:52:42 -08:00
Evan Rusackas
5909e90081 feat(security): add built-in Public role for anonymous dashboard access (#36548)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2026-01-05 10:27:10 -08:00
Beto Dealmeida
ecb4e483df fix: apply EXCLUDE_USERS_FROM_LISTS to /api/v1/security/users/ (#36742)
Co-authored-by: Claude Opus 4.5 <noreply@anthropic.com>
2025-12-23 15:18:34 -08:00
Vitor Avila
737a5162e4 fix: Use is_active for guest users (#36716) 2025-12-17 17:23:22 -03:00
Shunki
440cbc4c1f fix(roles): Add missing SQLLab permissions for estimate and format (#36263) 2025-12-08 14:40:38 -08:00
Beto Dealmeida
16e6452b8c feat: Explorable protocol (#36245) 2025-12-04 13:18:34 -05:00
Amin Ghadersohi
92d8139136 fix(security): enable AUTH_RATE_LIMITED to work correctly (#36195)
Co-authored-by: Joe Li <joe@preset.io>
2025-11-20 10:23:49 -08:00
Ville Brofeldt
c2baba50f9 chore: abstract models and daos into superset-core (#35259) 2025-11-14 17:00:44 -08:00
Beto Dealmeida
f3e620cd0f fix: RLS in virtual datasets (#36061) 2025-11-14 14:21:09 -05:00