195 Commits

Author	SHA1	Message	Date
Beto Dealmeida	e0172a24b8	fix(embedded): sankey charts (#30491)	2024-10-02 13:45:35 -04:00
Geido	de3af85ee1	feat(Digest): Add RLS at digest generation for Charts and Dashboards (#30336) ... Co-authored-by: Ville Brofeldt <33317356+villebro@users.noreply.github.com>	2024-09-24 15:39:11 +02:00
David Markey	a31a4eebdd	feat(embedded): add hook to allow superset admins to validate guest token parameters (#30132) ... Co-authored-by: David Markey <markey@rapidraitngs.com>	2024-09-10 22:49:56 -06:00
hao-zhuventures	e2c4435cab	fix: use StrEnum type for GuestTokenResourceType to fix token parsing (#30042)	2024-08-29 13:06:30 -07:00
Michael S. Molina	d497dcad41	fix: Security manager incorrect calls (#29884)	2024-08-23 11:39:45 -03:00
Hugh A. Miles II	7650c47e72	fix: Gamma users shouldn't be able to create roles (#29687)	2024-08-20 20:14:20 -04:00
Beto Dealmeida	39209c2b40	fix: handle empty catalog when DB supports them (#29840)	2024-08-13 10:08:43 -04:00
Beto Dealmeida	ae0edbfdce	chore: add catalog_access to OBJECT_SPEC_PERMISSIONS (#29650)	2024-07-19 19:40:05 -04:00
Beto Dealmeida	fb15278f97	fix: catalog permission check (#29581)	2024-07-12 21:00:13 -04:00
Beto Dealmeida	67df4e3ce3	fix: prevent guest users from changing columns (#29530)	2024-07-10 12:26:51 -04:00
Daniel Vaz Gaspar	241834205f	fix: remove info from datasource access error (#29470)	2024-07-08 14:39:20 +01:00
John Bodley	8fb8199a55	chore(dao/command): Add transaction decorator to try to enforce "unit of work" (#24969)	2024-06-28 12:33:56 -07:00
John Bodley	466dda2b14	chore(security): Clean up session/commit logic (#29381)	2024-06-26 12:57:51 -07:00
Elizabeth Thompson	bb9f326f9b	chore: change security error level (#28641)	2024-06-05 15:43:22 -07:00
Eyal Ezer	07b2449bd7	refactor: Unify all json.(loads|dumps) usage to utils.json (#28702) ... Co-authored-by: Eyal Ezer <eyal.ezer@ge.com>	2024-05-28 14:17:41 -07:00
Vitor Avila	0fdb4b7c23	chore(tags): Handle tagging as part of asset update call (#28570)	2024-05-28 11:41:31 -04:00
Vitor Avila	6232aac95a	chore(D2D): Add granular permission for dashboard drilling operations (#28435)	2024-05-15 15:31:30 +01:00
Beto Dealmeida	e6a85c5901	fix: export/import catalogs (#28408)	2024-05-09 14:42:03 -04:00
Beto Dealmeida	e90246fd1f	feat(SIP-95): permissions for catalogs (#28317)	2024-05-06 11:41:58 -04:00
Maxime Beauchemin	513852b7c3	fix: all_database_access should enable access to all datasets/charts/dashboards (#28205)	2024-05-02 09:25:14 -07:00
Beto Dealmeida	6cf681df68	feat(SIP-95): new endpoint for table metadata (#28122)	2024-04-25 12:23:49 -04:00
Maxime Beauchemin	2d63722150	chore: set up ruff as a new linter/formatter (#28158)	2024-04-24 17:19:53 -07:00
Daniel Vaz Gaspar	e465876ed4	feat: new Excel upload form and API (#28105)	2024-04-19 14:19:42 +01:00
Daniel Vaz Gaspar	54387b4589	feat: new CSV upload form and API (#27840)	2024-04-15 09:38:51 +01:00
John Bodley	28cbedb82f	fix: Leverage actual database for rendering Jinjarized SQL (#27646)	2024-03-27 08:12:25 +13:00
John Bodley	b25dd0c055	fix(sql_parse): Ensure table extraction handles Jinja templating (#27470)	2024-03-22 13:39:28 +13:00
Beto Dealmeida	36290ce72f	fix: guest queries (#27566)	2024-03-19 11:20:52 -04:00
Beto Dealmeida	376bfd05bd	fix: pass valid SQL to SM (#27464)	2024-03-18 15:38:58 -04:00
Beto Dealmeida	735b895dd5	fix: check if guest user modified query (#27484)	2024-03-12 21:28:06 -04:00
Michael S. Molina	8a46694ce9	fix: Missing SQL Lab permission (#27361)	2024-03-01 13:08:39 -05:00
Daniel Vaz Gaspar	c96e38c07c	fix: removes old deprecated sqllab endpoints (#27117)	2024-02-15 15:58:48 +00:00
John Bodley	847ed3f5b0	refactor: Ensure Flask framework leverages the Flask-SQLAlchemy session (Phase II) (#26909)	2024-02-14 06:20:15 +13:00
Geido	595c6ce3e6	chore: Add granular permissions for actions in Dashboard (#27029)	2024-02-09 16:25:32 +02:00
Vitor Avila	01e2f8ace3	fix(security manager): Users should not have access to all draft dashboards (#27015)	2024-02-07 09:20:41 -07:00
Daniel Vaz Gaspar	5b34395689	fix: chart import validation (#26993)	2024-02-06 12:14:02 +00:00
Beto Dealmeida	fade4806ce	fix: prevent guest user from modifying metrics (#26749)	2024-01-29 12:59:33 -05:00
Geido	6c029ce2e8	chore: Add permission to view and drill on Dashboard context (#26798)	2024-01-29 18:28:10 +01:00
Beto Dealmeida	c0b57bd1c3	feat(sqlparse): improve table parsing (#26476)	2024-01-22 11:16:50 -05:00
John Bodley	df79522160	refactor: Ensure Flask framework leverages the Flask-SQLAlchemy session (#26200)	2024-01-18 08:27:29 +13:00
Daniel Vaz Gaspar	8e19f59dd2	fix: create virtual dataset validation (#26625)	2024-01-17 09:11:15 +00:00
John Bodley	07bcfa9b5f	chore(command): Organize Commands according to SIP-92 (#25850)	2023-11-22 16:55:54 -03:00
John Bodley	07551dc3d4	chore(connector): Cleanup base models and views according to SIP-92 (#24773)	2023-11-21 10:11:50 -08:00
John Bodley	dd58b31cc4	chore(sqlalchemy): Remove erroneous SQLAlchemy ORM session.merge operations (#24776)	2023-11-20 17:25:41 -08:00
John Bodley	7804d1451e	chore(security): Make get_database_perm/get_dataset_perm return optional (#24046)	2023-10-31 08:23:42 -07:00
Sandeep Patel	eb9cd2a2a5	refactor: Issue #25040; Refactored sync_role_definition function in order to reduce number of query. (#25340)	2023-10-11 11:29:52 -06:00
EugeneTorap	42d0474cc2	chore: Update pylint to 2.17.7 (#25566)	2023-10-09 11:51:41 -07:00
Josh Soref	0735680674	chore(backend): Spelling (#25457) ... Signed-off-by: Josh Soref <2119212+jsoref@users.noreply.github.com>	2023-09-29 09:36:50 -07:00
Jack Fragassi	fba66c6250	fix: Use RLS clause instead of ID for cache key (#25229)	2023-09-18 11:37:35 -07:00
Sebastian Liebscher	e585db85b6	chore: use contextlib.surpress instead of passing on error (#24896) ... Co-authored-by: John Bodley <4567245+john-bodley@users.noreply.github.com>	2023-08-29 10:09:01 -06:00
Jack Fragassi	2b8d8da22a	fix: Allow embedded guest user datasource access with dashboard context (#25081)	2023-08-28 09:48:21 -07:00