* rename and move dao file
* Update dao.py
* add cachekey
* Update __init__.py
* change reference in query context test
* add utils ref
* more ref changes
* add helpers
* add todo in dashboard.py
* add cachekey
* circular import error in dar.py
* push rest of refs
* fix linting
* fix more linting
* update enum
* remove references for connector registry
* big reafctor
* take value
* fix
* test to see if removing value works
* delete connectregistry
* address concerns
* address comments
* fix merge conflicts
* address concern II
* address concern II
* fix test
Co-authored-by: Phillip Kelley-Dotson <pkelleydotson@yahoo.com>
* move postForm to superset client
* lint
* fix lint
* fix type
* update tests
* add tests
* add test for form submit
* add test for request form
* lint
* fix test
* fix tests
* more tests
* more tests
* test
* lint
* more test for postForm
* lint
* Update superset-frontend/packages/superset-ui-core/test/connection/SupersetClientClass.test.ts
Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com>
* update tests
* remove useless test
* make test cover happy
* make test cover happy
* make test cover happy
* make codecov happy
* make codecov happy
Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com>
* remove druid datasource from the config
* remove config related references to DruidDatasource
* Update __init__.py
* Update __init__.py
* Update manager.py
* remove config related references to DruidDatasource
* raise if instance type is not valid
* embedded dashboard model
* embedded dashboard endpoints
* DRY up using the with_dashboard decorator elsewhere
* wip
* check feature flags and permissions
* wip
* sdk
* urls
* dao option for id column
* got it working
* Update superset/embedded/view.py
* use the curator check
* put back old endpoint, for now
* allow access by either embedded.uuid or dashboard.id
* keep the old endpoint around, for the time being
* openapi
* lint
* lint
* lint
* test stuff
* lint, test
* typo
* Update superset-frontend/src/embedded/index.tsx
* Update superset-frontend/src/embedded/index.tsx
* fix tests
* bump sdk
* add aud claim and type for guest token
* update test
* lint
* make jwt audience configurable
* lint
* Apply suggestions from code review
Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com>
* verify aud
* add tests for aud and type claim
Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com>
* feat(dashboard): embedded dashboard UI configuration (#17175) (#17450)
* setup embedded provider
* update ui configuration
* fix test
* feat: Guest token (for embedded dashboard auth) (#17517)
* generate an embed token
* improve existing tests
* add some auth setup, and rename token
* fix the stuff for compatibility with external request loaders
* docs, standard jwt claims, tweaks
* black
* lint
* tests, and safer token decoding
* linting
* type annotation
* prettier
* add feature flag
* quiet pylint
* apparently typing is a problem again
* Make guest role name configurable
* fake being a non-anonymous user
* just one log entry
* customizable algo
* lint
* lint again
* 403 works now!
* get guest token from header instead of cookie
* Revert "403 works now!"
This reverts commit df2f49a6d4.
* fix tests
* Revert "Revert "403 works now!""
This reverts commit 883dff38f1.
* rename method
* correct import
* feat: entry for embedded dashboard (#17529)
* create entry for embedded dashboard in webpack
* add cookies
* lint
* token message handshake
* guestTokenHeaderName
* use setupClient instead of calling configure
* rename the webpack chunk
* simplified handshake
* embedded entrypoint: render a proper app
* make the embedded page accept anonymous connections
* format
* lint
* fix test
# Conflicts:
# superset-frontend/src/embedded/index.tsx
# superset/views/core.py
* lint
* Update superset-frontend/src/embedded/index.tsx
Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com>
* comment out origins checks
* move embedded for core to dashboard
* pylint
* isort
Co-authored-by: David Aaron Suddjian <aasuddjian@gmail.com>
Co-authored-by: David Aaron Suddjian <1858430+suddjian@users.noreply.github.com>
* feat: Authorizing guest access to embedded dashboards (#17757)
* helper methods and dashboard access
* guest token dashboard authz
* adjust csrf exempt list
* eums don't work that way
* Remove unnecessary import
* move row level security tests to their own file
* a bit of refactoring
* add guest token security tests
* refactor tests
* clean imports
* variable names can be too long apparently
* missing argument to get_user_roles
* don't redefine builtins
* remove unused imports
* fix test import
* default to global user when getting roles
* missing import
* mock it
* test get_user_roles
* infer g.user for ease of tests
* remove redundant check
* tests for guest user security manager fns
* use algo to get rid of warning messages
* tweaking access checks
* fix guest token security tests
* missing imports
* more tests
* more testing and also some small refactoring
* move validation out of parsing
* fix dashboard access check again
* add more test
Co-authored-by: Lily Kuang <lily@preset.io>
* feat: Row Level Security rules for guest tokens (#17836)
* helper methods and dashboard access
* guest token dashboard authz
* adjust csrf exempt list
* eums don't work that way
* Remove unnecessary import
* move row level security tests to their own file
* a bit of refactoring
* add guest token security tests
* refactor tests
* clean imports
* variable names can be too long apparently
* missing argument to get_user_roles
* don't redefine builtins
* remove unused imports
* fix test import
* default to global user when getting roles
* missing import
* mock it
* test get_user_roles
* infer g.user for ease of tests
* remove redundant check
* tests for guest user security manager fns
* use algo to get rid of warning messages
* tweaking access checks
* fix guest token security tests
* missing imports
* more tests
* more testing and also some small refactoring
* move validation out of parsing
* fix dashboard access check again
* rls rules for guest tokens
* test guest token rls rules
* more flexible rls rules
* lint
* fix tests
* fix test
* defaults
* fix some tests
* fix some tests
* lint
Co-authored-by: Lily Kuang <lily@preset.io>
* SupersetClient guest token test
* Apply suggestions from code review
Co-authored-by: Lily Kuang <lily@preset.io>
Co-authored-by: Lily Kuang <lily@preset.io>
* fix: Dashboard access when RBAC is disabled
* Sends 403 when forbidden
* Fixes issort
* Changes assertion
* Allow access to unpublished dashboards that don't have roles
* Fixes the test_get_dashboard_changed_on test
* feat: auto sync dataset metadata when change dataset
* diablo sync button when edit mode
* handle undefine schema
* fix py UT
* fix FE UT
* improve test coverage
* fix UT
