Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: query search low privileged user search access denied #11017

Merged
merged 1 commit into from
Sep 23, 2020

Conversation

dpgaspar
Copy link
Member

SUMMARY

Fixes: #10830 When a user does not have all_query_access and filters the query search by himself (by clicking it's name for example) the API return HTTP 403 and should return success and data.

ADDITIONAL INFORMATION

Copy link
Member

@villebro villebro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Many small improvements here 👍 LGTM

@dpgaspar
Copy link
Member Author

thks for the review @villebro

@dpgaspar dpgaspar merged commit ba009b7 into apache:master Sep 23, 2020
@dpgaspar dpgaspar deleted the fix/query-search-low-user branch September 23, 2020 13:16
rorymillersoft referenced this pull request in nets-aric/incubator-superset Oct 16, 2020
* master: (466 commits)
  chore: bump pandas to latest stable version (#11018)
  fix: dashboard edit button (again) (#11029)
  style(explore): use tertiary button against gray background (#11011)
  docs: add security vulnerability GH issue template (#11023)
  fix: [dashboard] should not show edit button when user has no edit permit (#11024)
  fix: timer component, fixes #10849, closes #11002 (#11004)
  fix: enable several pylint rules partially in db_engines_specs module (#11000)
  fix: pylint checks in connectors/sqla/models.py (#10974)
  fix: reenable pylint rule `unused-import` in charts and connectors modules (#11014)
  Enabled pylint rules in `db_engines` module: (#11016)
  fix: changes a pylint check in dashboard module (#10978)
  fix: menu shows a 0 when there are not settings (#11009)
  fix: query search low privileged user search access denied (#11017)
  chore: downgrade expected exception from error to info (#10994)
  fix: Add Item Overflow on Dataset Editor (#10983)
  Bring back import menu (#11007)
  feat(listview): feature flag config to set default viewing mode (#10986)
  build: add react-hooks linting (#11006)
  fix: unbreak ci (#11003)
  fix: enable pylint rules in db_engine_specs module (#10998)
  ...

# Conflicts:
#	requirements.txt
#	superset/app.py
#	superset/models/schedules.py
#	superset/tasks/schedules.py
#	superset/translations/messages.pot
auxten pushed a commit to auxten/incubator-superset that referenced this pull request Nov 20, 2020
@mistercrunch mistercrunch added 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 0.38.0 labels Mar 12, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels size/S 🚢 0.38.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Query Search, empty page with 403 error
3 participants