-
Notifications
You must be signed in to change notification settings - Fork 14.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Make sure anonymous user with proper permissions can access data #415
Conversation
Coverage increased (+0.4%) to 81.353% when pulling 33f04ddcbfffdd9f8358e65c3ae75f42280963bd on asydorchuk:master into 77e4d4b on airbnb:master. |
@@ -32,10 +32,16 @@ | |||
log_this = models.Log.log_this | |||
|
|||
|
|||
def get_roles(): |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
get_user_roles
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done.
This is great overall! I like the idea but I'm more concerned about testing public not having access to slices and dashboards. Maybe the tests should give access to only one dataset and confirm that only that dataset is accessible. We may want to add a configuration flag |
Let me know if you want to take on |
Coverage increased (+0.4%) to 81.353% when pulling d33accb66fe41d26d5f376c54088a18ca19eb45b on asydorchuk:master into 77e4d4b on airbnb:master. |
I agree about testing public not having access to the specific slices or dashboards. Going to add more tests. Regarding PUBLIC_ROLE_LIKE_GAMMA flag, let's have it as a separate pull request. |
Coverage increased (+0.4%) to 81.369% when pulling 8c00ab15c1a389c80878b057835081775261d23a on asydorchuk:master into 77e4d4b on airbnb:master. |
@mistercrunch please have another look. In order to make the tests work, I needed to replace lazy_gettext with gettext method for flashing translations. The issue and behavior I was getting otherwise is described here: pallets/flask#812 |
Ok this is good! I'm planning on adding support for role definition as part of the configurations in the near future. |
Thanks! Config role definitions sounds like a great addition. We use puppet in our organization and that would simplify caravel setup on service machines. I am going to prepare a separate pull request for PUBLIC_ROLE_LIKE_GAMMA flag. |
Bumps [lint-staged](https://github.com/okonet/lint-staged) from 10.1.3 to 10.2.0. - [Release notes](https://github.com/okonet/lint-staged/releases) - [Commits](lint-staged/lint-staged@v10.1.3...v10.2.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Bumps [lint-staged](https://github.com/okonet/lint-staged) from 10.1.3 to 10.2.0. - [Release notes](https://github.com/okonet/lint-staged/releases) - [Commits](lint-staged/lint-staged@v10.1.3...v10.2.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Bumps [lint-staged](https://github.com/okonet/lint-staged) from 10.1.3 to 10.2.0. - [Release notes](https://github.com/okonet/lint-staged/releases) - [Commits](lint-staged/lint-staged@v10.1.3...v10.2.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
Bumps [lint-staged](https://github.com/okonet/lint-staged) from 10.1.3 to 10.2.0. - [Release notes](https://github.com/okonet/lint-staged/releases) - [Commits](lint-staged/lint-staged@v10.1.3...v10.2.0) Signed-off-by: dependabot-preview[bot] <support@dependabot.com> Co-authored-by: dependabot-preview[bot] <27856297+dependabot-preview[bot]@users.noreply.github.com>
The current implementation will throw exception when listing or accessing dashboards for the anonymous user that belongs to Public role and has proper permissions, because id and roles properties are not defined for flask AnonymousUserMixin.