def raise_for_dashboard_access(self, dashboard: "Dashboard") -> None:
"""
Raise an exception if the user cannot access the dashboard.
This does not check for the required role/permission pairs,
it only concerns itself with entity relationships.
:param dashboard: Dashboard the user wants access to
:raises DashboardAccessDeniedError: If the user cannot access the resource
"""
# pylint: disable=import-outside-toplevel
from superset import is_feature_enabled
from superset.dashboards.commands.exceptions import DashboardAccessDeniedError
from superset.views.base import is_user_admin
from superset.views.utils import is_owner
def has_rbac_access() -> bool:
return (not is_feature_enabled("DASHBOARD_RBAC")) or any(
dashboard_role.id in
[user_role.id for user_role in self.get_user_roles()]
for dashboard_role in dashboard.roles)
if self.is_guest_user():
can_access = self.has_guest_access(
GuestTokenResourceType.DASHBOARD, dashboard.id)
else:
can_access = (is_user_admin() or is_owner(dashboard, g.user)
or (dashboard.published and has_rbac_access())
or (not dashboard.published and not dashboard.roles))
if not can_access:
raise DashboardAccessDeniedError()
def raise_for_dashboard_access(dashboard: "Dashboard") -> None:
"""
Raise an exception if the user cannot access the dashboard.
:param dashboard: Dashboard the user wants access to
:raises DashboardAccessDeniedError: If the user cannot access the resource
"""
# pylint: disable=import-outside-toplevel
from superset import is_feature_enabled
from superset.dashboards.commands.exceptions import DashboardAccessDeniedError
from superset.views.base import get_user_roles, is_user_admin
from superset.views.utils import is_owner
has_rbac_access = True
if is_feature_enabled("DASHBOARD_RBAC"):
has_rbac_access = any(
dashboard_role.id in [user_role.id for user_role in get_user_roles()]
for dashboard_role in dashboard.roles
)
can_access = (
is_user_admin()
or is_owner(dashboard, g.user)
or (dashboard.published and has_rbac_access)
or (not dashboard.published and not dashboard.roles)
)
if not can_access:
raise DashboardAccessDeniedError()
def raise_for_dashboard_access(dashboard: Dashboard) -> None:
from superset.views.base import get_user_roles, is_user_admin
from superset.views.utils import is_owner
if is_feature_enabled("DASHBOARD_RBAC"):
has_rbac_access = any(dashboard_role.id in
[user_role.id for user_role in get_user_roles()]
for dashboard_role in dashboard.roles)
can_access = (is_user_admin() or is_owner(dashboard, g.user)
or (dashboard.published and has_rbac_access))
if not can_access:
raise DashboardAccessDeniedError()
def check_access(dataset_id: int, chart_id: Optional[int],
actor: User) -> None:
check_dataset_access(dataset_id)
if not chart_id:
return
chart = ChartDAO.find_by_id(chart_id)
if chart:
can_access_chart = (is_user_admin() or is_owner(chart, actor)
or security_manager.can_access(
"can_read", "Chart"))
if can_access_chart:
return
raise ChartAccessDeniedError()
raise ChartNotFoundError()
