def raise_for_dashboard_access(self, dashboard: "Dashboard") -> None: """ Raise an exception if the user cannot access the dashboard. This does not check for the required role/permission pairs, it only concerns itself with entity relationships. :param dashboard: Dashboard the user wants access to :raises DashboardAccessDeniedError: If the user cannot access the resource """ # pylint: disable=import-outside-toplevel from superset import is_feature_enabled from superset.dashboards.commands.exceptions import DashboardAccessDeniedError from superset.views.base import is_user_admin from superset.views.utils import is_owner def has_rbac_access() -> bool: return (not is_feature_enabled("DASHBOARD_RBAC")) or any( dashboard_role.id in [user_role.id for user_role in self.get_user_roles()] for dashboard_role in dashboard.roles) if self.is_guest_user(): can_access = self.has_guest_access( GuestTokenResourceType.DASHBOARD, dashboard.id) else: can_access = (is_user_admin() or is_owner(dashboard, g.user) or (dashboard.published and has_rbac_access()) or (not dashboard.published and not dashboard.roles)) if not can_access: raise DashboardAccessDeniedError()
def raise_for_dashboard_access(dashboard: "Dashboard") -> None: """ Raise an exception if the user cannot access the dashboard. :param dashboard: Dashboard the user wants access to :raises DashboardAccessDeniedError: If the user cannot access the resource """ # pylint: disable=import-outside-toplevel from superset import is_feature_enabled from superset.dashboards.commands.exceptions import DashboardAccessDeniedError from superset.views.base import get_user_roles, is_user_admin from superset.views.utils import is_owner has_rbac_access = True if is_feature_enabled("DASHBOARD_RBAC"): has_rbac_access = any( dashboard_role.id in [user_role.id for user_role in get_user_roles()] for dashboard_role in dashboard.roles ) can_access = ( is_user_admin() or is_owner(dashboard, g.user) or (dashboard.published and has_rbac_access) or (not dashboard.published and not dashboard.roles) ) if not can_access: raise DashboardAccessDeniedError()
def raise_for_dashboard_access(dashboard: Dashboard) -> None: from superset.views.base import get_user_roles, is_user_admin from superset.views.utils import is_owner if is_feature_enabled("DASHBOARD_RBAC"): has_rbac_access = any(dashboard_role.id in [user_role.id for user_role in get_user_roles()] for dashboard_role in dashboard.roles) can_access = (is_user_admin() or is_owner(dashboard, g.user) or (dashboard.published and has_rbac_access)) if not can_access: raise DashboardAccessDeniedError()
def check_access(dataset_id: int, chart_id: Optional[int], actor: User) -> None: check_dataset_access(dataset_id) if not chart_id: return chart = ChartDAO.find_by_id(chart_id) if chart: can_access_chart = (is_user_admin() or is_owner(chart, actor) or security_manager.can_access( "can_read", "Chart")) if can_access_chart: return raise ChartAccessDeniedError() raise ChartNotFoundError()