Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

fix: query search low privileged user search access denied #11017

Merged
merged 1 commit into from
Sep 23, 2020
Merged

fix: query search low privileged user search access denied #11017

merged 1 commit into from
Sep 23, 2020

Conversation

dpgaspar
Copy link
Member

SUMMARY

Fixes: #10830 When a user does not have all_query_access and filters the query search by himself (by clicking it's name for example) the API return HTTP 403 and should return success and data.

ADDITIONAL INFORMATION

@dpgaspar dpgaspar requested a review from villebro September 23, 2020 10:43
villebro
villebro approved these changes Sep 23, 2020
View reviewed changes
Copy link
Member

@villebro villebro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Many small improvements here 👍 LGTM

@dpgaspar
Copy link
Member Author

thks for the review @villebro

@dpgaspar dpgaspar merged commit ba009b7 into apache:master Sep 23, 2020
@dpgaspar dpgaspar deleted the fix/query-search-low-user branch September 23, 2020 13:16
@nytai nytai mentioned this pull request Sep 23, 2020
Closed
6 tasks
rorymillersoft referenced this pull request in nets-aric/incubator-superset Oct 16, 2020
@rorymillersoft
Merge branch 'master' into superset_additions
320ab1e 
* master: (466 commits)
  chore: bump pandas to latest stable version (#11018)
  fix: dashboard edit button (again) (#11029)
  style(explore): use tertiary button against gray background (#11011)
  docs: add security vulnerability GH issue template (#11023)
  fix: [dashboard] should not show edit button when user has no edit permit (#11024)
  fix: timer component, fixes #10849, closes #11002 (#11004)
  fix: enable several pylint rules partially in db_engines_specs module (#11000)
  fix: pylint checks in connectors/sqla/models.py (#10974)
  fix: reenable pylint rule `unused-import` in charts and connectors modules (#11014)
  Enabled pylint rules in `db_engines` module: (#11016)
  fix: changes a pylint check in dashboard module (#10978)
  fix: menu shows a 0 when there are not settings (#11009)
  fix: query search low privileged user search access denied (#11017)
  chore: downgrade expected exception from error to info (#10994)
  fix: Add Item Overflow on Dataset Editor (#10983)
  Bring back import menu (#11007)
  feat(listview): feature flag config to set default viewing mode (#10986)
  build: add react-hooks linting (#11006)
  fix: unbreak ci (#11003)
  fix: enable pylint rules in db_engine_specs module (#10998)
  ...

# Conflicts:
#	requirements.txt
#	superset/app.py
#	superset/models/schedules.py
#	superset/tasks/schedules.py
#	superset/translations/messages.pot
auxten pushed a commit to auxten/incubator-superset that referenced this pull request Nov 20, 2020
@dpgaspar @auxten
fix: query search low privileged user search access denied (apache#11017
fb47601 
)
@mistercrunch mistercrunch added 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 0.38.0 labels Mar 12, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers

@villebro villebro villebro approved these changes

Assignees
No one assigned
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels size/S 🚢 0.38.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Query Search, empty page with 403 error
3 participants
@dpgaspar @villebro @mistercrunch