Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix the Gamma role user experience #359

Closed
alanmcruickshank opened this issue Apr 15, 2016 · 5 comments
Closed

Fix the Gamma role user experience #359

alanmcruickshank opened this issue Apr 15, 2016 · 5 comments
Labels
enhancement:request Enhancement request submitted by anyone from the community

Comments

@alanmcruickshank
Copy link
Contributor

While logged in as a user without access rights to save new dashboard positioning and css, if they click the "Save the current positioning and CSS" button, they get a modal message "Success, This dashboard was saved successfully." although it hasn't been successful (and if you reload the dashboard the changes have not been saved - which is the correct behaviour for a user without sufficient rights).

Either the modal message should say "Unable to save dashboard due to insufficient access permissions", or the save button should be hidden for users without sufficient rights. I think one tidy solution might be to hide/disable the entire multi-button (refresh, filter, css, edit, save) for users without edit rights.
@mistercrunch
Copy link
Member

Right. We need to iron out the gamma user experience and fix some other things around security. It's pretty rough right now.

@mistercrunch mistercrunch added the enhancement:request Enhancement request submitted by anyone from the community label Apr 16, 2016
@mistercrunch mistercrunch changed the title Dashboard Save Positioning Access Rights - Wrong User Message Fix the Gamma role user experience Apr 16, 2016
@sid88in
Copy link
Contributor

sid88in commented Apr 16, 2016
edited
Loading

I have disabled some of these features in #298 based on access permissions. They cannot be clicked if the user does not have respective access permissions.

@alanmcruickshank
Copy link
Contributor Author

#298 looks great for slices, any chance we could do something very very similar for dashboards too?

@sid88in
Copy link
Contributor

sid88in commented Apr 21, 2016

I added features for dashboard as well in the same PR. Saving dashboard etc is disabled now.

@xrmx
Copy link
Contributor

xrmx commented Aug 5, 2016

On current master the "Save the current positioning and CSS" does not give any feedback when the save fails. I think we just need to disable the button if the user don't have enough permissions to save it. Same goes for "Add a new slice to the dashboard"

@xrmx xrmx mentioned this issue Aug 5, 2016
Merged
xrmx added a commit to xrmx/superset that referenced this issue Aug 5, 2016
@xrmx
dashboard: don't enable buttons that would fail
5b8fd85 
With gamma users saving the dashboard model would fail if they
are not owner of the dashboard.
So if that's not the case just disable the "Add a new slice to
the dashboard" and "Save the current positioning and CSS".

Refs apache#359
xrmx added a commit to xrmx/superset that referenced this issue Aug 5, 2016
@xrmx
gamma: filter the sqla tables the user has access to
8df2924 
Refs apache#359
xrmx added a commit to xrmx/superset that referenced this issue Aug 5, 2016
@xrmx
gamma: filter slices available for dashboards in DashboardModelView
d94c961 
Refs apache#359
xrmx added a commit to xrmx/superset that referenced this issue Aug 5, 2016
@xrmx
gamma: limit owners to dashboard to self
045233b 
As we don't want to leak other users to unpriviliged users

Refs apache#359
mistercrunch pushed a commit that referenced this issue Aug 11, 2016
@xrmx @mistercrunch
dashboard: don't enable buttons that would fail (#881)
71bdabe 
With gamma users saving the dashboard model would fail if they
are not owner of the dashboard.
So if that's not the case just disable the "Add a new slice to
the dashboard" and "Save the current positioning and CSS".

Refs #359
mistercrunch pushed a commit that referenced this issue Aug 17, 2016
@xrmx @mistercrunch
Refine gamma experience (#883)
061d4f1 
* gamma: filter the sqla tables the user has access to

Refs #359

* gamma: filter slices available for dashboards in DashboardModelView

Refs #359

* gamma: limit owners to dashboard to self

As we don't want to leak other users to unpriviliged users

Refs #359
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement:request Enhancement request submitted by anyone from the community
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@xrmx @mistercrunch @sid88in @alanmcruickshank