-
Notifications
You must be signed in to change notification settings - Fork 14k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
feat: customize recent activity access #17589
Conversation
f00e45b
to
bc95eb4
Compare
Codecov Report
@@ Coverage Diff @@
## master #17589 +/- ##
==========================================
+ Coverage 68.85% 68.86% +0.01%
==========================================
Files 1597 1597
Lines 65251 65283 +32
Branches 6950 6950
==========================================
+ Hits 44927 44959 +32
Misses 18439 18439
Partials 1885 1885
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
8745955
to
055a20f
Compare
055a20f
to
aae37fa
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
2 minor nits, otherwise looks and works great!
superset-frontend/src/components/TableLoader/TableLoader.test.tsx
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
SUMMARY
Adds a config flag
ENABLE_BROAD_ACTIVITY_ACCESS
that makes it possible to disable access to other users' recent activity data, both via the API and the profile page. In addition, a security manager methodraise_for_user_activity_access
is introduced to make it possible to fine tune who can and can't access recent activity data.BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
When the flag is set to false, trying to access other users' activity data returns a 403 which is displayed on the profile page tables with the message "Access to user activity data is restricted" (in the screenshot the user is viewing another user's profile page):
With the default settings, accessing other users' activity data is allowed (current behavior unchanged):
TESTING INSTRUCTIONS
ENABLE_BROAD_ACTIVITY_ACCESS = False
insuperset_config.py
admin
test
/superset/profile/test
ENABLE_BROAD_ACTIVITY_ACCESS
flag insuperset_config.py
/superset/profile/test
ADDITIONAL INFORMATION