-
Notifications
You must be signed in to change notification settings - Fork 14.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: disallow users from viewing other user's profile on config #21302
fix: disallow users from viewing other user's profile on config #21302
Conversation
Codecov Report
@@ Coverage Diff @@
## master #21302 +/- ##
==========================================
+ Coverage 66.44% 66.50% +0.05%
==========================================
Files 1784 1789 +5
Lines 68237 68381 +144
Branches 7263 7279 +16
==========================================
+ Hits 45342 45474 +132
+ Misses 21026 21020 -6
- Partials 1869 1887 +18
Flags with carried forward coverage won't be shown. Click here to find out more.
📣 We’re building smart automated test selection to slash your CI/CD build times. Learn more |
}: any) => | ||
enableBroadUserAccess ? ( | ||
<a href={changedByUrl}> | ||
{lastSavedBy?.first_name |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A minor enhancement, but since this is the same as the one below, can you please put it in a separate constant and just reference it in both places
@@ -1335,6 +1335,7 @@ def EMAIL_HEADER_MUTATOR( # pylint: disable=invalid-name,unused-argument | |||
MENU_HIDE_USER_INFO = False | |||
|
|||
# Set to False to only allow viewing own recent activity | |||
# or to disallow users from viewing other users profile page |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking at the code we are just removing the links to the profiles. Is there anything else that is actually blocking the user to visit a profile?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, on the backend change, the call to get_user_activity_access_error
will assert if ENABLE_BROAD_ACTIVITY_ACCESS
is True
or not, if it's False
and the user_id is not equal to the current user, the response will be 403 with an error msg. Following same pattern already in-place on other endpoints on /superset
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok thanks for adding that
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM!
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM with a miniscule nit
@@ -213,14 +215,19 @@ function ChartList(props: ChartListProps) { | |||
const canExport = | |||
hasPerm('can_export') && isFeatureEnabled(FeatureFlag.VERSIONED_EXPORT); | |||
const initialSort = [{ id: 'changed_on_delta_humanized', desc: true }]; | |||
|
|||
const enableBroadUserAccess = | |||
bootstrapData?.common?.conf?.ENABLE_BROAD_ACTIVITY_ACCESS || false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably better safe than sorry, but in a similar context on the backend we always do config["ENABLE_BROAD_ACTIVITY_ACCESS"]
instead of ``config.get("ENABLE_BROAD_ACTIVITY_ACCESS")`, since we assume the variable should always be defined. So maybe we could get by with
bootstrapData?.common?.conf?.ENABLE_BROAD_ACTIVITY_ACCESS || false; | |
bootstrapData?.common?.conf?.ENABLE_BROAD_ACTIVITY_ACCESS; |
(arguably that whole bootstrapData
object with all nested fields should also be fully available)
@@ -132,6 +133,8 @@ function DashboardList(props: DashboardListProps) { | |||
const [importingDashboard, showImportModal] = useState<boolean>(false); | |||
const [passwordFields, setPasswordFields] = useState<string[]>([]); | |||
const [preparingExport, setPreparingExport] = useState<boolean>(false); | |||
const enableBroadUserAccess = | |||
bootstrapData?.common?.conf?.ENABLE_BROAD_ACTIVITY_ACCESS || false; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
same here
SUMMARY
Allowing users to access each others profiles is not ideal and can give unwanted access to lightly sensitive (private) data, that option is not ideal to every company, but can be perfectly fine for others.
ENABLE_BROAD_ACTIVITY_ACCESS
is a config option that is already in-place and restricts access for a user to access other user's activity access. That data is shown on the profile page.This PR leverages the same config key to enable/disable links and access to profiles from dashboards and charts.
BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
With
ENABLE_BROAD_ACTIVITY_ACCESS = True
(default) nothing changesWith
ENABLE_BROAD_ACTIVITY_ACCESS = False
Trying to access other user's profile, by changing the URL directly:
TESTING INSTRUCTIONS
ADDITIONAL INFORMATION