Allow users to view dashboards they own

superset/views/core.py

@@ -26,7 +26,7 @@
 import simplejson as json
 from six import text_type
 import sqlalchemy as sqla
-from sqlalchemy import and_, create_engine, update
+from sqlalchemy import and_, create_engine, or_, update
 from sqlalchemy.engine.url import make_url
 from sqlalchemy.exc import IntegrityError
 from unidecode import unidecode
@@ -158,27 +158,34 @@ def apply(self, query, func):  # noqa
 
 class DashboardFilter(SupersetFilter):
 
-    """List dashboards for which users have access to at least one slice"""
+    """List dashboards for which users have access to at least one slice or are owners"""
 
     def apply(self, query, func):  # noqa
         if self.has_all_datasource_access():
             return query
         Slice = models.Slice  # noqa
         Dash = models.Dashboard  # noqa
+        User = security_manager.user_model
         # TODO(bogdan): add `schema_access` support here
         datasource_perms = self.get_view_menus('datasource_access')
         slice_ids_qry = (
             db.session
             .query(Slice.id)
             .filter(Slice.perm.in_(datasource_perms))
         )
+        owner_ids_qry = (
+            db.session
+            .query(Dash.id)
+            .join(Dash.owners)
+            .filter(User.id == User.get_user_id())
+        )
         query = query.filter(
-            Dash.id.in_(
+            or_(Dash.id.in_(
                 db.session.query(Dash.id)
                 .distinct()
                 .join(Dash.slices)
                 .filter(Slice.id.in_(slice_ids_qry)),
-            ),
+            ), Dash.id.in_(owner_ids_qry)),
         )
         return query
 

tests/dashboard_tests.py

@@ -295,6 +295,42 @@ def test_only_owners_can_save(self):
         db.session.commit()
         self.test_save_dash('alpha')
 
+    def test_owners_can_view_empty_dashboard(self):
+        dash = (
+            db.session
+            .query(models.Dashboard)
+            .filter_by(slug='empty_dashboard')
+            .first()
+        )
+        if not dash:
+            dash = models.Dashboard()
+            dash.dashboard_title = 'Empty Dashboard'
+            dash.slug = 'empty_dashboard'
+        else:
+            dash.slices = []
+            dash.owners = []
+        db.session.merge(dash)
+        db.session.commit()
+
+        gamma_user = security_manager.find_user('gamma')
+        self.login(gamma_user.username)
+
+        resp = self.get_resp('/dashboardmodelview/list/')
+        self.assertNotIn('/superset/dashboard/empty_dashboard/', resp)
+
+        dash = (
+            db.session
+            .query(models.Dashboard)
+            .filter_by(slug='empty_dashboard')
+            .first()
+        )
+        dash.owners = [gamma_user]
+        db.session.merge(dash)
+        db.session.commit()
+
+        resp = self.get_resp('/dashboardmodelview/list/')
+        self.assertIn('/superset/dashboard/empty_dashboard/', resp)
+
 
 if __name__ == '__main__':
     unittest.main()