Vitor-Avila opened a new pull request, #34319:
URL: https://github.com/apache/superset/pull/34319
### SUMMARY
This PR exposes drilling capabilities to embedded users via a new FF:
`DRILLING_IN_EMBEDDED`. Highlights:
**New API endpoint**
A new API endpoint was created for drilling:
`/api/v1/dataset/{{pk}}/drill_info/`. Previously, the drilling context (columns
to drill, dataset info to display in the `useDatasetMetadataBar` etc) were
loaded from `/api/v1/dataset/{{pk}}`. Exposing this entire endpoint to embedded
users is not ideal, as it exposes a lot of metadata.
**Server-side validations**
* Previously, the backend would return all dataset columns, and then the
client would filter out columns that have `groupby=False`. This would allow
embedded users to find out names of other columns that should not be exposed.
* Specifically for embedded users, there's also server-side validation to
prevent a user to manipulate the API call and drill by a column that has
`groupby=False`.
**Bonus**
* This PR also fixes drilling for `DASHBOARD_RBAC`,
* It improves performance by reducing repetitive calls. The call to load the
drill context was moved up to `ChartContextMenu` and it's passed to
`DrillDetail`, `DrillBy` and `useDatasetMetadataBar`.
* The new API endpoint relies on FAB's `select_columns`, to filter the
returned columns at the SQL query level (not at the response level) which also
improves performance.
### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
I'll add a video soon
### TESTING INSTRUCTIONS
Test coverage added. For manual testing:
**Embedded**
1. Make sure the embedded role has the required permissions to perform
drilling operations.
2. Enable the `DRILLING_IN_EMBEDDED` FF.
3. Load a dashboard in embedded mode.
4. Validate the right-click menu on a chart exposes the drilling options.
5. Confirm the dialogs don't expose additional information or not useful
buttons.
Same thing for `DASHBOARD_RBAC`, just replace step 1 with:
1. Make sure the user is added to a role that 1) does not have access to the
dashboard datasets and 2) has the required permissions to drill.
### ADDITIONAL INFORMATION
<!--- Check any relevant boxes with "x" -->
<!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue -->
- [ ] Has associated issue:
- [ ] Required feature flags:
- [ ] Changes UI
- [ ] Includes DB Migration (follow approval process in
[SIP-59](https://github.com/apache/superset/issues/13351))
- [ ] Migration is atomic, supports rollback & is backwards-compatible
- [ ] Confirm DB migration upgrade and downgrade tested
- [ ] Runtime estimates and downtime expectations provided
- [ ] Introduces new feature or API
- [ ] Removes existing feature or API
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
