Vitor-Avila commented on PR #34319: URL: https://github.com/apache/superset/pull/34319#issuecomment-3119668478
> > Hmm open to suggestions here. We could potentially fully remove the FF and rely solely on validating if the role has the required perms to D2D. Would you say that's better? > > Definitely. Every time we introduce a new feature flag we increase the complexity and maintainability of the codebase. In this case, permissions seem the natural way. @rusackas pointed out that we could also have readonly embedded dashboards, which in this case a configuration like we have for cross-filtering would be more appropriate. Either way works for me and it's better than adding a new feature flag. Awesome -- I'll work on moving to perm-based validation only and remove the FF. I would prefer on that because then we can potentially scope it by user, as opposed to by dashboard. Users can decide what's the desired perms for their embedded users, and if they need it dynamically they could have two roles and dynamically change the role assigned. In the future, if drilling can be disabled at the dashboard level, we can then respect that too in the embedded context (like a dashboard-level override) that could potentially be controlled via the embedded SDK too. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
