Feature Request - Login Page redirection on clicking on a Dashboard link

[santosh-sahoo334]

I have a Superset instance with Google OAuth enabled. When I share any Dashboard link - https://mydomain.superset.com/superset/dashboard/12 within my team, it says you don't have access to this Dashboard. Its a valid scenario considering the user is not yet authenticated. What I want is-when the user click on the above link , it should redirect the user to login page instead of complaining about the dashboard access.

This behavior is similar to what most of the modern websites offer ( on clicking on a random link, user should be re-directed to login page )

[sfirke]

+1 here on Superset 2.0.0. My users get a plain HTML page with You don't have access to this dashboard. when they aren't logged in. They have to be taught the pattern to first log in every time, then click the desired URL.

Possible contributing factors: I have a Public role configured and in use, as well as the DASHBOARD_RBAC flag enabled.

I see two use cases to address:

• Someone not logged in is trying to view a dashboard. This could be a user with permissions who is logged out, or the public user.
• A user is logged in, but does not have access to see a dashboard

I think the desired pattern would be:

• If no access and not logged in, prompt them to log in (and redirect to original target upon login)
• If no access and yes logged in, give the message "You don't have access to this dashboard." This would benefit from a richer page, e.g., with the Superset nav bar at the top instead of just a bare HTML page. There should not be a login prompt.

[sfirke]

This is also important for embedding a Superset dashboard on an internal intranet page. Users can figure out to click "Login" if that's the prompt, but if they see "you don't have access" it's not clear that they need to log in to Superset in another browser tab.

[nytai]

Con you note your superset version? The redirect to auth behavior was added somewhat recently.

[santosh-sahoo334]

@nytai I am on Superset v1.5.1

[sfirke]

v2.0.0 here.

[nytai]

Ok this might actually be an issue with dashboard rbac feature. It should probably throw a missing auth error if the user is not logged in and public role isn’t in the dashboard roles, otherwise the permissions error should be thrown

[nytai]

Here’s the source code for the dashboard rbac feature, if one of you is interested in implementing this

superset/superset/security/manager.py

Line 1967 in a77b2d6

def raise_for_dashboard_access(self, dashboard: "Dashboard") -> None:

[sfirke]

I'm new to Python & the Superset codebase so would require support (like your pointer, thank you). Would it be something as simple as an addition like:

if (not "Public" in dashboard.roles) and (self.is_anonymous):
    return redirect(appbuilder.get_url_for_login)

At line 1996?

[dheeraj281]

@nytai @sfirke I have raised a PR #23280 for the issue. Please take a look.

[sfirke]

This PR was merged yesterday to implement this feature: #30380 If interested, please try it out on master branch and see if there are any issues.