fix: do not render favorite favStars and filters for anonymous user (#14120)

* fix: do not render favorite favStar and filter for anonymous user * fix: prevent anonymous user to trigger the favstar view route * fix: lint over previous commit * fix: linter follow-up
2024-09-12 00:29:39 -04:00 · 2021-05-14 17:05:50 +02:00 · 2021-05-14 17:05:50 +02:00 · 74473e2ad1
commit 74473e2ad1
parent 97c9e37c24
6 changed files with 97 additions and 67 deletions
--- a/superset-frontend/src/explore/components/ExploreChartHeader.jsx
+++ b/superset-frontend/src/explore/components/ExploreChartHeader.jsx
@ -148,13 +148,15 @@ export class ExploreChartHeader extends React.PureComponent {

          {this.props.slice && (
            <StyledButtons>
-              <FaveStar
-                itemId={this.props.slice.slice_id}
-                fetchFaveStar={this.props.actions.fetchFaveStar}
-                saveFaveStar={this.props.actions.saveFaveStar}
-                isStarred={this.props.isStarred}
-                showTooltip
-              />
+              {this.props.userId && (
+                <FaveStar
+                  itemId={this.props.slice.slice_id}
+                  fetchFaveStar={this.props.actions.fetchFaveStar}
+                  saveFaveStar={this.props.actions.saveFaveStar}
+                  isStarred={this.props.isStarred}
+                  showTooltip
+                />
+              )}
              <PropertiesModal
                show={this.state.isPropertiesModalOpen}
                onHide={this.closePropertiesModal}
--- a/superset-frontend/src/explore/components/ExploreChartPanel.jsx
+++ b/superset-frontend/src/explore/components/ExploreChartPanel.jsx
@ -252,6 +252,7 @@ const ExploreChartPanel = props => {
      form_data={props.form_data}
      timeout={props.timeout}
      chart={props.chart}
+      userId={props.userId}
    />
  );

--- a/superset-frontend/src/explore/components/ExploreViewContainer.jsx
+++ b/superset-frontend/src/explore/components/ExploreViewContainer.jsx
@ -592,6 +592,7 @@ function mapStateToProps(state) {
    timeout: explore.common.conf.SUPERSET_WEBSERVER_TIMEOUT,
    ownState: dataMask[form_data.slice_id]?.ownState,
    impressionId,
+    userId: explore.user_id,
  };
 }

--- a/superset-frontend/src/views/CRUD/chart/ChartList.tsx
+++ b/superset-frontend/src/views/CRUD/chart/ChartList.tsx
@ -42,6 +42,7 @@ import SubMenu, { SubMenuProps } from 'src/components/Menu/SubMenu';
 import FaveStar from 'src/components/FaveStar';
 import ListView, {
  ListViewProps,
+  Filter,
  Filters,
  SelectOption,
  FilterOperator,
@ -195,23 +196,27 @@ function ChartList(props: ChartListProps) {

  const columns = useMemo(
    () => [
-      {
-        Cell: ({
-          row: {
-            original: { id },
-          },
-        }: any) => (
-          <FaveStar
-            itemId={id}
-            saveFaveStar={saveFavoriteStatus}
-            isStarred={favoriteStatus[id]}
-          />
-        ),
-        Header: '',
-        id: 'id',
-        disableSortBy: true,
-        size: 'xs',
-      },
+      ...(props.user.userId
+        ? [
+            {
+              Cell: ({
+                row: {
+                  original: { id },
+                },
+              }: any) => (
+                <FaveStar
+                  itemId={id}
+                  saveFaveStar={saveFavoriteStatus}
+                  isStarred={favoriteStatus[id]}
+                />
+              ),
+              Header: '',
+              id: 'id',
+              disableSortBy: true,
+              size: 'xs',
+            },
+          ]
+        : []),
      {
        Cell: ({
          row: {
@ -377,9 +382,27 @@ function ChartList(props: ChartListProps) {
        hidden: !canEdit && !canDelete,
      },
    ],
-    [canEdit, canDelete, canExport, favoriteStatus],
+    [
+      canEdit,
+      canDelete,
+      canExport,
+      ...(props.user.userId ? [favoriteStatus] : []),
+    ],
  );

+  const favoritesFilter: Filter = {
+    Header: t('Favorite'),
+    id: 'id',
+    urlDisplay: 'favorite',
+    input: 'select',
+    operator: FilterOperator.chartIsFav,
+    unfilteredLabel: t('Any'),
+    selects: [
+      { label: t('Yes'), value: true },
+      { label: t('No'), value: false },
+    ],
+  };
+
  const filters: Filters = [
    {
      Header: t('Owner'),
@ -465,18 +488,7 @@ function ChartList(props: ChartListProps) {
      ),
      paginate: false,
    },
-    {
-      Header: t('Favorite'),
-      id: 'id',
-      urlDisplay: 'favorite',
-      input: 'select',
-      operator: FilterOperator.chartIsFav,
-      unfilteredLabel: t('Any'),
-      selects: [
-        { label: t('Yes'), value: true },
-        { label: t('No'), value: false },
-      ],
-    },
+    ...(props.user.userId ? [favoritesFilter] : []),
    {
      Header: t('Search'),
      id: 'slice_name',
--- a/superset-frontend/src/views/CRUD/dashboard/DashboardList.tsx
+++ b/superset-frontend/src/views/CRUD/dashboard/DashboardList.tsx
@ -32,6 +32,7 @@ import ConfirmStatusChange from 'src/components/ConfirmStatusChange';
 import SubMenu, { SubMenuProps } from 'src/components/Menu/SubMenu';
 import ListView, {
  ListViewProps,
+  Filter,
  Filters,
  FilterOperator,
 } from 'src/components/ListView';
@ -189,23 +190,27 @@ function DashboardList(props: DashboardListProps) {

  const columns = useMemo(
    () => [
-      {
-        Cell: ({
-          row: {
-            original: { id },
-          },
-        }: any) => (
-          <FaveStar
-            itemId={id}
-            saveFaveStar={saveFavoriteStatus}
-            isStarred={favoriteStatus[id]}
-          />
-        ),
-        Header: '',
-        id: 'id',
-        disableSortBy: true,
-        size: 'xs',
-      },
+      ...(props.user.userId
+        ? [
+            {
+              Cell: ({
+                row: {
+                  original: { id },
+                },
+              }: any) => (
+                <FaveStar
+                  itemId={id}
+                  saveFaveStar={saveFavoriteStatus}
+                  isStarred={favoriteStatus[id]}
+                />
+              ),
+              Header: '',
+              id: 'id',
+              disableSortBy: true,
+              size: 'xs',
+            },
+          ]
+        : []),
      {
        Cell: ({
          row: {
@ -357,9 +362,27 @@ function DashboardList(props: DashboardListProps) {
        disableSortBy: true,
      },
    ],
-    [canEdit, canDelete, canExport, favoriteStatus],
+    [
+      canEdit,
+      canDelete,
+      canExport,
+      ...(props.user.userId ? [favoriteStatus] : []),
+    ],
  );

+  const favoritesFilter: Filter = {
+    Header: t('Favorite'),
+    id: 'id',
+    urlDisplay: 'favorite',
+    input: 'select',
+    operator: FilterOperator.dashboardIsFav,
+    unfilteredLabel: t('Any'),
+    selects: [
+      { label: t('Yes'), value: true },
+      { label: t('No'), value: false },
+    ],
+  };
+
  const filters: Filters = [
    {
      Header: t('Owner'),
@ -414,18 +437,7 @@ function DashboardList(props: DashboardListProps) {
        { label: t('Draft'), value: false },
      ],
    },
-    {
-      Header: t('Favorite'),
-      id: 'id',
-      urlDisplay: 'favorite',
-      input: 'select',
-      operator: FilterOperator.dashboardIsFav,
-      unfilteredLabel: t('Any'),
-      selects: [
-        { label: t('Yes'), value: true },
-        { label: t('No'), value: false },
-      ],
-    },
+    ...(props.user.userId ? [favoritesFilter] : []),
    {
      Header: t('Search'),
      id: 'dashboard_title',
--- a/superset/views/core.py
+++ b/superset/views/core.py
@ -1747,6 +1747,8 @@ class Superset(BaseSupersetView):  # pylint: disable=too-many-public-methods
        self, class_name: str, obj_id: int, action: str
    ) -> FlaskResponse:
        """Toggle favorite stars on Slices and Dashboard"""
+        if not g.user.get_id():
+            return json_error_response("ERROR: Favstar toggling denied", status=403)
        session = db.session()
        count = 0
        favs = (