feat(auth): when user is not logged in, failure to access a dashboard should redirect to login screen (#30380)

2024-09-25 14:26:26 -04:00 · 2024-09-25 14:26:26 -04:00 · 69d5f766a8
parent 18c2376b50
commit 69d5f766a8
1 changed files with 9 additions and 2 deletions
--- a/superset/views/core.py
+++ b/superset/views/core.py
@ -792,9 +792,16 @@ class Superset(BaseSupersetView):
        try:
            dashboard.raise_for_access()
        except SupersetSecurityException as ex:
+            # anonymous users should get the login screen, others should go to dashboard list
+            if g.user is None or g.user.is_anonymous:
+                redirect_url = f"{appbuilder.get_url_for_login}?next={request.url}"
+                warn_msg = "Users must be logged in to view this dashboard."
+            else:
+                redirect_url = "/dashboard/list/"
+                warn_msg = utils.error_msg_from_exception(ex)
            return redirect_with_flash(
-                url="/dashboard/list/",
-                message=utils.error_msg_from_exception(ex),
+                url=redirect_url,
+                message=warn_msg,
                category="danger",
            )
        add_extra_log_payload(