From 69d5f766a89005529c197c2e5424a59ada7a8b68 Mon Sep 17 00:00:00 2001
From: Sam Firke <sfirke@users.noreply.github.com>
Date: Wed, 25 Sep 2024 14:26:26 -0400
Subject: [PATCH] feat(auth): when user is not logged in, failure to access a
 dashboard should redirect to login screen (#30380)

---
 superset/views/core.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/superset/views/core.py b/superset/views/core.py
index 56221b646..1a21934bf 100755
--- a/superset/views/core.py
+++ b/superset/views/core.py
@@ -792,9 +792,16 @@ class Superset(BaseSupersetView):
         try:
             dashboard.raise_for_access()
         except SupersetSecurityException as ex:
+            # anonymous users should get the login screen, others should go to dashboard list
+            if g.user is None or g.user.is_anonymous:
+                redirect_url = f"{appbuilder.get_url_for_login}?next={request.url}"
+                warn_msg = "Users must be logged in to view this dashboard."
+            else:
+                redirect_url = "/dashboard/list/"
+                warn_msg = utils.error_msg_from_exception(ex)
             return redirect_with_flash(
-                url="/dashboard/list/",
-                message=utils.error_msg_from_exception(ex),
+                url=redirect_url,
+                message=warn_msg,
                 category="danger",
             )
         add_extra_log_payload(