mirror of https://github.com/buster-so/buster.git
af7e969af8
* fix permission check on post_dataset rest * refactor: enhance dataset overview access lineage and permission checks - Updated the `get_dataset_overview` function to conditionally add default access lineage based on user roles and existing access paths. - Simplified the logic for adding user roles to the lineage, ensuring clarity and maintainability. - Improved handling for the `RestrictedQuerier` role to include checks for existing access before adding default lineage, enhancing permission accuracy. - Streamlined code by removing redundant checks and consolidating role handling, optimizing overall readability. * feat: Enhance permission group handling and data retrieval - Introduced a new `PermissionGroupInfo` struct to encapsulate detailed information about permission groups, including user and dataset counts. - Updated the `get_permission_group` and `list_permission_groups` functions to improve data retrieval and error handling. - Refactored SQL queries in `list_permission_groups` to include additional joins for counting users and datasets associated with permission groups, enhancing the overall functionality and clarity of the API. - Streamlined code for better readability and maintainability, ensuring consistent handling of user and permission group data. * refactor: Improve dataset access handling and permission checks - Enhanced the `get_restricted_user_datasets` and `get_restricted_user_datasets_with_metadata` functions to include additional permission checks for dataset groups and permission groups. - Consolidated SQL queries to ensure proper filtering of deleted records and improved clarity in dataset retrieval logic. - Introduced new joins and filters to handle dataset group permissions, ensuring accurate access control for users. - Streamlined code for better readability and maintainability, enhancing overall functionality in dataset access management. * fix: Update SQL migration and seed data for user attributes - Modified the SQL migration to specify the schema for the `users` table, ensuring clarity in the update statement. - Adjusted the seed data for `users_to_organizations` to change the `organization_id` from 'public' to 'none', reflecting a more accurate state for user roles and organization associations. - Ensured consistency in the formatting of SQL insert statements for better readability. * fix: Prevent users from updating their own profiles - Added a check in the `update_user_handler` to prevent users from updating their own information, returning an error if they attempt to do so. - This change enhances security by ensuring that users cannot modify their own records, which could lead to unauthorized changes. * refactor: Simplify dashboard permission queries by removing team-based joins - Removed left joins with `teams_to_users` table in dashboard permission queries - Simplified permission checks to only filter by direct user ID - Updated queries in `get_user_dashboard_permission`, `get_bulk_user_dashboard_permission`, and `list_dashboards_handler` - Streamlined SQL query logic for more direct and efficient permission checks |
||
|---|---|---|
| .. | ||
| 2024-06-03-034617_create_organizations | ||
| 2024-06-03-034618_create_users | ||
| 2024-06-03-034619_create_users_to_organizations | ||
| 2024-06-03-035237_create_api_keys | ||
| 2024-06-03-040003_create_teams | ||
| 2024-06-03-040138_create_teams_to_users | ||
| 2024-06-03-220858_create_data_sources | ||
| 2024-06-03-221241_create_datasets | ||
| 2024-06-03-221610_create_permission_groups | ||
| 2024-06-03-221828_create_datasets_to_permission_groups | ||
| 2024-06-03-222323_create_terms | ||
| 2024-06-03-223319_create_collections | ||
| 2024-06-03-223320_create_dashboards | ||
| 2024-06-03-223321_create_threads | ||
| 2024-06-03-223322_create_messages | ||
| 2024-06-03-224321_create_dashboard_versions | ||
| 2024-06-07-180843_create_dataset_columns | ||
| 2024-06-18-230440_create_threads_to_dashboards | ||
| 2024-07-08-175008_create_asset_permissions | ||
| 2024-07-08-175124_create_collections_to_assets | ||
| 2024-07-08-175134_permission_groups_to_identities | ||
| 2024-07-23-214547_create_user_favorites | ||
| 2024-07-24-194453_create_terms_to_datasets | ||
| 2024-08-06-220651_webhook_functions | ||
| 2024-08-09-224447_auth_user_creation | ||
| 2024-08-12-173526_cron_to_delete_anon_users | ||
| 2024-08-16-170337_stored_values_on_dataset_columns | ||
| 2024-11-14-155519_add_organization_id_to_thread | ||
| 2024-11-19-195358_add_entity_relationship_table | ||
| 2024-11-26-141715_add_env_to_data_sources | ||
| 2024-11-26-151750_add_unique_constraint_to_data_sources | ||
| 2024-11-26-170536_semantic_attributes | ||
| 2024-12-17-180014_sql_evaluations_table | ||
| 2024-12-20-203412_asset_search | ||
| 2024-12-23-200017_terms_search | ||
| 2025-01-01-212411_drop_webhooks_for_typesense | ||
| 2025-01-08-163102_add_dataset_groups_adjust_teams_adjust_permissions | ||
| 2025-01-09-044455_add_yaml_field_for_datasets | ||
| 2025-01-09-183703_add_unique_constraint_on_datasets | ||
| 2025-01-16-154339_rls_policies_on_new_tables | ||
| 2025-01-17-180051_user_attributes | ||
| 2025-01-17-182615_user_info_cache | ||
| 2025-01-20-221752_add_dataset_gropus_to_permission_groups_and_users | ||
| 2025-01-21-172028_unique_constraint_on_dataset_groups_association | ||
| 2025-01-21-184456_fix_dataset_to_dataset_groups_table | ||