feat(auth): when user is not logged in, failure to access a dashboard…

… should redirect to login screen (apache#30380)
preset-io · Sep 25, 2024 · 69d5f76 · 69d5f76
1 parent 18c2376
commit 69d5f76
Showing 1 changed file with 9 additions and 2 deletions.
diff --git a/superset/views/core.py b/superset/views/core.py
@@ -792,9 +792,16 @@ def dashboard(
         try:
             dashboard.raise_for_access()
         except SupersetSecurityException as ex:
+            # anonymous users should get the login screen, others should go to dashboard list
+            if g.user is None or g.user.is_anonymous:
+                redirect_url = f"{appbuilder.get_url_for_login}?next={request.url}"
+                warn_msg = "Users must be logged in to view this dashboard."
+            else:
+                redirect_url = "/dashboard/list/"
+                warn_msg = utils.error_msg_from_exception(ex)
             return redirect_with_flash(
-                url="/dashboard/list/",
-                message=utils.error_msg_from_exception(ex),
+                url=redirect_url,
+                message=warn_msg,
                 category="danger",
             )
         add_extra_log_payload(