-
Notifications
You must be signed in to change notification settings - Fork 13k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
"Error 403 Forbidden" displayed on an embedded chart when using a particular aggregation function in the chart metric #29106
Comments
Hey there, @mathilderv! 👋 I'm here to help you with your Superset issue. I'm a bot that can help you solve bugs, answer questions, and become a contributor. Let's get to the bottom of this together! The "403 Forbidden" error for charts using aggregation functions such as From the provided code: if result_format in ChartDataResultFormat.table_like():
# Verify user has permission to export file
if not security_manager.can_access("can_csv", "Superset"):
return self.response_403() This snippet indicates that if the result format is table-like (which includes formats like CSV), the system checks if the user has the "can_csv" permission. If the user lacks this permission, a "403 Forbidden" response is returned. Aggregation functions like To resolve this issue, ensure that the user embedding the charts has the necessary permissions, specifically the "can_csv" permission in Superset [1]. |
@dosu You are mentioning a "can_csv" permission: is it a permission that should be implemented elsewhere ? thanks |
The "can_csv" permission mentioned is indeed the same as the "can csv on Superset" permission. However, there might be another permission that is required for embedding charts with certain aggregation functions. Ensure that the user also has the "explore_json" permission. This permission is necessary for accessing the To add the "explore_json" permission to a role:
This should resolve the "403 Forbidden" error when embedding charts with |
I have verified for all of my users and they all have the "can csv on Superset" and the "can explore json on Superset" permissions. Could there be another reason to my issue ? |
Yes, there could be another reason for the "403 Forbidden" error when embedding charts with the The Here is the relevant part of the def raise_for_access(
self,
dashboard: Optional["Dashboard"] = None,
chart: Optional["Slice"] = None,
database: Optional["Database"] = None,
datasource: Optional["BaseDatasource"] = None,
query: Optional["Query"] = None,
query_context: Optional["QueryContext"] = None,
table: Optional["Table"] = None,
viz: Optional["BaseViz"] = None,
sql: Optional[str] = None,
catalog: Optional[str] = None,
schema: Optional[str] = None,
) -> None:
# ... (other checks)
if datasource or query_context or viz:
form_data = None
if query_context:
datasource = query_context.datasource
form_data = query_context.form_data
elif viz:
datasource = viz.datasource
form_data = viz.form_data
assert datasource
if not (
self.can_access_schema(datasource)
or self.can_access("datasource_access", datasource.perm or "")
or self.is_owner(datasource)
or (
form_data
and (dashboard_id := form_data.get("dashboardId"))
and (
dashboard_ := self.get_session.query(Dashboard)
.filter(Dashboard.id == dashboard_id)
.one_or_none()
)
and (
(is_feature_enabled("DASHBOARD_RBAC") and dashboard_.roles)
or (
is_feature_enabled("EMBEDDED_SUPERSET")
and self.is_guest_user()
)
)
and (
(
form_data.get("type") == "NATIVE_FILTER"
and (native_filter_id := form_data.get("native_filter_id"))
and dashboard_.json_metadata
and (json_metadata := json.loads(dashboard_.json_metadata))
and any(
target.get("datasetId") == datasource.id
for fltr in json_metadata.get(
"native_filter_configuration",
[],
)
for target in fltr.get("targets", [])
if native_filter_id == fltr.get("id")
)
)
or (
form_data.get("type") != "NATIVE_FILTER"
and (slice_id := form_data.get("slice_id"))
and (
slc := self.get_session.query(Slice)
.filter(Slice.id == slice_id)
.one_or_none()
)
and slc in dashboard_.slices
and slc.datasource == datasource
)
)
and self.can_access_dashboard(dashboard_)
)
):
raise SupersetSecurityException(
self.get_datasource_access_error_object(datasource)
)
# ... (other checks) In this method, the checks for Additionally, the Therefore, even if you have the necessary permissions, other factors such as the specific configuration of the datasource, the form data, the dashboard roles, or the query context might be causing the error [1][2]. |
Bug description
I am embedding a dashboard in another app. Embedding does not work when the chart metrics are using some of the aggregation functions :
On the Superset tool itself, there's no visible issue. It's only once the chart is embedded that I am encountering this issue and the following error message:
![image](https://private-user-images.githubusercontent.com/139752658/337266168-962d1c87-80e2-499d-a1b1-8963e2cb1153.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTk2OTk4NjgsIm5iZiI6MTcxOTY5OTU2OCwicGF0aCI6Ii8xMzk3NTI2NTgvMzM3MjY2MTY4LTk2MmQxYzg3LTgwZTItNDk5ZC1hMWIxLTg5NjNlMmNiMTE1My5wbmc_WC1BbXotQWxnb3JpdGhtPUFXUzQtSE1BQy1TSEEyNTYmWC1BbXotQ3JlZGVudGlhbD1BS0lBVkNPRFlMU0E1M1BRSzRaQSUyRjIwMjQwNjI5JTJGdXMtZWFzdC0xJTJGczMlMkZhd3M0X3JlcXVlc3QmWC1BbXotRGF0ZT0yMDI0MDYyOVQyMjE5MjhaJlgtQW16LUV4cGlyZXM9MzAwJlgtQW16LVNpZ25hdHVyZT01OWQyNjQyZmNhYzAzZTUwZGMzZGY2ZmFhOTY5MjcwYmY1Mjc5YjI2NWQ0Njc0NjEwMjFjYWQxM2Q0ZWQ3OWQxJlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9.za5ETI9oe0MYACKdY_k8kGIAsoyrZo_RoLkLOcRvX9o)
<!doctype html><meta charset="utf-8"><meta name=viewport content="width=device-width, initial-scale=1"><title>403</title>403 Forbidden
How to reproduce the bug
You need to embed the charts in another app to reproduce the bug. There's no sign of the bug on Superset.
MIN
orMAX
orCOUNT
Screenshots/recordings
No response
Superset version
3.1.3
Python version
I don't know
Node version
I don't know
Browser
Chrome
Additional context
No response
Checklist
The text was updated successfully, but these errors were encountered: