"Open in Iodide" button should not be available for queries accessing restricted datasets (e.g. search) #59
Comments
|
Hm, I don't think we can identify which of the data sources are restricted programmatically, so we'd have to maintain a list of them in redash-stmo instead and check it before doing the request against Iodide. |
I think it would be best to hide (or disable) the button for these cases. But I don't think having a hard-coded list would be so bad -- maybe it's best to do it as a whitelist, rather than a blacklist (in case a new secret data source is added) |
|
Sure, which data sources would be allowed? |
Maybe just the list that is assigned to the group "default"? Actually, now that I look at it, could we just filter on that somehow? It seems to contain most of the things people would reasonably want to make iodide dashboards out of: |
|
I've moved this issue to iodide-project/redash-iodide#1 since the Iodide plugin now lives there. |
One mitigation item mentioned by the RRA we did on the Iodide server was that the "open in iodide" button should not be made available for queries that use a restricted dataset (e.g. search).
If this is relatively easy, we should probably just do it. /cc @jezdez @openjck
The text was updated successfully, but these errors were encountered: