django-sql-dashboard icon indicating copy to clipboard operation
django-sql-dashboard copied to clipboard

Published 20 hours ago verified publisher icon simonw

Make "export all to csv/tsv" button available on saved dashboards to users with execute_sql permission

Open toolness opened this issue 4 years ago • 3 comments
trafficstars

It looks like this button, which was added in #50, might only be available on unsaved dashboards? Either that or I'm somehow not seeing it on the saved dashboard page...

toolness avatar Jun 22 '21 15:06 toolness

This is deliberate, because the "export all" operation is potentially quite expensive - I don't want to accidentally open that up to anyone on a public dashboard, since that could potentially be used for a denial of service attack.

simonw avatar Jul 01 '21 03:07 simonw

It is however a frustrating limitation - maybe the answer here is to enable it on saved dashboards but only for users who have the execute_sql permission.

simonw avatar Jul 01 '21 03:07 simonw

Er, so yeah, in practice this has definitely been a frustrating limitation, since almost all of our use cases for the dashboard are for generating long lists of results to be exported as CSV. Mind if I issue a PR that does what you proposed above (enabling "export all as CSV" but only for users who have the execute_sql permission)?

toolness avatar Aug 05 '21 13:08 toolness