fix(dashboard): draft dashboards should be viewable

[ktmud]

SUMMARY

Temp fix for #14175 with some light refactoring:

1. Rename DashboardFilter to DashboardAccessFilter to be more specific---we should do the same for other filters too (ChartFilter, DatasetFilter, etc)
2. Replace get_by_id_or_slug in Dashboard DAO with the same logics used previously by the dashboard view.
3. Added a new inferred column status to replace published, but published is kept for backward compatibility.

TODO: we should replace the boolean column published with a enum column status to support the long-term solution mentioned in #14175 (comment)

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

Before

Gamma user visiting a draft dashboard throws unexpected JS error

After

Users with Superset -> dashboard view access should be able to open a draft dashboard created by other users.

But they won't be able to view it in the dashboard list.

TEST PLAN

CI

For manual verification, see #14175 for details.

ADDITIONAL INFORMATION

• Has associated issue: [Dashboard] Error message for draft/deleted dashboards is not actionable #14175 chore(spa refactor): refactoring dashboard to use api's instead of bootstrapdata #13306
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[ktmud]

A-Z

[pkdotson]

I'll approve this. Frontend code looks good. Looks like the python unit test needs to be updated.

[nytai]

👍 more semantic, I was always a bit confused what DashboardFilter was really doing

[amitmiran137]

this exposes a new security risk: it would be easy to know if a dashboard exists or not even if user doesn't have access to begin with

[ktmud]

But that's just the same as before right? The goal of this PR is to revert the behavior of non-owners having access to draft dashboards. Whether this is a risk that worth further actions is another topic.

[suddjian]

I wonder if it would be more appropriate to change DashboardAccessFilter so that it respects draft dashboards. Seems like there could be other bugs lurking because of that.

Thank you for addressing this, by the way. There have been a couple of regressions due to this so I've made a ticket for myself to write some e2e tests around drafts.

[codecov]

Codecov Report

Merging #14207 (87d2801) into master (ff665fa) will decrease coverage by 0.00%.
The diff coverage is 100.00%.

❗ Current head 87d2801 differs from pull request most recent head 6496f89. Consider uploading reports for the commit 6496f89 to get more accurate results

@@            Coverage Diff             @@
##           master   #14207      +/-   ##
==========================================
- Coverage   76.74%   76.73%   -0.01%     
==========================================
  Files         952      954       +2     
  Lines       48043    48055      +12     
  Branches     5978     5972       -6     
==========================================
+ Hits        36870    36877       +7     
- Misses      10971    10976       +5     
  Partials      202      202              

Flag	Coverage Δ
javascript	72.08% <100.00%> (+0.03%)	⬆️
mysql	80.72% <100.00%> (-0.01%)	⬇️
postgres	80.75% <100.00%> (-0.01%)	⬇️
python	80.80% <100.00%> (-0.04%)	⬇️
sqlite	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
...perset-frontend/src/views/CRUD/alert/AlertList.tsx	75.75% <ø> (ø)
...perset-frontend/src/views/CRUD/chart/ChartList.tsx	72.38% <ø> (ø)
...t-frontend/src/views/CRUD/data/query/QueryList.tsx	71.84% <ø> (ø)
superset-frontend/src/components/ListView/types.ts	100.00% <100.00%> (ø)
...ews/CRUD/annotationlayers/AnnotationLayersList.tsx	77.35% <100.00%> (ø)
...d/src/views/CRUD/csstemplates/CssTemplatesList.tsx	78.26% <100.00%> (ø)
...rontend/src/views/CRUD/dashboard/DashboardList.tsx	74.78% <100.00%> (+0.21%)	⬆️
...uperset-frontend/src/views/CRUD/dashboard/types.ts	100.00% <100.00%> (ø)
...tend/src/views/CRUD/data/database/DatabaseList.tsx	80.00% <100.00%> (ø)
...ontend/src/views/CRUD/data/dataset/DatasetList.tsx	69.93% <100.00%> (ø)
... and 18 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ff665fa...6496f89. Read the comment docs.

[ktmud]

@suddjian previously the list view already filters out draft dashboards for non-owners/admins, so as long as we use DashboardAccessFilter only for the list view, it's OK to let DashboardAccessFilter filer out drafts. There are a couple of unit tests on the API with drafts but they don't seem to align with the original behavior which this PR tries to revert back to.

[ktmud]

This is a duplicate test to https://github.com/apache/superset/blob/7a9036e35d557fccd0ccaeb7277c10b9e1039a70/tests/dashboards/api_tests.py#L221

[ktmud]

@suddjian @pkdotson @amitmiran137 I finally fixed all the test cases but had to change some expected values because the behavior of the API endpoints has changed (what returns 404 before would now return 200---like it does before for the Dashboard page). Would appreciate an extra pair of eyes if you have time.

[etr2460]

lgtm, thanks for the fix!

[etr2460]

yay, new types!