Skip to content

feat(search): Add canViewEntityPage permission flag field to search results #15183

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 29 commits into
base: master
Choose a base branch
from
Open

feat(search): Add canViewEntityPage permission flag field to search results #15183

wants to merge 29 commits into from

Conversation

@yorubaphenom
Copy link
Contributor

@yorubaphenom yorubaphenom commented Nov 3, 2025
edited
Loading

Adds canViewEntityPage to the EntityPrivileges GraphQL type, allowing clients to check entity page view permissions through the standard privileges field instead of relying on search result extraProperties.

What Changed
This PR exposes the existing VIEW_ENTITY_PAGE privilege through the GraphQL EntityPrivileges type, making it available via the entity query's privileges field.

Changes Made:

  1. Added canViewEntityPage: Boolean field to GraphQL EntityPrivileges type
  2. Created AuthorizationUtils.isViewEntityPageAuthorized() authorization check method
  3. Made PoliciesConfig.VIEW_ENTITY_PAGE_PRIVILEGE public (was package-private)
  4. Updated EntityPrivilegesResolver.addCommonPrivileges() to populate the new field

Now:
Can now check view permissions directly through the entity's privileges field:

entity {
    ... on Dataset {
      urn
      type
      privileges {
        canViewEntityPage  # Boolean
      }
    }
  }
Screenshot 2025-11-12 at 8 00 28 AM

@github-actions github-actions bot added product PR or Issue related to the DataHub UI/UX community-contribution PR or Issue raised by member(s) of DataHub Community labels Nov 3, 2025
@codecov
Copy link

codecov bot commented Nov 3, 2025
edited
Loading

Bundle Report

Bundle size has no change ✅

@yorubaphenom yorubaphenom marked this pull request as ready for review November 3, 2025 16:50
@datahub-cyborg datahub-cyborg bot added the needs-review Label for PRs that need review from a maintainer. label Nov 3, 2025
@codecov
Copy link

codecov bot commented Nov 3, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ All tests successful. No failed tests found.

📢 Thoughts on this report? Let us know!

@deepgarg760
Copy link
Collaborator

deepgarg760 commented Nov 6, 2025

@yorubaphenom Thanks for the PR, can you add screenshots also depicting before and after state

@datahub-cyborg datahub-cyborg bot added pending-submitter-response Issue/request has been reviewed but requires a response from the submitter and removed needs-review Label for PRs that need review from a maintainer. labels Nov 6, 2025
@deepgarg760
Copy link
Collaborator

deepgarg760 commented Nov 12, 2025

Please add unit tests

@datahub-cyborg datahub-cyborg bot added pending-submitter-response Issue/request has been reviewed but requires a response from the submitter and removed needs-review Label for PRs that need review from a maintainer. labels Nov 12, 2025
sakethvarma397
sakethvarma397 requested changes Nov 12, 2025
View reviewed changes
Copy link
Contributor

@sakethvarma397 sakethvarma397 left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We already expose privileges via the EntityPrivilegeResolver. So, it's only a matter of adding the value of AuthUtils.canViewEntity as canViewEntityPage in EntityPrivileges and that should be it. You can then use it like this:

entity {
   ... on Dataset {
      privileges {
         canViewEntityPage
      }
   }
}

That said, VIEW_AUTHORIZATION_ENABLED flag can be used to restrict search results based on available permissions. So this new privilege may not even be necessary unless there is any other use case.

@datahub-cyborg datahub-cyborg bot added needs-review Label for PRs that need review from a maintainer. and removed pending-submitter-response Issue/request has been reviewed but requires a response from the submitter labels Nov 12, 2025
@yorubaphenom
Copy link
Contributor Author

yorubaphenom commented Nov 12, 2025

We already expose privileges via the EntityPrivilegeResolver. So, it's only a matter of adding the value of AuthUtils.canViewEntity as canViewEntityPage in EntityPrivileges and that should be it. You can then use it like this:

entity {
   ... on Dataset {
      privileges {
         canViewEntityPage
      }
   }
}

That said, VIEW_AUTHORIZATION_ENABLED flag can be used to restrict search results based on available permissions. So this new privilege may not even be necessary unless there is any other use case.

thanks @sakethvarma397 I have implemented your suggestions. The use case for us is on the search page we don't want to show the entity sidebar to users who don't have the viewEntity permissions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chriscollins3456 chriscollins3456 Awaiting requested review from chriscollins3456

@benjiaming benjiaming Awaiting requested review from benjiaming

@david-leifker david-leifker Awaiting requested review from david-leifker

@deepgarg760 deepgarg760 Awaiting requested review from deepgarg760

@sakethvarma397 sakethvarma397 Awaiting requested review from sakethvarma397

Requested changes must be addressed to merge this pull request.

Assignees

No one assigned

Labels

community-contribution PR or Issue raised by member(s) of DataHub Community needs-review Label for PRs that need review from a maintainer. product PR or Issue related to the DataHub UI/UX

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@yorubaphenom @deepgarg760 @sakethvarma397