glpi-project
Public and integrated dashboard uses session filters without being able to change it
Code of Conduct
- [X] I agree to follow this project's Code of Conduct
Is there an existing issue for this?
- [X] I have searched the existing issues
Version
10.0.14
Bug description
We want to use the direct link to dashboard in our plants for each team to be able to display per technician group some statistics and testing the behaviors of direct / integrated dashboards.
I've identified a functionnal issue
Features / bugs identified :
- Embed dashboard by-pass all security to display a dash but do not integrate or show filters : as the filters are parts of how a dash is working, this is a missing feature (so not the purpose of this ticket)
- Embed dashboard by-pass all security to display a dash independently of a logged context but uses the actual session attributes to apply current filters which make it inconsistent depending on user cases
With these two points, in embed mode, the view of dashboard in direct link is non-functional.
Expected behavior
- Embed mode dashboard should use its own filter context as the security is totaly by-passed in this mode. In the futur, it may expose things we don't want to
- nice to have : being able to use / apply filters in this mode as it's part of the dashboard feature
Relevant log output
No response
Page URL
No response
Steps To reproduce
- create a dashboard with filters
- [UC-A] open a window with the public link
- [UC-B] open a window with the public link in private mode (to have a clean session)
- apply a filter in GLPI on the dashboard
- refresh UC-A : filter is applied and not manageable
- refresh UC-B : filter is not applied (and not manageable)
Your GLPI setup information
No response
Anything else?
No response
There has been no activity on this issue for some time and therefore it is considered stale and will be closed automatically in 10 days.
If this issue is related to a bug, please try to reproduce on latest release. If the problem persist, feel free to add a comment to revive this issue. If it is related to a new feature, please open a topic to discuss with community about this enhancement on suggestion website.
You may also consider taking a subscription to get professionnal support or contact GLPI editor team directly.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
The behavior is still present on 10.0.15 Does someone can confirm it's an intended behavior and if, indeed, it's a feature, or a real issue ?
I can try to work on a fix proposal but I don't want to disturb any roadmap or break an existing feature (it will also impact the pull request and the destination branch)
Embed dashboards are not supposed to use the current session data. They are meant to be displayed, for instance, inside an iframe of an external application.
I think that hiding filters was intentional. Maybe it can be an option, e.g. a Show filters ? option of the "share" form that adds a show_filters=1|0 parameter to the URL.
Embed dashboards are not supposed to use the current session data. They are meant to be displayed, for instance, inside an iframe of an external application.
Ok, so that's what I though, it's indeed a bug or a non-polished feature as it uses the actual session and not a specific one for the embed context
I think that hiding filters was intentional. Maybe it can be an option, e.g. a
Show filters ?option of the "share" form that adds ashow_filters=1|0parameter to the URL.
Ok, yes it's an evolution. Did some diging and it's not an easy thing to do.
I don't know when but I'll try to have a look at it on two separated branches : one for the session and one for the filters.
If someone in the community wants to have a look at it, feel free :)