Public dashboards ignore static value set in dashboard

[justinclift]

Issue Summary

When a dashboard is made public, the source it uses for Static parameter values goes wrong.

Instead of picking the value of the Static parameter from the dashboard widget, instead it appears to use the default value for the parameter as defined in the underlying query/chart.

Steps to Reproduce

1. Login as Melissa Payne to our Netlify Preview instance
2. Navigate to the query/chart for this issue: https://redash-preview.netlify.com/queries/196/source?p_Period.start=2012-01-01&p_Period.end=2019-09-01&p_Site=bar#349
   Note the "Site" parameter there has two potential values: 'foo', and 'bar'
3. Open a new tab to the (non-public) dashboard for this issue: https://redash-preview.netlify.com/dashboard/justin-testing-dashboard-things?p_Period.start=2012-01-01&p_Period.end=2019-09-01
4. Open a new tab to the public dashboard for this issue: http://preview-backend.redashapp.com/public/dashboards/ZPFWWAREa2T8kTfZ27uUA6V8RD1XhkMJMjfATqqR?org_slug=default&p_Period.start=2012-01-01&p_Period.end=2019-09-01
5. Change the "Site" value in the (non-public) dashboard from 'foo' to 'bar' and vice versa. The widget in the non-public dashboard updates correctly. No problem there. The widget in the public though does not. It seems to ignore any setting of the static value in the Dashboard level widget. Changing the default value for the parameter in the underlying query/chart though works, with the widget then updating to reflect this.

Possibly related to #3379, as it touches similar pieces.

Technical details:

• Redash Version: 8.0.0-beta+b26295
• Browser/OS: Firefox 68.0.1 on CentOS 7
• How did you install Redash: n/a

[NickStarlight]

On additional note, you can overwrite static parameters via URL in public dashboards, in my case i have several ID's, setting any of those ID's will render their properties in the dashboard even if they are set as static parameters.

[gabrieldutra]

This issue seems to be happening only with the preview-backend link (http://preview-backend.redashapp.com), which has an older version for the frontend code, when replacing the base url to https://redash-preview.netlify.com it works fine (I've added a Dropdown parameter to test that). You also can't overwrite the static parameters via URL for the redash-preview url.

Public dashboard link Parameter name: "text", static value set to value3.

[rotirahn]

On additional note, you can overwrite static parameters via URL in public dashboards, in my case i have several ID's, setting any of those ID's will render their properties in the dashboard even if they are set as static parameters.

I am trying to set a static parameter via URL but it does not work at all unless I change parameter type to a not static one. Is this really possible, is there a different syntax I should use? Or is this different between hosted version vs self hosted?

[gabrieldutra]

Hi @rotirahn, Static parameters should not be changed, they should remain with the value you defined as if the query didn't have the parameter. If at some point it was changeable through the URL, it was a bug.

Why not use the Dashboard/Widget parameters? You didn't want them to appear in the dashboard?

[rotirahn]

Hi @gabrieldutra, yes basically I do not want users to be able to alter the parameter.

Here is my situation. I have a dashboard connected to a single data source with a single table which holds information about multiple projects. I want to share the dashboard with stakeholders from different projects but I want them to be able to see just their own data, which means I need to filter the main table by project_id for each project. But while doing that, I want to prevent users from being able to change the project_id parameter.

I can achieve this by creating multiple dashboards and just assigning a static parameter but this means I need to maintain more than 50 identical dashboards and even altering small chart visual will be huge burden.

So I am looking for a way to be able use same dashboard by filtering it per project_id while also not showing this parameter to the users themselves, hence my question. If I can set a static parameter through URL, I can share the same dashboard with a unique project_id which users will not be able to alter via the UI. Ofcourse they will be able to alter the URL but I can deal with it by using randomized short IDs.

I can practically achieve the same effect by not using a static parameter but that means users will see a parameter box in dashboard with a randomized id and altering it will cause the queries to return no data. Is there any way to achieve what I need in an elegant way?

Thanks!

[gabrieldutra]

Considering this issue is not happening in our codebase anymore, I'm closing this.

@rotirahn thanks for sharing your situation and I'm assuming this topic in our forum is related to the same problem, right? Let's continue in there as the forum is a better fit for Redash use cases discussion :)

[avishalom]

@rotirahn passing the parameter is not secure since network sniffers can see that same content
did you ever find a solution ?

[tasmaniski]

Hi, @rotirahn did you maybe find a solution?
I have exactly the same situation.