feat: add setting to disable public dashboards

tryshank · tryshank · commit 6576a55f1ce9 · 2025-11-06T14:54:06.000+01:00
diff --git a/plugins/dashboards/api/api.js b/plugins/dashboards/api/api.js
@@ -17,7 +17,8 @@ var pluginOb = {},
 var ejs = require("ejs");
 
 plugins.setConfigs("dashboards", {
-    sharing_status: true
+    sharing_status: true,
+    allow_public_dashboards: true
 });
 
 (function() {
@@ -455,17 +456,25 @@ plugins.setConfigs("dashboards", {
                     groups = [groups];
                 }
                 groups = groups.map(group_id => group_id + "");
+
+                var orConditions = [
+                    {owner_id: memberId},
+                    {shared_with_edit: memberId},
+                    {shared_with_view: memberId},
+                    {shared_email_view: memberEmail},
+                    {shared_email_edit: memberEmail},
+                    {shared_user_groups_edit: {$in: groups}},
+                    {shared_user_groups_view: {$in: groups}}
+                ];
+
+                // Only include all-users dashboards if public dashboards are allowed
+                var allowPublicDashboards = plugins.getConfig("dashboards").allow_public_dashboards;
+                if (allowPublicDashboards !== false) {
+                    orConditions.push({share_with: "all-users"});
+                }
+
                 filterCond = {
-                    $or: [
-                        {owner_id: memberId},
-                        {share_with: "all-users"},
-                        {shared_with_edit: memberId},
-                        {shared_with_view: memberId},
-                        {shared_email_view: memberEmail},
-                        {shared_email_edit: memberEmail},
-                        {shared_user_groups_edit: {$in: groups}},
-                        {shared_user_groups_view: {$in: groups}}
-                    ]
+                    $or: orConditions
                 };
             }
             let projection = {};
@@ -686,6 +695,13 @@ plugins.setConfigs("dashboards", {
                 sharedUserGroupView = [];
             }
 
+            // Check if public dashboards are disabled
+            var allowPublicDashboards = plugins.getConfig("dashboards").allow_public_dashboards;
+            if (shareWith === "all-users" && allowPublicDashboards === false) {
+                common.returnMessage(params, 400, 'Public dashboards are disabled');
+                return true;
+            }
+
             var sharing = checkSharingStatus(params.member, shareWith, sharedEmailEdit, sharedEmailView, sharedUserGroupEdit, sharedUserGroupView);
 
             if (!sharing) {
@@ -978,6 +994,13 @@ plugins.setConfigs("dashboards", {
                 sharedUserGroupView = [];
             }
 
+            // Check if public dashboards are disabled
+            var allowPublicDashboards = plugins.getConfig("dashboards").allow_public_dashboards;
+            if (shareWith === "all-users" && allowPublicDashboards === false) {
+                common.returnMessage(params, 400, 'Public dashboards are disabled');
+                return true;
+            }
+
             common.db.collection("dashboards").findOne({_id: common.db.ObjectID(dashboardId)}, function(err, dashboard) {
                 if (err || !dashboard) {
                     common.returnMessage(params, 400, "Dashboard with the given id doesn't exist");
@@ -1747,6 +1770,19 @@ plugins.setConfigs("dashboards", {
         }
 
         if (dashboard.share_with === "all-users") {
+            // Check if public dashboards are allowed
+            var allowPublicDashboards = plugins.getConfig("dashboards").allow_public_dashboards;
+            if (allowPublicDashboards === false) {
+                // If public dashboards are disabled, only owner can access
+                if (member._id + "" === dashboard.owner_id) {
+                    return cb(null, true);
+                }
+                // Global admins can still access
+                if (member.global_admin) {
+                    return cb(null, true);
+                }
+                return cb(null, false);
+            }
             return cb(null, true);
         }
 
@@ -1817,6 +1853,15 @@ plugins.setConfigs("dashboards", {
             return cb(null, false);
         }
 
+        // Check if public dashboards are disabled
+        if (dashboard.share_with === "all-users") {
+            var allowPublicDashboards = plugins.getConfig("dashboards").allow_public_dashboards;
+            if (allowPublicDashboards === false) {
+                // If public dashboards are disabled, no edit access for non-owners
+                return cb(null, false);
+            }
+        }
+
         if ((Array.isArray(dashboard.shared_with_edit) && dashboard.shared_with_edit.indexOf(member._id + "") !== -1) ||
             (Array.isArray(dashboard.shared_email_edit) && dashboard.shared_email_edit.indexOf(member.email) !== -1)) {
             return cb(null, true);
diff --git a/plugins/dashboards/frontend/app.js b/plugins/dashboards/frontend/app.js
@@ -10,6 +10,7 @@ var countlyFs = require('../../../api/utils/countlyFs.js');
 
     plugin.renderDashboard = function(ob) {
         ob.data.countlyGlobal.sharing_status = plugins.getConfig("dashboards").sharing_status;
+        ob.data.countlyGlobal.allow_public_dashboards = plugins.getConfig("dashboards").allow_public_dashboards;
     };
 
     plugin.staticPaths = function(app/*, countlyDb*/) {
diff --git a/plugins/dashboards/frontend/public/javascripts/countly.views.js b/plugins/dashboards/frontend/public/javascripts/countly.views.js
@@ -484,25 +484,6 @@
                 saveButtonLabel: "",
                 sharingAllowed: countlyGlobal.sharing_status || AUTHENTIC_GLOBAL_ADMIN,
                 groupSharingAllowed: countlyGlobal.plugins.indexOf("groups") > -1 && AUTHENTIC_GLOBAL_ADMIN,
-                constants: {
-                    sharingOptions: [
-                        {
-                            value: "all-users",
-                            name: this.i18nM("dashboards.share.all-users"),
-                            description: this.i18nM("dashboards.share.all-users.description"),
-                        },
-                        {
-                            value: "selected-users",
-                            name: this.i18nM("dashboards.share.selected-users"),
-                            description: this.i18nM("dashboards.share.selected-users.description"),
-                        },
-                        {
-                            value: "none",
-                            name: this.i18nM("dashboards.share.none"),
-                            description: this.i18nM("dashboards.share.none.description"),
-                        }
-                    ]
-                },
                 sharedEmailEdit: [],
                 sharedEmailView: [],
                 sharedGroupEdit: [],
@@ -511,6 +492,35 @@
             };
         },
         computed: {
+            constants: function() {
+                var allSharingOptions = [
+                    {
+                        value: "all-users",
+                        name: this.i18nM("dashboards.share.all-users"),
+                        description: this.i18nM("dashboards.share.all-users.description"),
+                    },
+                    {
+                        value: "selected-users",
+                        name: this.i18nM("dashboards.share.selected-users"),
+                        description: this.i18nM("dashboards.share.selected-users.description"),
+                    },
+                    {
+                        value: "none",
+                        name: this.i18nM("dashboards.share.none"),
+                        description: this.i18nM("dashboards.share.none.description"),
+                    }
+                ];
+
+                // Filter out "all-users" option if public dashboards are disabled
+                var allowPublicDashboards = countlyGlobal.allow_public_dashboards !== false;
+                var sharingOptions = allowPublicDashboards ? allSharingOptions : allSharingOptions.filter(function(option) {
+                    return option.value !== "all-users";
+                });
+
+                return {
+                    sharingOptions: sharingOptions
+                };
+            },
             canShare: function() {
                 var canShare = this.sharingAllowed && (this.controls.initialEditedObject.is_owner || AUTHENTIC_GLOBAL_ADMIN);
                 return canShare;
diff --git a/plugins/dashboards/frontend/public/localization/dashboards.properties b/plugins/dashboards/frontend/public/localization/dashboards.properties
@@ -45,6 +45,8 @@ dashboards.compared-to-prev-period = compared to prev.period
 
 dashboards.sharing_status = Allow Dashboard Sharing
 configs.help.dashboards-sharing_status = Enable dashboard sharing for users to share a dashboard with other users. If set to off, dashboards cannot be shared with others.
+dashboards.allow_public_dashboards = Allow public dashboards
+configs.help.dashboards-allow_public_dashboards = Allow sharing dashboards with all Countly dashboard users
 dashboards.access-denied = This dashboard is no longer shared with you or an error has occurred. Please ask your global administrator if you think this is due to an issue.
 dashbaords.access-denied-title = Access Denied
 dashboards.edit-access-denied = You don't have the edit permission for this dashboard. Please ask your global administrator if you think this is due to an issue.
