I am hosting a dashboard with several tabs where users are authenticated with Azure Active Directory.
It works well in the sense that pn.state.user holds the identity of the user. Now, I want to give access to different users for each tab. As a first step I placed a check in the code that renders output based on parameters in each tab, like this:
class MyDashboard(param.Parameterized):
...
def view(self):
assert pn.state.user in users_with_access
...
The problem is, when a person is authenticated and opens a tab that he shouldn’t have access to, he can see the output that was generated by the previous user, with the parameter settings chosen by that previous user. The “assert pn.state.user in users_with_access” only runs when he changes the parameters, which is not how I intended it to work.
Is there any way to do an access check when a user enters a tab?
I was not able to share a minimum reproducible example with OAuth involved, but I figured out what the issue was. I was serving the same dashboard instances to different users. That is, my previous code was like this:
The problem was that dashboard_1 and dashboard_2 were dashboard instances imported from a different module/.py file (it was no problem when they were created in the same module/.py file).
My solution was to import functions returning dashboard instances instead, like this: