Skip to content

feat: DH-22536: Apply transformations to dh.ui widgets when sending to clients. #1357

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
cpwright wants to merge 2 commits into
base: main
Choose a base branch
from
Draft

feat: DH-22536: Apply transformations to dh.ui widgets when sending to clients. #1357

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
bcae308
feat: DH-22536: Apply transformations to dh.ui widgets when sending t…
cpwright Jun 9, 2026
b96112e
review comments
cpwright Jun 11, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
32 changes: 31 additions & 1 deletion plugins/ui/src/deephaven/ui/object_types/ElementType.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,15 @@
from typing import Any
from typing import Any, Literal

from deephaven.plugin.object_type import BidirectionalObjectType, MessageStream
from ..elements import Element
from .ElementMessageStream import ElementMessageStream

# Escape-hatch configuration property. When set to true, deephaven.ui declares no authorization export behavior
# ("unset"), deferring to the server's default policy instead of enforcing the transform.
_DISABLE_AUTHORIZATION_EXPORT_TRANSFORM_PROPERTY = (
"deephaven.ui.disableAuthorizationExportTransform"
)


class ElementType(BidirectionalObjectType):
"""
Expand All @@ -14,6 +20,30 @@ class ElementType(BidirectionalObjectType):
def name(self) -> str:
return "deephaven.ui.Element"

@property
Comment thread
mofojed marked this conversation as resolved.
def authorization_export_behavior(self) -> Literal["transform", "unset"]:
"""Declares that deephaven.ui must export its references through the authorization transform.

Server objects (tables, etc.) handed to the client via a deephaven.ui component are run through the
authorization transform in the viewer's context, so they carry the viewer's ACLs rather than the query
owner's. Setting the configuration property ``deephaven.ui.disableAuthorizationExportTransform`` to true
reverts to the server's default ("unset") behavior. If the configuration cannot be read, the transform is
enforced (fail secure).
"""
try:
# deephaven.configuration only exists in the 42.x server package; the import is conditional to
# maintain compatibility with 41.x, where ImportError is caught and the transform is enforced.
from deephaven.configuration import get_configuration # type: ignore[import-untyped,import-not-found]

if get_configuration().get_bool(
_DISABLE_AUTHORIZATION_EXPORT_TRANSFORM_PROPERTY, False
):
return "unset"
except Exception:
# Fail secure: if the escape hatch cannot be evaluated, enforce the transform.
pass
return "transform"

def is_type(self, obj: Any) -> bool:
return isinstance(obj, Element)

Expand Down
Loading