Don't show Dashboard index link to users without permission, closes #87

Author: simonw

django_sql_dashboard/templates/django_sql_dashboard/saved_dashboard.html

@@ -11,7 +11,7 @@
 {% endblock %}
 
 {% block content %}
-<p><a href="/dashboard/">Dashboard index</a></p>
+{% if user_can_execute_sql %}<p><a href="/dashboard/">Dashboard index</a></p>{% endif %}
 <h1>{% if dashboard.title %}{{ dashboard.title }}{% else %}{{ dashboard.slug }}{% endif %}</h1>
 {% if dashboard.description %}
   <p>{{ dashboard.description }}</p>

test_project/test_dashboard_permissions.py

@@ -340,3 +340,13 @@ def test_superuser_can_reassign_ownership(client, db):
     user.save()
     response2 = client.get(dashboard.get_edit_url())
     assert b'<input type="text" name="owned_by" value="' in response2.content
+
+
+def test_no_link_to_index_on_saved_dashboard_for_logged_out_user(client, db):
+    dashboard = Dashboard.objects.create(
+        slug="dashboard",
+        owned_by=User.objects.create(username="test", is_staff=True),
+        view_policy="public",
+    )
+    response = client.get(dashboard.get_absolute_url())
+    assert b'<a href="/dashboard/">' not in response.content