From b70a24f6b43e4caa92edb52b89251ff1cd1e28a6 Mon Sep 17 00:00:00 2001
From: Arik Fraimovich <arik@arikfr.com>
Date: Tue, 15 Nov 2016 15:52:36 +0200
Subject: [PATCH 1/3] Fix 1388: Wrong detection of conflict after adding a
 widget to the dashboard

---
 rd_ui/app/scripts/directives/dashboard_directives.js | 1 +
 redash/handlers/widgets.py                           | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/rd_ui/app/scripts/directives/dashboard_directives.js b/rd_ui/app/scripts/directives/dashboard_directives.js
index 8c0c83b0c..439935805 100644
--- a/rd_ui/app/scripts/directives/dashboard_directives.js
+++ b/rd_ui/app/scripts/directives/dashboard_directives.js
@@ -208,6 +208,7 @@
             widget.$save().then(function(response) {
               // update dashboard layout
               $scope.dashboard.layout = response['layout'];
+              $scope.dashboard.version = response['version'];
               var newWidget = new Widget(response['widget']);
               if (response['new_row']) {
                 $scope.dashboard.widgets.push([newWidget]);
diff --git a/redash/handlers/widgets.py b/redash/handlers/widgets.py
index 8d1318562..ab057b313 100644
--- a/redash/handlers/widgets.py
+++ b/redash/handlers/widgets.py
@@ -47,7 +47,7 @@ class WidgetListResource(BaseResource):
         widget.dashboard.layout = json.dumps(layout)
         widget.dashboard.save()
 
-        return {'widget': widget.to_dict(), 'layout': layout, 'new_row': new_row}
+        return {'widget': widget.to_dict(), 'layout': layout, 'new_row': new_row, 'version': dashboard.version}
 
 
 class WidgetResource(BaseResource):

From 48a79fe9962e75c870745186a33f1249f1062b1b Mon Sep 17 00:00:00 2001
From: Arik Fraimovich <arik@arikfr.com>
Date: Tue, 15 Nov 2016 15:53:06 +0200
Subject: [PATCH 2/3] Fix #1383: dashboard co-editors shuould be able to edit
 widgets

---
 redash/handlers/widgets.py | 11 ++++++-----
 1 file changed, 6 insertions(+), 5 deletions(-)

diff --git a/redash/handlers/widgets.py b/redash/handlers/widgets.py
index ab057b313..70ad4a8e4 100644
--- a/redash/handlers/widgets.py
+++ b/redash/handlers/widgets.py
@@ -1,10 +1,11 @@
 import json
 
 from flask import request
-
 from redash import models
-from redash.permissions import require_permission, require_admin_or_owner, require_access, view_only
 from redash.handlers.base import BaseResource
+from redash.permissions import (require_access, require_admin_or_owner,
+                                require_object_modify_permission,
+                                require_permission, view_only)
 
 
 class WidgetListResource(BaseResource):
@@ -12,7 +13,7 @@ class WidgetListResource(BaseResource):
     def post(self):
         widget_properties = request.get_json(force=True)
         dashboard = models.Dashboard.get_by_id_and_org(widget_properties.pop('dashboard_id'), self.current_org)
-        require_admin_or_owner(dashboard.user_id)
+        require_object_modify_permission(dashboard, self.current_user)
 
         widget_properties['options'] = json.dumps(widget_properties['options'])
         widget_properties.pop('id', None)
@@ -55,7 +56,7 @@ class WidgetResource(BaseResource):
     def post(self, widget_id):
         # This method currently handles Text Box widgets only.
         widget = models.Widget.get_by_id_and_org(widget_id, self.current_org)
-        require_admin_or_owner(widget.dashboard.user_id)
+        require_object_modify_permission(widget.dashboard, self.current_user)
         widget_properties = request.get_json(force=True)
         widget.text = widget_properties['text']
         widget.save()
@@ -65,7 +66,7 @@ class WidgetResource(BaseResource):
     @require_permission('edit_dashboard')
     def delete(self, widget_id):
         widget = models.Widget.get_by_id_and_org(widget_id, self.current_org)
-        require_admin_or_owner(widget.dashboard.user_id)
+        require_object_modify_permission(widget.dashboard, self.current_user)
         widget.delete_instance()
 
         return {'layout': widget.dashboard.layout}

From c88dafa4ad4613c85138d4770b56a62ebdfe65ca Mon Sep 17 00:00:00 2001
From: Arik Fraimovich <arik@arikfr.com>
Date: Tue, 15 Nov 2016 15:56:59 +0200
Subject: [PATCH 3/3] Fix: update version after deleting a widget

---
 rd_ui/app/scripts/controllers/dashboard.js | 1 +
 redash/handlers/widgets.py                 | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/rd_ui/app/scripts/controllers/dashboard.js b/rd_ui/app/scripts/controllers/dashboard.js
index 7c51b1085..8f0c5db11 100644
--- a/rd_ui/app/scripts/controllers/dashboard.js
+++ b/rd_ui/app/scripts/controllers/dashboard.js
@@ -242,6 +242,7 @@
         $scope.dashboard.widgets = _.filter($scope.dashboard.widgets, function(row) { return row.length > 0 });
 
         $scope.dashboard.layout = response.layout;
+        $scope.dashboard.version = response.version;
       });
     };
 
diff --git a/redash/handlers/widgets.py b/redash/handlers/widgets.py
index 70ad4a8e4..530e217dc 100644
--- a/redash/handlers/widgets.py
+++ b/redash/handlers/widgets.py
@@ -3,7 +3,7 @@ import json
 from flask import request
 from redash import models
 from redash.handlers.base import BaseResource
-from redash.permissions import (require_access, require_admin_or_owner,
+from redash.permissions import (require_access,
                                 require_object_modify_permission,
                                 require_permission, view_only)
 
@@ -69,4 +69,4 @@ class WidgetResource(BaseResource):
         require_object_modify_permission(widget.dashboard, self.current_user)
         widget.delete_instance()
 
-        return {'layout': widget.dashboard.layout}
+        return {'layout': widget.dashboard.layout, 'version': widget.dashboard.version}