fix(frontend): fix edit/delete permissions for charts, dashboards, and datasets (#18870) (#32981) #32995
Conversation
![korbit-ai[bot]](https://avatars.githubusercontent.com/in/322216?s=60&v=4){kind=small}
There was a problem hiding this comment.
I've completed my review and didn't find any issues.
Suppressed issues based on your team's Korbit activity
| This issue | Is similar to | Because |
|---|---|---|
lines 412:414:
|
Similar issues were not addressed in the past |
When you react to issues (for example, an upvote or downvote) or you fix them, Korbit will tune future reviews based on these signals.
Files scanned
| File Path | Reviewed |
|---|---|
| superset-frontend/src/pages/DashboardList/index.tsx | ✅ |
| superset-frontend/src/pages/ChartList/index.tsx | ✅ |
| superset-frontend/src/pages/DatasetList/index.tsx | ✅ |
Explore our documentation to understand the languages and file types we support and the files we ignore.
Need a new review? Comment
/korbit-reviewon this PR and I'll review your latest changes.Korbit Guide: Usage and Customization
Interacting with Korbit
- You can manually ask Korbit to review your PR using the
/korbit-reviewcommand in a comment at the root of your PR.- You can ask Korbit to generate a new PR description using the
/korbit-generate-pr-descriptioncommand in any comment on your PR.- Too many Korbit comments? I can resolve all my comment threads if you use the
/korbit-resolvecommand in any comment on your PR.- On any given comment that Korbit raises on your pull request, you can have a discussion with Korbit by replying to the comment.
- Help train Korbit to improve your reviews by giving a 👍 or 👎 on the comments Korbit posts.
Customizing Korbit
- Check out our docs on how you can make Korbit work best for you and your team.
- Customize Korbit for your organization through the Korbit Console.
Current Korbit Configuration
General Settings
Setting Value Review Schedule Automatic excluding drafts Max Issue Count 10 Automatic PR Descriptions ❌ Issue Categories
Category Enabled Documentation ✅ Logging ✅ Error Handling ✅ Readability ✅ Design ✅ Performance ✅ Security ✅ Functionality ✅ Feedback and Support
Note
Korbit Pro is free for open source projects 🎉
Looking to add Korbit to your team? Get started with a free 2 week trial here
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
|
This might be a backend problem and not a front end problem. We used to have a |
@sadpandajoe Permissions are obtained through the |
| const iconCss = css` | ||
| color: ${iconColor || theme.colors.grayscale.base}; | ||
| font-size: ${iconSize | ||
| ? `${theme.typography.sizes[iconSize] || theme.typography.sizes.m}px` | ||
| : '24px'}; | ||
| `; | ||
| const disabledIconCss = css` | ||
| opacity: 0.5; | ||
| cursor: default; |
There was a problem hiding this comment.
This is fine, but we could use not-allowed if we want to be all fancy :)
There was a problem hiding this comment.
updated to be fancy :)
| placement="bottom" | ||
| > | ||
| <span | ||
| role="button" | ||
| tabIndex={0} | ||
| className="action-button" | ||
| onClick={confirmDelete} | ||
| onClick={allowEdit ? confirmDelete : undefined} |
There was a problem hiding this comment.
should we use null rather than undefined? ¯\_(ツ)_/¯
There was a problem hiding this comment.
the type is actually onClick?: MouseEventHandler<T> | undefined;
SUMMARY
In both
Dashboards,Datasets,Chartspages the delete and edit buttons are shown on the only condition that the user hascan_writepermission even if not the owner. Attempting to delete or edit an object results in aForbiddenerror.This PR fixes the button disabled status in the frontend preventing the user from attempting to delete or edit a resource it has no permission to.
BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
All three pages will show the delete and edit buttons as disabled if the user is not an owner or an admin:
fixes: #18870
fixes: #32981
TESTING INSTRUCTIONS
Create a dashboard, a chart, and a dataset with an user and try to edit / delete them with a different user.
ADDITIONAL INFORMATION