Add buttons are available for user with no rights #30927
Comments
|
Hey @casmoir! I'm here to help you with any issues or questions you have. I'm a bot designed to assist with bug resolution, answer queries, and guide you on how to contribute. Let's dive into solving the problem you've encountered! The issue you're experiencing, where users without the appropriate permissions can see the "+ DASHBOARD" and "+ CHART" buttons, seems to be related to how Superset handles the visibility of UI elements based on user roles and permissions. In Superset, the visibility of UI components is typically controlled by checking user permissions before rendering them. However, it appears that the logic for these specific buttons might not be correctly implemented to hide them for users without the necessary permissions. This could be a bug in the permission-checking logic for these buttons. To address this, you might want to look into the code responsible for rendering these buttons and ensure that it includes proper permission checks. The functions If you're comfortable with code, you could investigate the relevant components in the Superset codebase to see if similar permission checks are missing for the "+ DASHBOARD" and "+ CHART" buttons. If not, this might be something to report as a bug to the maintainers for further investigation. |
Bug description
I've created custom role with no rights
After log in user with this role is taken to the page superset/welcome/ where he can see buttons "+ DASHBOARD" and "+ CHART"
After clicking on these buttons user gets notification "Access is Denied"
Expectation: user can see buttons "+ DASHBOARD" and "+ CHART" only if he has right to create Dashboard/Chart
Screenshots/recordings
No response
Superset version
master / latest-dev
Python version
3.9
Node version
16
Browser
Chrome
Additional context
No response
Checklist
The text was updated successfully, but these errors were encountered: