You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by su...@apache.org on 2021/05/14 20:38:00 UTC
[superset] 01/01: fix: roles undefined on public dashboards
This is an automated email from the ASF dual-hosted git repository.
suddjian pushed a commit to branch fix-undefined-roles
in repository https://gitbox.apache.org/repos/asf/superset.git
commit aa0e09e00ec635872ebee2393a79679e73d8af73
Author: David Aaron Suddjian <aa...@gmail.com>
AuthorDate: Fri May 14 13:36:33 2021 -0700
fix: roles undefined on public dashboards
---
superset-frontend/src/dashboard/util/findPermission.test.ts | 7 +++++++
superset-frontend/src/dashboard/util/findPermission.ts | 2 +-
2 files changed, 8 insertions(+), 1 deletion(-)
diff --git a/superset-frontend/src/dashboard/util/findPermission.test.ts b/superset-frontend/src/dashboard/util/findPermission.test.ts
index 1fbb791..f90c280 100644
--- a/superset-frontend/src/dashboard/util/findPermission.test.ts
+++ b/superset-frontend/src/dashboard/util/findPermission.test.ts
@@ -132,6 +132,13 @@ describe('canUserEditDashboard', () => {
it('rejects nonexistent users', () => {
expect(canUserEditDashboard(dashboard, null)).toEqual(false);
});
+ it('rejects missing roles', () => {
+ // in redux, when there is no user, the user is actually set to an empty object,
+ // so we need to handle missing roles as well as a missing user.s
+ expect(
+ canUserEditDashboard(dashboard, {} as UserWithPermissionsAndRoles),
+ ).toEqual(false);
+ });
it('rejects "admins" if the admin role does not have edit rights for some reason', () => {
expect(
canUserEditDashboard(dashboard, {
diff --git a/superset-frontend/src/dashboard/util/findPermission.ts b/superset-frontend/src/dashboard/util/findPermission.ts
index 995c5d7..8f28a03 100644
--- a/superset-frontend/src/dashboard/util/findPermission.ts
+++ b/superset-frontend/src/dashboard/util/findPermission.ts
@@ -48,6 +48,6 @@ export const canUserEditDashboard = (
dashboard: Dashboard,
user?: UserWithPermissionsAndRoles | null,
) =>
- !!user &&
+ !!user?.roles &&
(isUserAdmin(user) || isUserDashboardOwner(dashboard, user)) &&
findPermission('can_write', 'Dashboard', user.roles);