You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@superset.apache.org by su...@apache.org on 2021/05/14 20:38:00 UTC

[superset] 01/01: fix: roles undefined on public dashboards

This is an automated email from the ASF dual-hosted git repository.

suddjian pushed a commit to branch fix-undefined-roles
in repository https://gitbox.apache.org/repos/asf/superset.git

commit aa0e09e00ec635872ebee2393a79679e73d8af73
Author: David Aaron Suddjian <aa...@gmail.com>
AuthorDate: Fri May 14 13:36:33 2021 -0700

    fix: roles undefined on public dashboards
---
 superset-frontend/src/dashboard/util/findPermission.test.ts | 7 +++++++
 superset-frontend/src/dashboard/util/findPermission.ts      | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

diff --git a/superset-frontend/src/dashboard/util/findPermission.test.ts b/superset-frontend/src/dashboard/util/findPermission.test.ts
index 1fbb791..f90c280 100644
--- a/superset-frontend/src/dashboard/util/findPermission.test.ts
+++ b/superset-frontend/src/dashboard/util/findPermission.test.ts
@@ -132,6 +132,13 @@ describe('canUserEditDashboard', () => {
   it('rejects nonexistent users', () => {
     expect(canUserEditDashboard(dashboard, null)).toEqual(false);
   });
+  it('rejects missing roles', () => {
+    // in redux, when there is no user, the user is actually set to an empty object,
+    // so we need to handle missing roles as well as a missing user.s
+    expect(
+      canUserEditDashboard(dashboard, {} as UserWithPermissionsAndRoles),
+    ).toEqual(false);
+  });
   it('rejects "admins" if the admin role does not have edit rights for some reason', () => {
     expect(
       canUserEditDashboard(dashboard, {
diff --git a/superset-frontend/src/dashboard/util/findPermission.ts b/superset-frontend/src/dashboard/util/findPermission.ts
index 995c5d7..8f28a03 100644
--- a/superset-frontend/src/dashboard/util/findPermission.ts
+++ b/superset-frontend/src/dashboard/util/findPermission.ts
@@ -48,6 +48,6 @@ export const canUserEditDashboard = (
   dashboard: Dashboard,
   user?: UserWithPermissionsAndRoles | null,
 ) =>
-  !!user &&
+  !!user?.roles &&
   (isUserAdmin(user) || isUserDashboardOwner(dashboard, user)) &&
   findPermission('can_write', 'Dashboard', user.roles);