You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2022/04/26 08:52:20 UTC

[GitHub] [superset] stevensuting opened a new issue, #19849: Dashboard RBAC Favourite issue

stevensuting opened a new issue, #19849:
URL: https://github.com/apache/superset/issues/19849

   If a dashboard is assigned to a role, then user under that role makes that dashboard a favourite by clicking on the start, then if the role is removed from the dashboard, the user can still see the dashboard, but will not be able to access the content of the dashboard. 
   
   #### How to reproduce the bug
   
   1. Create a dashboard (example_dash) and assign a role (example_role) to it via the RBAC option via an ADMIN user
   2. Login with a non admin user who has the example_role
   3. Make the example_dash a favourite dashboard, logout
   4. Login in with Admin user and remove the example_role from the example_dash5. 
   5. Login with the non admin user and you will see that example_dash is still visible.
   
   ### Expected results
   Dashboard Board should not be visible if the role has been removed from Dashboard RBAC irrespective of the favourite status.
   
   
   ### Environment
   
   (please complete the following information):
   
   - browser type and version: Chrome
   - superset version: `1.4.2`
   - python version: `3,8`
   - any feature flags active: RBAC
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] pandinug commented on issue #19849: Dashboard RBAC Favourite issue

Posted by "pandinug (via GitHub)" <gi...@apache.org>.
pandinug commented on issue #19849:
URL: https://github.com/apache/superset/issues/19849#issuecomment-1572356685

   Can confirm that this is very much still a thing on 2.1.0.
   Easy to reproduce by creating a role random. Next, add the role to a test user, dataset and a dashboard. 
   Now log in with the test user and see that the dashboard is there. Be happy, star the dashboard. Log out again, or not.
   Next, the admin takes away your role, possibly because you are switching to another department.
   You log in to Superset again and your dashboard is still there. Not only that, also all the datasets are accessibly via the charts on the dashboard.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] rusackas commented on issue #19849: Dashboard RBAC Favourite issue

Posted by "rusackas (via GitHub)" <gi...@apache.org>.
rusackas commented on issue #19849:
URL: https://github.com/apache/superset/issues/19849#issuecomment-1572348359

   This issue and the superset version reported are old enough that I was tempted to close it, but it sounds... worrisome. 
   
   @stevensuting @jinghua-qa @sadpandajoe are any of you able to validate this problem still exists?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] lilykuang closed issue #19849: Dashboard RBAC Favourite issue

Posted by "lilykuang (via GitHub)" <gi...@apache.org>.
lilykuang closed issue #19849: Dashboard RBAC Favourite issue
URL: https://github.com/apache/superset/issues/19849


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org