[GitHub] [superset] iercan opened a new issue, #21828: RBAC does not work properly

Mon, 17 Oct 2022 01:32:00 -0700 


iercan opened a new issue, #21828:
URL: https://github.com/apache/superset/issues/21828

   We detected some bugs related to RBAC and permalinks. Below use cases was 
working as expected on previous versions but on 1.5.2 they are not working 
properly. 
   
   * **Case 1** 
   User1 created a dashboard, it is still on draft. No other owner or roles 
added. 
   **Expected behaviour**: User2 shouldn't see dashboard or access it. 
(Previous versions was working this way)
   **Actual behaviour**: User2 can not see dashboard on the dashboard list but 
can access it via permalink or direct link. 
   
   * **Case 2**
   User1 created a dashboard. It is published. Role A added. 
   **Expected behaviour**: User2 shouldn't see dashboard or access it since it 
is not a member of role A. User should see warning message. 
   **Actual behaviour**: If User2 uses permalink, superset throws http 500 
error. On the log we see below error. Direct link works as expected. 
   
   ```
   superset_1       | You don't have access to this dashboard.
   superset_1       | 2022-10-17 07:46:06,369:warning:superset.views.base:You 
don't have access to this dashboard.
   superset_1       | X.X.X.X - - [17/Oct/2022:07:46:06 +0000] "GET 
/superset/dashboard/p/ZOB27YDWKxQ/ HTTP/1.1" 500 0 "-" "Mozilla/5.0 (Macintosh; 
Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 
Safari/
   537.36"
   ```
   ##### Environment
   
   - superset version: 1.5.2 installed via docker image
   - any feature flags active:
   ```
   FEATURE_FLAGS = {
        "SQLLAB_BACKEND_PERSISTENCE": True,
       "EMBEDDED_SUPERSET": True,
       "THUMBNAILS": True,
       "THUMBNAILS_SQLA_LISTENERS": True,
       "LISTVIEWS_DEFAULT_CARD_VIEW": False,
       "ALERT_REPORTS": True,
       "DASHBOARD_NATIVE_FILTERS": True,
       "DASHBOARD_CROSS_FILTERS": False, 
       "DASHBOARD_NATIVE_FILTERS_SET": True,
       "DASHBOARD_RBAC": True,
       "ENABLE_EXPLORE_DRAG_AND_DROP": True,
       "ENABLE_DND_WITH_CLICK_UX": True,
       "DRUID_JOINS": True,
   }
   ```
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to