jfrag1 commented on code in PR #24630:
URL: https://github.com/apache/superset/pull/24630#discussion_r1258684269
##########
superset-frontend/src/explore/components/SaveModal.tsx:
##########
@@ -125,7 +125,9 @@ class SaveModal extends React.Component<SaveModalProps,
SaveModalState> {
if (dashboardId) {
try {
const result = await this.loadDashboard(dashboardId);
- if (result) {
+ if (
+ result?.owners.some((owner: any) => owner.id === this.props.userId)
Review Comment:
> Why do we need this check? Shouldn't `loadDashboard` return `null` if the
user does not have access to the dashboard? Keep in mind that frontend code can
always be modified and checks bypassed.
As stated in the PR description, this check is to prevent the dashboard
dropdown on this modal from pre-populating if the user is not an owner/cannot
edit the dashboard. It's possible that the user has access to view the
dashboard, but not edit it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
