jfrag1 commented on code in PR #24630:
URL: https://github.com/apache/superset/pull/24630#discussion_r1258805470
##########
superset-frontend/src/explore/components/SaveModal.tsx:
##########
@@ -125,7 +125,9 @@ class SaveModal extends React.Component<SaveModalProps,
SaveModalState> {
if (dashboardId) {
try {
const result = await this.loadDashboard(dashboardId);
- if (result) {
+ if (
+ result?.owners.some((owner: any) => owner.id === this.props.userId)
Review Comment:
I agree that security checks should always happen server-side, but I
wouldn't classify the check done here as a security check. It's more of a
check that prevents the user from trying to do something that would be stopped
from the actual security check on the backend.
For example, if we take this PR with only the backend changes, the frontend
would still pre-populate, but saving the chart would fail with the non-owned
dashboard pre-selected.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
