Truffula opened a new issue, #25630:
URL: https://github.com/apache/superset/issues/25630
When a dashboard is accessed using the embedding UI, the Drill By/Drill to
Detail functions in the right click menu and chart menu are only available if
the guest user Role has the `can explore on Superset` permission. However, this
permission also enables heading links to the Explore screen, along with other
chart menu options which are not desirable in an embedded chart, e.g.:
* View Query
* Edit Chart
If the user _does_ have the `can explore on Superset` but lacks the `can
samples on Datasource` permission, the `Drill to detail [by]` menu items appear
but the data cannot be loaded.
#### How to reproduce the bug
1. Set up an embedded dashboard, with a chart such as a Pie Chart that has
drill functionality.
2. Give the guest user Role `can explore on Superset` permission.
3. Load the embedded dashboard.
4. Right click on the chart.
### Expected results
Given some other permission applied to the guest user (I'm unsure which one
is appropriate, or if a new one is needed), and given they _don't_ have `can
explore on Superset`:
* You can use the drill functions in the right click and chart menu. If the
user does not have `can samples on Datasource` permission, `Drill to detail`
and `Drill to detail by` will not appear in the menu.
* You cannot click on the header of the chart (it's not a link).
* Edit Chart and View Query will not appear in the menu.
### Actual results
* You can use the drill functions in the menu. If the user does not have
`can samples on Datasource` permission, opening `Drill to detail` or `Drill to
detail by` will display an error `Error: Access is Denied`.
* You can click on the header of the chart, which will take you to a blank
page
* You can open the chart menu and Edit Chart, which will take you to a blank
page
* You can open the chart menu and View Query successfully
#### Screenshots
If applicable, add screenshots to help explain your problem.
### Environment
(please complete the following information):
- browser type and version: Google Chrome Version 117.0.5938.149 (Official
Build) (x86_64)
- superset version: 3.0.0
- python version: 3.9.1
- node.js version: v16.9.1
- any feature flags active:
* ALERT_REPORTS
* EMBEDDED_SUPERSET
* HORIZONTAL_FILTER_BAR
* DASHBOARD_CROSS_FILTERS
* DRILL_TO_DETAIL
* DRILL_BY
* ENABLE_TEMPLATE_PROCESSING
### Checklist
Make sure to follow these steps before submitting your issue - thank you!
- [x] I have checked the superset logs for python stacktraces and included
it here as text if there are any.
- [x] I have reproduced the issue with at least the latest released version
of superset.
- [x] I have checked the issue tracker for the same issue and I haven't
found one similar.
### Additional context
The files in which the permissions are checked and need updating are:
* ChartContextMenu.tsx
* SliceHeaderControls/index.tsx
* SliceHeader/index.tsx
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
