DarrylCarbon commented on issue #32836:
URL: https://github.com/apache/superset/issues/32836#issuecomment-2824060599
@aikawa-ohno @sadpandajoe I am not 100% sure but it seems we are
experiencing the same issue.
AFAIK the issue is that without the `can write on dashboard` permission, the
login screen sometimes suddenly appears when accessing public dashboards with a
public user that basically only has read permissions for most things (see
screenshot below for full list of permissions).
For us, adding the `can write on dashboard` permissions to public users is
not desirable as we do not want public users to be able to create new
dashboards.
This issue appears with Superset versions > 4.0.2. We've reproduced this
locally using Superset 4.1.2 with the following basic docker compose file and
with loading the standard example data:
```
version: "3.7"
services:
superset:
image: apache/superset:latest
container_name: superset
ports:
- "8088:8088"
environment:
SUPERSET_SECRET_KEY: "mysecretkeyfhjewiofhwei9fhwiehfiwefh"
volumes:
- superset_home:/app/superset_home
command: >
/bin/bash -c "
superset run -h 0.0.0.0 -p 8088"
volumes:
superset_home:
```
Steps to reproduce:
1. Start up fresh superset docker container, for example with the above
docker compose file, run `superset init` and `superset load_examples`
2. Setup admin account, login as admin and edit public user permissions to
match these:
3. Now when accessing some dashboards, for example by clicking on them in
the dashboard list, the login screen should appear every once in a while
4. When adding `can write on dashboard` to the public user role, the issue
does not appear anymore.
I cannot confirm that this is the root cause but it looks like a PUT to
`/dashboard/{dashboardNumber}` sometimes is executed which then fails with
`403` which makes the login screen appear:
The following video shows that sometimes (not always!) the login screen
appears when accessing a dashboard as a public user. As soon as the `can write
on dashboard` permission is added to the public user, the issue does not appear
anymore:
https://github.com/user-attachments/assets/07c7b895-8f8e-4d39-8a1f-5fd5456837a7
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
