codeant-ai-for-open-source[bot] commented on code in PR #38581:
URL: https://github.com/apache/superset/pull/38581#discussion_r3001583198
##########
superset-frontend/src/explore/components/DataTablesPane/components/DataTableControls.tsx:
##########
@@ -79,8 +84,22 @@ export const TableControls = ({
`}
>
<RowCountLabel rowcount={rowcount} loading={isLoading} />
- {canDownload && (
+ {copyEnabled ? (
<CopyToClipboardButton data={formattedData} columns={columnNames} />
+ ) : (
+ <Tooltip title={t("You don't have permission to copy to clipboard")}>
+ <span
+ css={css`
+ opacity: 0.3;
+ cursor: not-allowed;
+ `}
+ >
+ <CopyToClipboardButton
+ data={formattedData}
+ columns={columnNames}
+ />
Review Comment:
**Suggestion:** When the user lacks clipboard permission, the UI visually
"disables" the copy control but still renders the interactive
`CopyToClipboardButton`, so clicking the grayed-out icon will still copy data
to the clipboard; instead, the non-permitted state should render a
non-interactive element so that the copy action is actually unavailable. [logic
error]
<details>
<summary><b>Severity Level:</b> Critical 🚨</summary>
```mdx
- ❌ Explore Results tab ignores clipboard permission, still copies.
- ❌ Explore Samples tab ignores clipboard permission, still copies.
- ⚠️ Undermines new granular export controls for clipboard.
```
</details>
```suggestion
{t('Copy')}
```
<details>
<summary><b>Steps of Reproduction ✅ </b></summary>
```mdx
1. Enable the `GranularExportControls` feature flag so `usePermissions`
derives
`canCopyClipboard` from the `can_copy_clipboard` permission instead of
legacy `can_csv`
(see `superset-frontend/src/hooks/usePermissions.ts:19-52` where
`granularExport` and
`canCopyClipboard` are computed).
2. Create or use a role that has access to Explore and datasource
samples/results (e.g.,
`can_explore`, `can_samples`) but explicitly does NOT have
`can_copy_clipboard` on the
`Superset` resource; assign this role to a test user so that
`usePermissions()` returns
`canCopyClipboard = false` while the user can still run queries.
3. Log in as this user, open a chart in Explore, and navigate to the Data
tab's "Results"
or "Samples" subtabs, which render `DataTablesPane` → `SamplesPane` /
`useResultsPane` →
`TableControls` (see
`superset-frontend/src/explore/components/DataTablesPane/DataTablesPane.tsx:21-39`,
`components/SamplesPane.tsx:122-153`, and
`components/SingleQueryResultPane.tsx:66-77`
showing `TableControls` usage).
4. Observe in `DataTableControls`
(`superset-frontend/src/explore/components/DataTablesPane/components/DataTableControls.tsx:16-45`)
that when `canCopyClipboard` is false it still renders
`<CopyToClipboardButton>` (which
wraps `CopyToClipboard` from
`src/components/CopyToClipboard/index.tsx:36-83`), so
clicking the grayed-out copy icon still triggers `onClick` and
`copyToClipboard`, and the
query results are copied to the clipboard despite the "You don't have
permission to copy
to clipboard" tooltip.
```
</details>
<details>
<summary><b>Prompt for AI Agent 🤖 </b></summary>
```mdx
This is a comment left during a code review.
**Path:**
superset-frontend/src/explore/components/DataTablesPane/components/DataTableControls.tsx
**Line:** 97:100
**Comment:**
*Logic Error: When the user lacks clipboard permission, the UI visually
"disables" the copy control but still renders the interactive
`CopyToClipboardButton`, so clicking the grayed-out icon will still copy data
to the clipboard; instead, the non-permitted state should render a
non-interactive element so that the copy action is actually unavailable.
Validate the correctness of the flagged issue. If correct, How can I resolve
this? If you propose a fix, implement it and please make it concise.
```
</details>
<a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F38581&comment_hash=fbeaff8a0fea2cecb88405113b0f7da598fde93b25f851b735401016f3931618&reaction=like'>👍</a>
| <a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F38581&comment_hash=fbeaff8a0fea2cecb88405113b0f7da598fde93b25f851b735401016f3931618&reaction=dislike'>👎</a>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
