TeCHiScy opened a new issue, #39967:
URL: https://github.com/apache/superset/issues/39967
### Bug description
1. Have superset 6.1.0rc3 installed
2. Go to `Settings` -> `List Roles`
3. Edit a `Role` such as `Public`, the Role must have some permission bounded
4. Open the Permission Dropdown, there's a toast saying `There was an error
loading permissions.` At the same time, you will find the ui fails to echo the
name of some permissions already bound.
I've digged into this problem, and found that when Permission Dropdown is
opened, a request to
`/api/v1/security/permissions-resources/?q=(page:0,page_size:100)` is
generated. However, with page_size = 100 set, it can not ensure the bounded
permission to be returned in the first page, which causes the ui fails to echo
permission names. After all pages are loaded (by scrolling to the end of the
dropdown), names then shows.
Meanwhile, I found that, when I open the `Edit role form` on a role with
some permission bound, a request to `
/api/v1/security/permissions-resources/?q=(filters:!((col:id,opr:in,value:!(7,15,236,72,73,75,109))),page:0,page_size:100)`
is generated. However, this api call returns HTTP 400 with body
`{"message":"Filter column: id not allowed to filter"}`. If I understand
correctly, this api call is to fetch permission names for the bound
permissions. Since this call fails, there's no way to map permission id to
names unless all permission data was fetched through successive paging requests.
Moreover, I found that if I perform a search in the permission dropdown, a
request to
`/api/v1/security/permissions-resources/?q=(filters:!((col:view_menu.name,opr:ct,value:ca)),page:0,page_size:1000)`
is generated, but also with HTTP 400 and body `{"message":"Filter column:
view_menu.name not allowed to filter"}` or `{"message":"Filter column:
permission.name not allowed to filter"}` returned. This leads to the issue that
users can not search the appropriate permission, such as `can explore json on
Superset`.
Based on the aforesaid findings, it should be concluded that the permission
dropdown in role edit form is buggy and not able to use. If one want to review
the permission bound, or to search and add some new permission, he has to first
scroll down to the bottom of the dropdown, to get all pages of permissions
fetched.
### Screenshots/recordings
https://github.com/user-attachments/assets/f63e7aa7-296f-4880-8bb9-97593e223fff
### Superset version
6.0.0
### Python version
Not applicable
### Node version
16
### Browser
Chrome
### Additional context
_No response_
### Checklist
- [x] I have searched Superset docs and Slack and didn't find a solution to
my problem.
- [x] I have searched the GitHub issue tracker and didn't find a similar bug
report.
- [x] I have checked Superset's logs for errors and if I found a relevant
Python stacktrace, I included it here as text in the "additional context"
section.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
