Skip to content

chore: Fix/remove hardcode of admin role#27779

Open
Always-prog wants to merge 8 commits into
apache:masterfrom
TechAuditBI:fix/remove-hardcode-of-admin-role
Open

chore: Fix/remove hardcode of admin role#27779
Always-prog wants to merge 8 commits into
apache:masterfrom
TechAuditBI:fix/remove-hardcode-of-admin-role

Conversation

@Always-prog

Copy link
Copy Markdown
Contributor

SUMMARY

Just removed hardcode of admin role from perm utils and using AUTH_ROLE_ADMIN constant in the Superset config instead.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

ADDITIONAL INFORMATION

  • Has associated issue:
  • Required feature flags:
  • Changes UI
  • Includes DB Migration (follow approval process in SIP-59)
    • Migration is atomic, supports rollback & is backwards-compatible
    • Confirm DB migration upgrade and downgrade tested
    • Runtime estimates and downtime expectations provided
  • Introduces new feature or API
  • Removes existing feature or API

@Always-prog

Copy link
Copy Markdown
Contributor Author

@supersetbot orglabel

@codecov

codecov Bot commented Mar 29, 2024

Copy link
Copy Markdown

Codecov Report

Attention: Patch coverage is 50.00000% with 2 lines in your changes are missing coverage. Please review.

Project coverage is 69.77%. Comparing base (c0f8dfc) to head (06bbab7).
Report is 6 commits behind head on master.

Files Patch % Lines
superset-frontend/src/preamble.ts 0.00% 2 Missing ⚠️
Additional details and impacted files
@@            Coverage Diff             @@
##           master   #27779      +/-   ##
==========================================
+ Coverage   69.71%   69.77%   +0.05%     
==========================================
  Files        1920     1920              
  Lines       75234    75244      +10     
  Branches     8423     8425       +2     
==========================================
+ Hits        52447    52498      +51     
+ Misses      20725    20684      -41     
  Partials     2062     2062              
Flag Coverage Δ
hive 48.93% <ø> (?)
javascript 57.39% <50.00%> (-0.01%) ⬇️
mysql 77.88% <ø> (-0.01%) ⬇️
postgres 77.99% <ø> (-0.01%) ⬇️
python 83.03% <ø> (+0.12%) ⬆️
sqlite 77.43% <ø> (-0.01%) ⬇️
unit 56.78% <ø> (+<0.01%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@Always-prog

Copy link
Copy Markdown
Contributor Author

How I can add orglabel?)

Comment thread superset/config.py Outdated
Comment thread superset-frontend/src/dashboard/util/permissionUtils.ts Outdated
Comment thread superset/config.py Outdated
@rusackas rusackas changed the title Fix/remove hardcode of admin role chore: Fix/remove hardcode of admin role Apr 2, 2024
@rusackas

rusackas commented Apr 2, 2024

Copy link
Copy Markdown
Member

@supersetbot orglabel

How I can add orglabel?)

@mistercrunch can probably help. Not sure if there's documentation for all this somewhere... we should probably add a page to the docs site or the wiki (probably the wiki, since that's where more process/dev content is going, while the docs are more end-user focused).

@codecov-commenter

codecov-commenter commented Apr 3, 2024

Copy link
Copy Markdown

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.36%. Comparing base (0a18779) to head (828cc5e).
⚠️ Report is 218 commits behind head on master.

Additional details and impacted files
@@            Coverage Diff             @@
##           master   #27779      +/-   ##
==========================================
+ Coverage   63.95%   64.36%   +0.41%     
==========================================
  Files        2664     2681      +17     
  Lines      146217   148096    +1879     
  Branches    33731    33982     +251     
==========================================
+ Hits        93512    95323    +1811     
- Misses      50988    51008      +20     
- Partials     1717     1765      +48     
Flag Coverage Δ
hive 39.18% <ø> (-0.05%) ⬇️
mysql 57.81% <ø> (-0.16%) ⬇️
postgres 57.87% <ø> (-0.16%) ⬇️
presto 40.71% <ø> (-0.09%) ⬇️
python 59.27% <ø> (+1.02%) ⬆️
sqlite 57.45% <ø> (-0.22%) ⬇️
unit 100.00% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@mistercrunch

Copy link
Copy Markdown
Member

@supersetbot unlabel TechAudit-BI

@mistercrunch

Copy link
Copy Markdown
Member

@supersetbot orglabel

@mistercrunch

mistercrunch commented Apr 3, 2024

Copy link
Copy Markdown
Member

The bot was down for some reason, revived it in recent PRs. More about the bot here -> https://github.com/apache-superset/supersetbot . It even has a logo now 🤖 🤖 🤖
Screenshot 2024-04-02 at 11 03 46 PM

@Always-prog

Copy link
Copy Markdown
Contributor Author

Thank you @mistercrunch!

@Always-prog

Copy link
Copy Markdown
Contributor Author

@john-bodley Hi! Fixed code by your review. Please take a look!

@rusackas

rusackas commented Apr 3, 2024

Copy link
Copy Markdown
Member

Rerunning the mysql test in hopes that it's just flaky, but if it fails again, the PR might need a rebase (there were some glitches with these DB tests that got resolved on master not long ago).

@Always-prog

Copy link
Copy Markdown
Contributor Author

@rusackas Test cases has beed passed without rebase

@rusackas

Copy link
Copy Markdown
Member

The main thing I'm wondering about this PR now that I look more closely at the code, is if there's a better place to store this information. I'm a little nervous about storing bootstrap data on the window object, which opens up a new "junk drawer" pattern where people might store anything there. I'm not sure if we should have the Feature Flags there either, really. Is it possible to access this via the getBootstrapData() like we do so many other things in the codebase already. It looks like the role is indeed in there.

@github-actions github-actions Bot removed the packages label Apr 15, 2024
@Always-prog

Copy link
Copy Markdown
Contributor Author

@rusackas I see, ok. I have pushed commit with the fix 👍, please take a look!

@Always-prog

Always-prog commented May 26, 2024

Copy link
Copy Markdown
Contributor Author

I'll fix frontend errors soon

@rusackas rusackas requested a review from dpgaspar June 3, 2024 17:57
@rusackas

Copy link
Copy Markdown
Member

Looks like this one just... never finished CI for some reason. Closing/reopening to kick start this now... let's see if we can get it merged!

@rusackas rusackas closed this Mar 21, 2025
@rusackas rusackas reopened this Mar 21, 2025
// but is hardcoded in backend logic already, so...
const ADMIN_ROLE_NAME = 'admin';
const bootstrapData = getBootstrapData();
const ADMIN_ROLE_NAME = bootstrapData.common.conf.AUTH_ROLE_ADMIN || 'Admin';

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mmmmh, seems ADMIN_ROLE_NAME != AUTH_ROLE_ADMIN. AUTH_ROLE_ADMIN probably exist do it can diverge from the global ADMIN_ROLE - assuming this exists. Maybe FAB exposes it somewhere? Would have to be carried to the frontend?

@rusackas

Copy link
Copy Markdown
Member

This is coming together nicely, @Always-prog. Pulling AUTH_ROLE_ADMIN from getBootstrapData() is exactly what I was hoping for. Mind reverting the seemingly accidental file-mode change on shim.tsx and I'll review/approve?

@rusackas rusackas force-pushed the fix/remove-hardcode-of-admin-role branch from 9c1ac86 to 95ef7cc Compare June 27, 2026 09:11

@bito-code-review bito-code-review Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review Agent Run #080cad

Actionable Suggestions - 1
  • superset-frontend/src/dashboard/util/permissionUtils.ts - 1
    • Incomplete test coverage for configurable admin role · Line 29-30
Additional Suggestions - 1
  • superset/views/base.py - 1
    • Missing test for new config exposure · Line 76-76
      New config key `AUTH_ROLE_ADMIN` is exposed to frontend but lacks a corresponding unit test. Existing pattern at line 73-76 tests `DEFAULT_MAP_RENDERER` exposure. Per rule [11730], new features should include unit tests covering success paths and validation scenarios.
Review Details
  • Files reviewed - 3 · Commit Range: b7e9497..95ef7cc
    • superset-frontend/src/dashboard/util/permissionUtils.ts
    • superset/config.py
    • superset/views/base.py
  • Files skipped - 0
  • Tools
    • MyPy (Static Code Analysis) - ✔︎ Successful
    • Astral Ruff (Static Code Analysis) - ✔︎ Successful
    • Whispers (Secret Scanner) - ✔︎ Successful
    • Detect-secrets (Secret Scanner) - ✔︎ Successful
    • Eslint (Linter) - ✔︎ Successful

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

  • /review - Manually triggers a full AI review.

  • /pause - Pauses automatic reviews on this pull request.

  • /resume - Resumes automatic reviews.

  • /resolve - Marks all Bito-posted review comments as resolved.

  • /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

AI Code Review powered by Bito Logo

Comment on lines +29 to +30
const bootstrapData = getBootstrapData();
const ADMIN_ROLE_NAME = bootstrapData.common.conf.AUTH_ROLE_ADMIN || 'Admin';

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Incomplete test coverage for configurable admin role

The module-level getBootstrapData() call is not mocked in tests, creating a testing gap for the new configurable ADMIN_ROLE_NAME functionality. Tests rely on DEFAULT_BOOTSTRAP_DATA which has conf: {}, so the custom AUTH_ROLE_ADMIN path is never exercised. Consider adding mock setup in beforeAll to control the admin role name and verify case-insensitive matching behavior for both default and custom values.

Code Review Run #080cad


Should Bito avoid suggestions like this for future reviews? (Manage Rules)

  • Yes, avoid them

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
@netlify

netlify Bot commented Jul 5, 2026

Copy link
Copy Markdown

Deploy Preview for superset-docs-preview ready!

Name Link
🔨 Latest commit 828cc5e
🔍 Latest deploy log https://app.netlify.com/projects/superset-docs-preview/deploys/6a4acf9f0ffaf50008dbf6d4
😎 Deploy Preview https://deploy-preview-27779--superset-docs-preview.netlify.app
📱 Preview on mobile
Toggle QR Code...

QR Code

Use your smartphone camera to open QR code link.
🤖 Make changes Run an agent on this branch

To edit notification comments on pull requests, go to your Netlify project configuration.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

5 participants