Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions superset-frontend/src/dashboard/util/permissionUtils.ts
Original file line number Diff line number Diff line change
Expand Up @@ -24,17 +24,17 @@ import {
} from 'src/types/bootstrapTypes';
import { Dashboard } from 'src/types/Dashboard';
import { findPermission } from 'src/utils/findPermission';
import getBootstrapData from 'src/utils/getBootstrapData';

// this should really be a config value,
// but is hardcoded in backend logic already, so...
const ADMIN_ROLE_NAME = 'admin';
const bootstrapData = getBootstrapData();
const ADMIN_ROLE_NAME = bootstrapData.common.conf.AUTH_ROLE_ADMIN || 'Admin';

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Mmmmh, seems ADMIN_ROLE_NAME != AUTH_ROLE_ADMIN. AUTH_ROLE_ADMIN probably exist do it can diverge from the global ADMIN_ROLE - assuming this exists. Maybe FAB exposes it somewhere? Would have to be carried to the frontend?

Comment on lines +29 to +30

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Incomplete test coverage for configurable admin role

The module-level getBootstrapData() call is not mocked in tests, creating a testing gap for the new configurable ADMIN_ROLE_NAME functionality. Tests rely on DEFAULT_BOOTSTRAP_DATA which has conf: {}, so the custom AUTH_ROLE_ADMIN path is never exercised. Consider adding mock setup in beforeAll to control the admin role name and verify case-insensitive matching behavior for both default and custom values.

Code Review Run #080cad


Should Bito avoid suggestions like this for future reviews? (Manage Rules)

  • Yes, avoid them


export const isUserAdmin = (
user?: UserWithPermissionsAndRoles | UndefinedUser,
) =>
isUserWithPermissionsAndRoles(user) &&
Object.keys(user.roles || {}).some(
role => role.toLowerCase() === ADMIN_ROLE_NAME,
role => role.toLowerCase() === ADMIN_ROLE_NAME.toLowerCase(),
);

const isUserDashboardOwner = (
Expand Down
3 changes: 1 addition & 2 deletions superset/config.py
Original file line number Diff line number Diff line change
Expand Up @@ -460,8 +460,7 @@ def _try_json_readsha(filepath: str, length: int) -> str | None:
# AUTH_REMOTE_USER : Is for using REMOTE_USER from web server
AUTH_TYPE = AUTH_DB

# Uncomment to setup Full admin role name
# AUTH_ROLE_ADMIN = 'Admin'
# AUTH_ROLE_ADMIN = "Admin"

# Uncomment to setup Public role name, no authentication needed
# AUTH_ROLE_PUBLIC = 'Public'
Expand Down
1 change: 1 addition & 0 deletions superset/views/base.py
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@
from .utils import bootstrap_user_data, get_config_value

FRONTEND_CONF_KEYS = (
"AUTH_ROLE_ADMIN",
"SUPERSET_WEBSERVER_TIMEOUT",
"SUPERSET_DASHBOARD_POSITION_DATA_LIMIT",
"SUPERSET_DASHBOARD_PERIODICAL_REFRESH_LIMIT",
Expand Down
Loading