fix: Alpha should not be able to edit datasets that they don't own (#19854)

* fix api for checking owners * fix styles for disabling * fix styles for disabling * fix lint * fix lint * add owners key * plzz * remove * update test * add tooltip * add type * fix test * fix user reference * lit * fix test * work
2026-05-12 11:25:56 +00:00 · 2022-04-29 14:21:05 -07:00
parent ada1575177
commit 8b15b68979
10 changed files with 127 additions and 30 deletions
--- a/superset-frontend/src/explore/components/controls/DatasourceControl/DatasourceControl.test.jsx
+++ b/superset-frontend/src/explore/components/controls/DatasourceControl/DatasourceControl.test.jsx
@@ -41,6 +41,7 @@ const defaultProps = {
    id: 1,
    columns: [],
    metrics: [],
+    owners: [{ username: 'admin', userId: 1 }],
    database: {
      backend: 'mysql',
      name: 'main',
@@ -51,6 +52,17 @@ const defaultProps = {
    setDatasource: sinon.spy(),
  },
  onChange: sinon.spy(),
+  user: {
+    createdOn: '2021-04-27T18:12:38.952304',
+    email: 'admin',
+    firstName: 'admin',
+    isActive: true,
+    lastName: 'admin',
+    permissions: {},
+    roles: { Admin: Array(173) },
+    userId: 1,
+    username: 'admin',
+  },
 };

 describe('DatasourceControl', () => {
@@ -107,6 +119,7 @@ describe('DatasourceControl', () => {
        id: 1,
        columns: [],
        metrics: [],
+        owners: [{ username: 'admin', userId: 1 }],
        database: {
          backend: 'druid',
          name: 'main',
--- a/superset-frontend/src/explore/components/controls/DatasourceControl/DatasourceControl.test.tsx
+++ b/superset-frontend/src/explore/components/controls/DatasourceControl/DatasourceControl.test.tsx
@@ -48,6 +48,17 @@ const createProps = () => ({
  name: 'datasource',
  actions: {},
  isEditable: true,
+  user: {
+    createdOn: '2021-04-27T18:12:38.952304',
+    email: 'admin',
+    firstName: 'admin',
+    isActive: true,
+    lastName: 'admin',
+    permissions: {},
+    roles: { Admin: Array(173) },
+    userId: 1,
+    username: 'admin',
+  },
  onChange: jest.fn(),
  onDatasourceSave: jest.fn(),
 });
--- a/superset-frontend/src/explore/components/controls/DatasourceControl/index.jsx
+++ b/superset-frontend/src/explore/components/controls/DatasourceControl/index.jsx
@@ -35,6 +35,7 @@ import Button from 'src/components/Button';
 import ErrorAlert from 'src/components/ErrorMessage/ErrorAlert';
 import WarningIconWithTooltip from 'src/components/WarningIconWithTooltip';
 import { URL_PARAMS } from 'src/constants';
+import { isUserAdmin } from 'src/dashboard/util/findPermission';

 const propTypes = {
  actions: PropTypes.object.isRequired,
@@ -196,12 +197,32 @@ class DatasourceControl extends React.PureComponent {
    }

    const isSqlSupported = datasource.type === 'table';
+    const { user } = this.props;
+    const allowEdit =
+      datasource.owners.map(o => o.id).includes(user.userId) ||
+      isUserAdmin(user);
+
+    const editText = t('Edit dataset');

    const datasourceMenu = (
      <Menu onClick={this.handleMenuItemClick}>
        {this.props.isEditable && (
-          <Menu.Item key={EDIT_DATASET} data-test="edit-dataset">
-            {t('Edit dataset')}
+          <Menu.Item
+            key={EDIT_DATASET}
+            data-test="edit-dataset"
+            disabled={!allowEdit}
+          >
+            {!allowEdit ? (
+              <Tooltip
+                title={t(
+                  'You must be a dataset owner in order to edit. Please reach out to a dataset owner to request modifications or edit access.',
+                )}
+              >
+                {editText}
+              </Tooltip>
+            ) : (
+              editText
+            )}
          </Menu.Item>
        )}
        <Menu.Item key={CHANGE_DATASET}>{t('Change dataset')}</Menu.Item>