fnardin-maystreet opened a new pull request, #32995: URL: https://github.com/apache/superset/pull/32995
### SUMMARY In both `Dashboards`, `Datasets`, `Charts` pages the delete and edit buttons are shown on the only condition that the user has `can_write` permission even if not the owner. Attempting to delete or edit an object results in a `Forbidden` error. This PR fixes the button disabled status in the frontend preventing the user from attempting to delete or edit a resource it has no permission to. ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF All three pages will show the delete and edit buttons as disabled if the user is not an owner or an admin: <img width="491" alt="Screenshot 2025-04-03 at 11 35 45" src="https://github.com/user-attachments/assets/37849f3b-18de-492a-bb26-ae7ccd792bcb"; /> ### TESTING INSTRUCTIONS Create a dashboard, a chart, and a dataset with an user and try to edit / delete them with a different user. ### ADDITIONAL INFORMATION <!--- Check any relevant boxes with "x" --> <!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue --> - [x] Has associated issue: - #18870 - #32981 - [ ] Required feature flags: - [x] Changes UI - [ ] Includes DB Migration (follow approval process in [SIP-59](https://github.com/apache/superset/issues/13351)) - [ ] Migration is atomic, supports rollback & is backwards-compatible - [ ] Confirm DB migration upgrade and downgrade tested - [ ] Runtime estimates and downtime expectations provided - [ ] Introduces new feature or API - [ ] Removes existing feature or API -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
