ss-ravi opened a new issue, #26470: URL: https://github.com/apache/superset/issues/26470
When I add a specific permission to the public role, the api related to that permission stops working. #### How to reproduce the bug 1. Make a superset instance with an empty public role 2. Add a chart to superset 3. use the `/api/v1/security/login` to get a token for an admin user 4. use the `/api/v1/chart` with the admin token to get a list of all charts (this should work as expected) 5. Add the `can read on Chart` permission to the public role 6. use the `/api/v1/chart` with the admin token to get a list of all charts (an empty list is returned) ### Expected results The output for the API should be the same after we add the permission to the public role, since we are using a bearer token for an admin user. ### Actual results An empty list is returned when the public role has the permission. It seems that if the public role has the permission, the bearer token is ignored. ### Environment - browser type and version: - - superset version: not sure.. using the `:latest` docker image tag as of jan 12 2024 (8a254ef5f41b) - any feature flags active: ALERT_REPORTS, EMBEDDED_SUPERSET, ENABLE_JAVASCRIPT_CONTROLS, DRILL_BY, DRILL_TO_DETAIL, ENABLE_TEMPLATE_PROCESSING -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org
