propellerjet opened a new issue, #36244: URL: https://github.com/apache/superset/issues/36244
### Bug description **Preconditions:** - Two users: User 1 and User 2. - A dashboard named "Dashboard 1" exists, owned by User 1. - User 2 has a role with the "can write on dashboard" permission, which is also the permission that grants the ability to import dashboards. **Steps to Reproduce:** 1. As User 2, export "Dashboard 1" (owned by User 1). 2. As User 2, import the previously exported dashboard file into the same Superset instance. 3. After the import is complete, navigate to the list of dashboards and open the imported dashboard. 4. Go to the dashboard's properties to view the list of owners. **Result:** The list of owners for the imported dashboard includes User 2 in addition to the original owner User 1. User 2 now has full owner-level privileges over this dashboard. **Expected Result:** The import process should enforce a secure workflow that prevents unauthorized users from altering original dashboards or claiming ownership. If a user who is **not** an owner of a dashboard imports it, the system should create a copy of that dashboard. The user should be the owner of this new copy, but the original exported dashboard (owned by another user) should remain unchanged and unaffected. Furthermore, for a user who is not an owner of the original dashboard, the option to "Overwrite" an existing dashboard during import should not be available or should be disabled. This prevents users from overwriting dashboards they do not own. **Additional Notes:** The "can write on dashboard" permission is intended to allow users to create and edit dashboards, should be seperated from possibility to import dashboard. ### Screenshots/recordings _No response_ ### Superset version 4.1.3 ### Python version 3.9 ### Node version 16 ### Browser Chrome ### Additional context previously this logic was added in https://github.com/apache/superset/pull/16656 ### Checklist - [x] I have searched Superset docs and Slack and didn't find a solution to my problem. - [x] I have searched the GitHub issue tracker and didn't find a similar bug report. - [ ] I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
