[I] Bug Report: Mismatch between Backend Permission Names ("can_list") and Frontend Checks ("can list") in RightMenu.tsx [superset]

[via GitHub]

BearCat77 opened a new issue, #36589:
URL: https://github.com/apache/superset/issues/36589

   ### Bug description
   
   I discovered a regression/bug where the "Security" section (List Users, List 
Roles) in the top-right navigation menu is hidden for authorized users.
   
   The issue stems from a mismatch between the permission string defined in the 
backend ( can_list with an underscore) and the string checked in the frontend 
RightMenu.tsx (originally can list with a space).
   
   - Backend : In superset/security/manager.py , the permission is referenced 
as can_list .
   - Frontend : In superset-frontend/src/features/home/RightMenu.tsx , the code 
checks for findPermission('can list', ...) (space).
   Since the backend API returns can_list in the user's role payload, the 
frontend check findPermission('can list', ...) fails, and the menu items are 
never rendered.
   1. Frontend ( superset-frontend/src/features/home/RightMenu.tsx ):
      
      - Current behavior (Bug):
        ```
        if (findPermission('can list', 
        'UserDBModelView', roles)) 
        { ... }
        if (findPermission('can list', 
        'RoleModelView', roles)) 
        { ... }
        ```
      - Proposed Fix (Works locally):
        ```
        if (findPermission('can_list', 
        'UserDBModelView', roles)) 
        { ... }
        if (findPermission('can_list', 
        'RoleModelView', roles)) 
        { ... }
        ```
   Environment:
   
   ### Screenshots/recordings
   
   _No response_
   
   ### Superset version
   
   master / latest-dev
   
   ### Python version
   
   3.10
   
   ### Node version
   
   16
   
   ### Browser
   
   Chrome
   
   ### Additional context
   
   _No response_
   
   ### Checklist
   
   - [x] I have searched Superset docs and Slack and didn't find a solution to 
my problem.
   - [x] I have searched the GitHub issue tracker and didn't find a similar bug 
report.
   - [x] I have checked Superset's logs for errors and if I found a relevant 
Python stacktrace, I included it here as text in the "additional context" 
section.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org