Re: [PR] feat(gsheets): restore public/private sheet selector and fix on-blur required errors [superset]

[via GitHub]

codeant-ai-for-open-source[bot] commented on code in PR #40466:
URL: https://github.com/apache/superset/pull/40466#discussion_r3324585562


##########
superset-frontend/src/features/databases/DatabaseModal/DatabaseConnectionForm/index.tsx:
##########
@@ -16,11 +16,30 @@
  * specific language governing permissions and limitations
  * under the License.
  */
+import { useEffect, useState } from 'react';
 import { SupersetTheme } from '@apache-superset/core/theme';
 import { Form } from '@superset-ui/core/components';
 import { FormFieldOrder, FORM_FIELD_MAP } from './constants';
 import { formScrollableStyles, validatedFormStyles } from '../styles';
-import { DatabaseConnectionFormProps } from '../../types';
+import {
+  DatabaseConnectionFormProps,
+  DatabaseObject,
+  Engines,
+} from '../../types';
+
+const computeInitialIsPublic = (
+  database: Partial<DatabaseObject> | null | undefined,
+): boolean => {
+  if (!database || database.engine !== Engines.GSheet) return true;
+  if (
+    database.masked_encrypted_extra &&
+    database.masked_encrypted_extra !== '{}'
+  ) {
+    return false;
+  }
+  if (database.parameters?.service_account_info) return false;
+  return true;

Review Comment:
   **Suggestion:** The initial public/private derivation does not check for 
`oauth2_client_info` in `database.parameters`, so an OAuth2-configured Google 
Sheets connection can be misclassified as public when `masked_encrypted_extra` 
is empty. That hides OAuth2 fields on edit and risks submitting an update that 
drops existing private-auth configuration. Include an explicit 
`database.parameters?.oauth2_client_info` check in the initial-state 
computation. [api mismatch]
   
   <details>
   <summary><b>Severity Level:</b> Major ⚠️</summary>
   
   ```mdx
   - ⚠️ GSheets OAuth2 databases can appear as public-only in UI.
   - ⚠️ OAuth2 client controls hidden despite active OAuth2 configuration.
   - ⚠️ Users may unknowingly misconfigure private sheet access.
   ```
   </details>
   <details>
   <summary><b>Steps of Reproduction ✅ </b></summary>
   
   ```mdx
   1. Create or configure a Google Sheets database whose backend properties 
include OAuth2
   client configuration only under `parameters.oauth2_client_info` and not under
   `masked_encrypted_extra`, as exercised in
   `test_validate_parameters_skips_oauth2_connections_with_parameters` at
   `tests/unit_tests/db_engine_specs/test_gsheets.py:29-38` 
(properties.parameters contains
   `"oauth2_client_info": {"id": "client-id", "secret": "client-secret"}` with 
no
   `"masked_encrypted_extra"` key).
   
   2. Open the edit modal for this database in the UI, which uses 
`DatabaseModal` to fetch
   the resource and store it in React state via the `dbReducer` Fetched branch 
at
   `superset-frontend/src/features/databases/DatabaseModal/index.tsx:149-195`, 
then renders
   `<DatabaseConnectionForm db={db as DatabaseObject} ... />` in
   `renderDatabaseConnectionForm` at
   `superset-frontend/src/features/databases/DatabaseModal/index.tsx:88-96`.
   
   3. On first render with the fetched `db`, `DatabaseConnectionForm` 
initializes and then
   re-derives the `isPublic` state using `computeInitialIsPublic(db)` inside 
the `useEffect`
   at
   
`superset-frontend/src/features/databases/DatabaseModal/DatabaseConnectionForm/index.tsx:74-85`;
   since the current implementation only checks 
`database.masked_encrypted_extra` and
   `database.parameters?.service_account_info` (lines 33-40) and does not 
inspect
   `database.parameters?.oauth2_client_info`, it returns `true` even though 
OAuth2 client
   info is present in parameters.
   
   4. With `isPublic` incorrectly set to `true` for a GSheets engine, all 
private-auth UI is
   hidden: `OAuth2ClientField` returns `null` when `db?.engine === 
Engines.GSheet &&
   isPublic` at
   
`superset-frontend/src/features/databases/DatabaseModal/DatabaseConnectionForm/OAuth2ClientField.tsx:80-82`,
   `EncryptedField` hides the credentials section for GSheets when `isPublic` 
is true at
   
`superset-frontend/src/features/databases/DatabaseModal/DatabaseConnectionForm/EncryptedField.tsx:62-65`,
   and `TableCatalog` hides the helper text about needing credentials at
   
`superset-frontend/src/features/databases/DatabaseModal/DatabaseConnectionForm/TableCatalog.tsx:36-41`,
   so editing this connection in the UI misclassifies it as "public-only" and 
prevents users
   from seeing or managing their existing OAuth2 configuration.
   ```
   </details>
   
   [Fix in 
Cursor](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=591b13da73fc4a9589ae15dbe2f4a821&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
 | [Fix in VSCode 
Claude](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=591b13da73fc4a9589ae15dbe2f4a821&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
   
   *(Use Cmd/Ctrl + Click for best experience)*
   <details>
   <summary><b>Prompt for AI Agent 🤖 </b></summary>
   
   ```mdx
   This is a comment left during a code review.
   
   **Path:** 
superset-frontend/src/features/databases/DatabaseModal/DatabaseConnectionForm/index.tsx
   **Line:** 30:41
   **Comment:**
        *Api Mismatch: The initial public/private derivation does not check for 
`oauth2_client_info` in `database.parameters`, so an OAuth2-configured Google 
Sheets connection can be misclassified as public when `masked_encrypted_extra` 
is empty. That hides OAuth2 fields on edit and risks submitting an update that 
drops existing private-auth configuration. Include an explicit 
`database.parameters?.oauth2_client_info` check in the initial-state 
computation.
   
   Validate the correctness of the flagged issue. If correct, How can I resolve 
this? If you propose a fix, implement it and please make it concise.
   Once fix is implemented, also check other comments on the same PR, and ask 
user if the user wants to fix the rest of the comments as well. if said yes, 
then fetch all the comments validate the correctness and implement a minimal fix
   ```
   </details>
   <a 
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40466&comment_hash=fa767c14a2360f0ec16b6c30e426e3ab6ef414fd0cd44c9fee97824d76acfe6b&reaction=like'>👍</a>
 | <a 
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40466&comment_hash=fa767c14a2360f0ec16b6c30e426e3ab6ef414fd0cd44c9fee97824d76acfe6b&reaction=dislike'>👎</a>



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org