Admin can not overwrite chart from another owner

mattitoo commented 1 year ago

When an Admin opens a chart which is owned by a different user, the Admin can not save and overwrite the existing chart

How to reproduce the bug

Login as Admin
Open an existing chart owned by another user
Click on Save

Expected results

Admin can choose to overwrite the chart

Actual results

The Overwrite option is disabled

Screenshots

Environment

superset version: 2.1.0
python version: python --version
node.js version: node -v
any feature flags active: FEATURE_FLAGS = { "DASHBOARD_NATIVE_FILTERS": True, "THUMBNAILS": False, "LISTVIEWS_DEFAULT_CARD_VIEW" : False, "THUMBNAILS_SQLA_LISTENERS": False, "ENABLE_EXPLORE_DRAG_AND_DROP": True, "ENABLE_TEMPLATE_PROCESSING": True, "DASHBOARD_CROSS_FILTERS": True, "GENERIC_CHART_AXES": True, "ENABLE_DND_WITH_CLICK_UX": True, "UX_BETA": True, "ALERT_REPORTS": True, "DASHBOARD_RBAC": True, "ALLOW_ADHOC_SUBQUERY" : True, "HORIZONTAL_FILTER_BAR": True, }

Checklist

Make sure to follow these steps before submitting your issue - thank you!

[ ] I have checked the superset logs for python stacktraces and included it here as text if there are any.
[x] I have reproduced the issue with at least the latest released version of superset.
[x] I have checked the issue tracker for the same issue and I haven't found one similar.

Additional context

Add any other context about the problem here.

benjamin-musil commented 1 year ago

I also have this same issue. I am an admin and another admin created a chart but I have to save a new chart instead of being able to overwrite.

davidgcameron commented 1 year ago

As a workaround you can create a database trigger which will automatically give all admins ownership of newly created charts:

CREATE TRIGGER add_admin_role AFTER INSERT ON slices
FOR EACH ROW
  INSERT INTO slice_user(user_id, slice_id)
  SELECT user_id, NEW.id FROM ab_user_role
    WHERE role_id=(SELECT id FROM ab_role WHERE name='Admin') AND
    user_id != NEW.created_by_fk;

And you can give admins ownership of existing charts by running this query for each admin user id (replacing with the user_id):

INSERT INTO slice_user (user_id, slice_id)
SELECT distinct <user_id>, slice_id FROM slice_user
WHERE slice_id NOT IN
  (SELECT slice_id FROM slice_user WHERE user_id=<user_id>)
  AND slice_id IN (SELECT id FROM slices);

Hope this helps.

iercan commented 1 year ago

This bug exist from 2.0. Hoped to see it fixed on 2.1.1 but disappointed.

eschutho commented 1 year ago

Thanks @iercan for reporting! Do you know if this is still broken in 3.0?

iercan commented 1 year ago

Thanks @iercan for reporting! Do you know if this is still broken in 3.0?

I don't know about 3.0

lf-floriandin commented 1 year ago

@eschutho Still exists in 3.0

rusackas commented 7 months ago

Is anyone able to validate if this is still unresolved in 3.1 or the 4.0 release candidate?

carmoIn commented 6 months ago

@rusackas Yes it still exists in version 4.0.0

Physicalpixel commented 5 months ago

As a workaround you can create a database trigger which will automatically give all admins ownership of newly created charts:
CREATE TRIGGER add_admin_role AFTER INSERT ON slices
FOR EACH ROW
  INSERT INTO slice_user(user_id, slice_id)
  SELECT user_id, NEW.id FROM ab_user_role
    WHERE role_id=(SELECT id FROM ab_role WHERE name='Admin') AND
    user_id != NEW.created_by_fk;
And you can give admins ownership of existing charts by running this query for each admin user id (replacing with the user_id):
INSERT INTO slice_user (user_id, slice_id)
SELECT distinct <user_id>, slice_id FROM slice_user
WHERE slice_id NOT IN
  (SELECT slice_id FROM slice_user WHERE user_id=<user_id>)
  AND slice_id IN (SELECT id FROM slices);
Hope this helps.

Hi, I am importing a csv and facing this issue, where exactly do I create a scheme like this? Any help you can provide will be much appreciated.

mtrentz commented 5 months ago

I'm on 4.0.1 and also have this issue. Really wish that admins had the power to edit any chart without having to add yourself as owner :)

mtrentz commented 5 months ago

To contribute to the SQL solutions here this query adds all admins as owner into all existing charts:

INSERT INTO slice_user (user_id, slice_id)
SELECT DISTINCT u.user_id, s.id
FROM slices s
     JOIN ab_user_role u ON u.user_id NOT IN (SELECT user_id FROM slice_user WHERE slice_id = s.id)
WHERE u.role_id = (SELECT id FROM ab_role WHERE name = 'Admin');

tiagobmarinho commented 1 month ago

Nothing has changed, this feature is important to be implemented. Otherwise, everytime that an admin creates a new chart he needs to manually edit and insert others admins.

eschutho commented 1 month ago

If someone wants to contribute a fix for this, you can try something like this in superset-frontend/src/explore/components/SaveModal.tsx:

canOverwriteSlice(): boolean {
    const { user } = this.props;
    const isAdmin = user.roles?.Admin;
    return (
      (this.props.slice?.owners?.includes(user.userId) || isAdmin) &&
      !this.props.slice?.is_managed_externally
    );
  }

I haven't tested to see if the backend would allow this operation, but I suspect that it will. We'll help review it for you.

MasudOsmanmr9 commented 3 weeks ago

any user can access any user's dataset and chart. actually super set created it in permisssion access architecture,

if you go to cahrts page where all chart are listed

u will see there there is owners column where it shows which owner have access on this chart, onlu those user can overwrite it!

so in chart page at last column you can see actions

if u hover on that column there will an edit button will be shown for every chart individually , if u click that button a pop will come out where u will find an access filed there you can set which user can also edit this charts

same things u can do with datasets

apache / superset