Without "can write on DashboardPermalinkRestApi", a click on a anchor (tabs or header) redirect to login page

[xavier-GitHub76]

Bug description

Without "can write to DashboardPermalinkRestApi", clicking on an anchor (tabs or header) redirects to the login page

The anchor should only be displayed if permission is present

How to reproduce the bug

Click on a anchor

Screenshots/recordings

or -->

Superset version

4.0.2

Python version

3.9

Node version

16

Browser

Chrome

Additional context

No response

Checklist

• [X] I have searched Superset docs and Slack and didn't find a solution to my problem.
• [X] I have searched the GitHub issue tracker and didn't find a similar bug report.
• [X] I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.

[dosubot[bot]]

I found a similar closed issue that might be relevant to your problem: How to disable authentication to bypass login? ^[1].

Regarding your specific issue, the expected behavior for users without the "can write to DashboardPermalinkRestApi" permission is that they should receive a 404 Not Found response when attempting to create a new dashboard's permanent link, not a redirection to the login page ^[2][3][4].

The logic for rendering anchors (tabs or headers) and their visibility based on permissions is managed within the Header component. The visibility of these elements is controlled by props such as userCanEdit, userCanShare, userCanSave, and userCanCurate ^[5][6][7].

To address the issue, you should ensure that the anchors are only displayed if the user has the necessary permissions. This can be done by checking the relevant permissions before rendering the anchors in the Header component.

To continue talking to Dosu, mention @dosu.