Re: [PR] fix: Hide View in SQL Lab for users without access [superset]

Wed, 23 Jul 2025 19:43:15 -0700 


korbit-ai[bot] commented on code in PR #34293:
URL: https://github.com/apache/superset/pull/34293#discussion_r2227193483


##########
superset-frontend/src/explore/components/controls/ViewQuery.tsx:
##########
@@ -89,6 +92,9 @@ const ViewQuery: FC<ViewQueryProps> = props => {
   const [showFormatSQL, setShowFormatSQL] = useState(true);
   const history = useHistory();
   const currentSQL = (showFormatSQL ? formattedSQL : sql) ?? sql;
+  const canAccessSQLLab = useSelector((state: RootState) =>
+    findPermission('menu_access', 'SQL Lab', state.user?.roles),
+  );

Review Comment:
   ### Incomplete SQL Lab Permission Check <sub>![category 
Functionality](https://img.shields.io/badge/Functionality-0284c7)</sub>
   
   <details>
     <summary>Tell me more</summary>
   
   ###### What is the issue?
   The permission check only verifies 'menu_access' for SQL Lab, which might 
not be sufficient to determine if a user can actually use SQL Lab functionality.
   
   
   ###### Why this matters
   A user might have menu access but lack the necessary permissions to execute 
queries or view data in SQL Lab, leading to a confusing user experience where 
they can click the button but can't use the feature.
   
   ###### Suggested change ∙ *Feature Preview*
   Add additional permission checks to verify the user has all required 
permissions to use SQL Lab:
   ```typescript
   const canAccessSQLLab = useSelector((state: RootState) =>
     findPermission('menu_access', 'SQL Lab', state.user?.roles) &&
     findPermission('can_sql_json', 'Superset', state.user?.roles)
   );
   ```
   
   
   ###### Provide feedback to improve future suggestions
   [![Nice 
Catch](https://img.shields.io/badge/👍%20Nice%20Catch-71BC78)](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/33c15fc7-f32b-4d0a-8258-71ff29a36143/upvote)
 
[![Incorrect](https://img.shields.io/badge/👎%20Incorrect-white)](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/33c15fc7-f32b-4d0a-8258-71ff29a36143?what_not_true=true)
  [![Not in 
Scope](https://img.shields.io/badge/👎%20Out%20of%20PR%20scope-white)](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/33c15fc7-f32b-4d0a-8258-71ff29a36143?what_out_of_scope=true)
 [![Not in coding 
standard](https://img.shields.io/badge/👎%20Not%20in%20our%20standards-white)](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/33c15fc7-f32b-4d0a-8258-71ff29a36143?what_not_in_standard=true)
 
[![Other](https://img.shields.io/badge/👎%20Other-white)](https://app.korbit.ai/feedback/aa91ff46-6083-4491-9416-b83dd1994b51/33c15fc7-f32b-4d0a-8258-71ff29a36143)
   </details>
   
   <sub>
   
   💬 Looking for more details? Reply to this comment to chat with Korbit.
   </sub>
   
   <!--- korbi internal id:2e30dcea-93ec-4f1e-9643-339691a5d826 -->
   
   
   [](2e30dcea-93ec-4f1e-9643-339691a5d826)



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to