Able to delete the dashboard with write permission even though I am not an admin or owner #3089
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: SupersetBot Workflow | |
on: | |
issue_comment: | |
types: [created, edited] | |
# Making the workflow testable since `issue_comment` only triggers on | |
# the default branch | |
workflow_dispatch: | |
inputs: | |
comment_body: | |
description: 'Comment Body' | |
required: true | |
type: string | |
jobs: | |
supersetbot: | |
runs-on: ubuntu-latest | |
if: > | |
github.event_name == 'workflow_dispatch' || | |
(github.event_name == 'issue_comment' && contains(github.event.comment.body, '@supersetbot')) | |
permissions: | |
contents: read | |
pull-requests: write | |
issues: write | |
steps: | |
- name: Quickly add thumbs up! | |
if: github.event_name == 'issue_comment' && contains(github.event.comment.body, '@supersetbot') | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
const [owner, repo] = process.env.GITHUB_REPOSITORY.split('/') | |
await github.rest.reactions.createForIssueComment({ | |
owner, | |
repo, | |
comment_id: context.payload.comment.id, | |
content: '+1' | |
}); | |
- name: "Checkout ( ${{ github.sha }} )" | |
uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Setup supersetbot | |
uses: ./.github/actions/setup-supersetbot/ | |
- name: Execute custom Node.js script | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
GITHUB_ACTOR: ${{ github.actor }} | |
GITHUB_REPOSITORY: ${{ github.repository }} | |
GITHUB_ISSUE_NUMBER: ${{ github.event.issue.number }} | |
COMMENT_BODY: ${{ github.event.comment.body }}${{ github.event.inputs.comment_body }} | |
run: | | |
supersetbot run "$COMMENT_BODY" |