fix(nav): infinite redirect and upload dataset nav permissions

[ktmud]

SUMMARY

Currently there is an infinite redirect on the login page (when users are not logged in) that is triggered by an unfortunate sequence of changes:

1. #17597 added redirect to login when API request returns 401
2. #19051 starts to call the /api/v1/database API to find out whether there are databases with file upload enabled, even when the menu is rendered on a page where users haven't logged in. (Although I'm not sure why the redirects didn't show up in fix: update Permissions for right nav #19051's ephemeral environment.)

While debugging, I also found out that users without admin access will also see an empty "Data" menu, so I fixed that as well.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

When logged in as non admin users:

Before

There is an empty Data menu item with no submenu.

After

The Data menu item is removed

TESTING INSTRUCTIONS

1. Log out and go to <superset url>/login. You may see infinitely redirect without this PR. For example, check the ephemeral environment of chore(build): upgrade less-loader #19703
2. Log in as a non-admin user (e.g. username: alpha, passwd: general), check whether the empty menu item still exists.

ADDITIONAL INFORMATION

• Has associated issue:
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[ktmud]

Only redirect when we are not on the login page so we never see infinite redirect caused by the API client ever again.

[ktmud]

Be more explicit what is the default. I kind of feel this should probably default to true but that's another topic. Async API requests should never implicitly redirect users as it may often cause surprises. There should be better error handling on the API user side instead.

cc @geido @kgabryje could you give more context on why #17597 made redirects on 401 the default?

[nytai]

I strongly agree here, this behavior is quite surprising from an api client. Though I guess this approach involves the least amount of code changes.

From a UX perspective I'd suggest presenting the user with the option to re-auth. There could be unsaved work that would be lost via a the redirect.

[ktmud]

@geido @kgabryje @suddjian do you mind following up here to change the default to true and set it to false where needed? I'm not familiar where we wanted the redirect behavior to be the default.

[etr2460]

I think we always want to redirect to login on a 401. 401 means that there's no auth token at all. 403 should be used if the user is forbidden, right?

[ktmud]

@etr2460 This option was actually added by @suddjian because he had a case where redirects aren't desired: #19144 (i.e. when Superset in embedded in another app)

[etr2460]

ahh i see. so we're fine with rendering some stuff even when a user is logged out. I guess that's fine then, carry on!

[geido]

We will have a conversation about having the default to true and we'll follow up. Thank you!

[ktmud]

Bycatch: only render the DatabaseModal when users can create new database connection.

[ktmud]

Bycatch: fix a React warning about nested <li />s.

[nytai]

I strongly agree here, this behavior is quite surprising from an api client. Though I guess this approach involves the least amount of code changes.

From a UX perspective I'd suggest presenting the user with the option to re-auth. There could be unsaved work that would be lost via a the redirect.

[codecov]

Codecov Report

Merging #19708 (751dfd8) into master (5fc0651) will decrease coverage by 0.00%.
The diff coverage is 45.83%.

@@            Coverage Diff             @@
##           master   #19708      +/-   ##
==========================================
- Coverage   66.51%   66.50%   -0.01%     
==========================================
  Files        1684     1684              
  Lines       64560    64570      +10     
  Branches     6625     6630       +5     
==========================================
+ Hits        42939    42941       +2     
- Misses      19926    19931       +5     
- Partials     1695     1698       +3     

Flag	Coverage Δ
javascript	51.14% <45.83%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
superset-frontend/src/views/components/SubMenu.tsx	85.96% <ø> (ø)
...perset-frontend/src/views/components/MenuRight.tsx	60.63% <31.57%> (-6.03%)	⬇️
...rset-ui-core/src/connection/SupersetClientClass.ts	100.00% <100.00%> (ø)
superset-frontend/src/views/CRUD/utils.tsx	64.80% <100.00%> (+0.28%)	⬆️

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 5fc0651...751dfd8. Read the comment docs.

[sadpandajoe]

🏷️ preset:2022.15