fix(rbac): widen permissions dropdown in role form

[shivzen-pixel]

SUMMARY

Fixes #40430.

This updates the permissions AsyncSelect dropdown in the role create/edit form so long permission names are easier to read.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

N/A

TESTING INSTRUCTIONS

• Ran npm run lint
• Rebuilt frontend plugin workspaces locally
• Manually verified the Permissions dropdown in:
  • Security → List Roles → Edit Role
  • Security → List Roles → + Role

ADDITIONAL INFORMATION

• Has associated issue: Select dropdown width is too narrow in Edit Role / Permissions #40430
• Required feature flags:
• Changes UI
• Includes DB Migration
• Introduces new feature or API
• Removes existing feature or API

Note: local npm run type surfaced unrelated plugin workspace TypeScript issues in plugin-chart-word-cloud and preset-chart-deckgl, not caused by this change.

[bito-code-review]

Code Review Agent Run #611179

Actionable Suggestions - 0

Review Details

• Files reviewed - 1 · Commit Range: 76f3e1b..76f3e1b

  • superset-frontend/src/features/roles/RoleFormItems.tsx
• Files skipped - 0
• Tools

  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

• /pause - Pauses automatic reviews on this pull request.

• /resume - Resumes automatic reviews.

• /resolve - Marks all Bito-posted review comments as resolved.

• /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

• Customize agent settings
• Review rules
• General documentation
• FAQ

AI Code Review powered by

[codeant-ai-for-open-source]

Suggestion: getPopupContainer must always return an HTMLElement, but closest('.ant-modal-content') can return null. When that happens, the select popup mounting path can fail at runtime; add a fallback container (for example parent element or document.body) so the callback never returns null. [null pointer]

Severity Level: Major ⚠️

- ❌ Permissions select dropdown can crash when modal container missing.
- ⚠️ Role create/edit UI becomes fragile to DOM changes.

Steps of Reproduction ✅

1. Open the Roles list page implemented in
`superset-frontend/src/pages/RolesList/index.tsx:320-359`, and trigger either the "+ Role"
add modal (`RoleListAddModal`) or the "Edit Role" modal (`RoleListEditModal`) by clicking
the corresponding action in the UI; both modals are rendered from this page.

2. In the Add Role flow, `RoleListAddModal` at
`superset-frontend/src/features/roles/RoleListAddModal.tsx:31-52` renders
`<PermissionsField addDangerToast={addDangerToast} />`, and in the Edit Role flow,
`RoleListEditModal` at
`superset-frontend/src/features/roles/RoleListEditModal.tsx:104-121,358-361` renders
`<PermissionsField addDangerToast={addDangerToast} loading={loadingRolePermissions} />`,
so the `PermissionsField` component is mounted inside an Ant Design `FormModal`.

3. `PermissionsField` is defined in
`superset-frontend/src/features/roles/RoleFormItems.tsx:44-62` and renders an
`AsyncSelect` with `getPopupContainer={trigger => trigger.closest('.ant-modal-content')}`
at line 57; when the user clicks the permissions dropdown, `AsyncSelect` forwards this
callback to its internal `StyledSelect` (see
`packages/superset-ui-core/src/components/Select/AsyncSelect.tsx:20-27` where
`getPopupContainer` is passed through).

4. At runtime, `StyledSelect` ultimately passes `getPopupContainer` down to the base
`Select` component (`packages/superset-ui-core/src/components/Select/Select.tsx:17-19`),
which expects a function returning an `HTMLElement`; however, the DOM API
`Element.closest()` used in `trigger.closest('.ant-modal-content')` is defined to return
`Element | null`, so in any situation where the trigger node has no ancestor matching
`.ant-modal-content` (for example if the modal markup changes or `PermissionsField` is
reused outside an Ant Design modal), this callback returns `null`, causing the Select's
popup mounting logic to receive a non-HTMLElement container and potentially throw at
runtime. Other call sites in this codebase (e.g. `ChartHolder` at
`src/dashboard/components/gridComponents/ChartHolder/ChartHolder.tsx:9-15` and
`AsyncSelect`'s default `triggerNode => triggerNode.parentNode` at
`AsyncSelect.tsx:25-27`) explicitly ensure a non-null fallback (often `document.body`),
confirming that always returning an `HTMLElement` is the intended and safer pattern.

Fix in Cursor | Fix in VSCode Claude

(Use Cmd/Ctrl + Click for best experience)

Prompt for AI Agent 🤖

This is a comment left during a code review.

**Path:** superset-frontend/src/features/roles/RoleFormItems.tsx
**Line:** 57:57
**Comment:**
	*Null Pointer: `getPopupContainer` must always return an `HTMLElement`, but `closest('.ant-modal-content')` can return `null`. When that happens, the select popup mounting path can fail at runtime; add a fallback container (for example parent element or `document.body`) so the callback never returns null.

Validate the correctness of the flagged issue. If correct, How can I resolve this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask user if the user wants to fix the rest of the comments as well. if said yes, then fetch all the comments validate the correctness and implement a minimal fix

👍 | 👎

[bito-code-review]

The suggestion is valid and should be applied. The current implementation uses closest('.ant-modal-content'), which can return null, leading to potential runtime errors when the popup container is not found. To fix this, you should modify the getPopupContainer callback to provide a fallback container, such as document.body, ensuring it always returns an HTMLElement. Here's how you can update the code:

superset-frontend/src/features/roles/RoleFormItems.tsx

getPopupContainer={trigger => {
  const modalContent = trigger.closest('.ant-modal-content');
  return modalContent || document.body;
}}

[bito-code-review]

Code Review Agent Run #1f10a3

Actionable Suggestions - 0

Review Details

• Files reviewed - 1 · Commit Range: 76f3e1b..4b5de96

  • superset-frontend/src/features/roles/RoleFormItems.tsx
• Files skipped - 0
• Tools

  • Whispers (Secret Scanner) - ✔︎ Successful
  • Detect-secrets (Secret Scanner) - ✔︎ Successful

---

Bito Usage Guide

Commands

Type the following command in the pull request comment and save the comment.

• /review - Manually triggers a full AI review.

• /pause - Pauses automatic reviews on this pull request.

• /resume - Resumes automatic reviews.

• /resolve - Marks all Bito-posted review comments as resolved.

• /abort - Cancels all in-progress reviews.

Refer to the documentation for additional commands.

Configuration

This repository uses Superset You can customize the agent settings here or contact your Bito workspace admin at evan@preset.io.

Documentation & Help

• Customize agent settings
• Review rules
• General documentation
• FAQ

AI Code Review powered by