Fix: Include RLS filters for cache keys #10805
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This fix makes sure that RLS filters are searched for templatable jinja content, ensuring cached visualizations aren't shown to the wrong user.
Codecov Report
@@ Coverage Diff @@
## master #10805 +/- ##
==========================================
- Coverage 65.51% 61.24% -4.28%
==========================================
Files 802 802
Lines 37815 37815
Branches 3557 3557
==========================================
- Hits 24775 23158 -1617
- Misses 12936 14471 +1535
- Partials 104 186 +82
Flags with carried forward coverage won't be shown. Click here to find out more.
Continue to review full report at Codecov.
|
amitmiran137
approved these changes
Sep 7, 2020
villebro
approved these changes
Sep 7, 2020
villebro
requested changes
Sep 7, 2020
This fix makes sure that RLS filters are searched for templatable jinja content, ensuring cached visualizations aren't shown to the wrong user. Co-authored-by: Ville Brofeldt <[email protected]>
|
Thanks for fixing it @villebro . I don't have a dev system set up for Superset, and I almost never do anything in Python. Never use GitHub either (this is my first PR!) |
amitmiran137
pushed a commit
to ofekisr/incubator-superset
that referenced
this pull request
Sep 7, 2020
…boards_permissions * upstream/master: (32 commits) docs: Add a note to contributing.md on reporting security vulnerabilities (apache#10796) Fix: Include RLS filters for cache keys (apache#10805) feat: filters for database list view (apache#10772) fix: MVC show saved query (apache#10781) added creator column and adjusted order columns (apache#10789) security: disallow uuid package on jinja2 (apache#10794) feat: CRUD REST API for saved queries (apache#10777) fix: disable domain sharding on explore view (apache#10787) fix: can not type `0.05` in `TextControl` (apache#10778) fix: pivot table timestamp grouping (apache#10774) fix: add validator information to email/slack alerts (apache#10762) More Label touchups (margins) (apache#10722) fix: dashboard extra filters (apache#10692) fix: re-installing local superset in cache image (apache#10766) feat: SIP-34 table list view for databases (apache#10705) refactor: convert DatasetList schema filter to use new distinct api (apache#10746) chore: removing fsevents dependency (apache#10751) Fix precommit hook for docs/installation.rst (apache#10759) feat(database): POST, PUT, DELETE API endpoints (apache#10741) docs: Update OAuth configuration in installation.rst (apache#10748) ...
6 tasks
dpgaspar
pushed a commit
to preset-io/superset
that referenced
this pull request
Sep 10, 2020
* Fix: Include RLS filters for cache keys This fix makes sure that RLS filters are searched for templatable jinja content, ensuring cached visualizations aren't shown to the wrong user. * Fix: Include RLS filters for cache keys This fix makes sure that RLS filters are searched for templatable jinja content, ensuring cached visualizations aren't shown to the wrong user. Co-authored-by: Ville Brofeldt <[email protected]> Co-authored-by: Ville Brofeldt <[email protected]>
villebro
added a commit
to preset-io/superset
that referenced
this pull request
Sep 11, 2020
* Fix: Include RLS filters for cache keys This fix makes sure that RLS filters are searched for templatable jinja content, ensuring cached visualizations aren't shown to the wrong user. * Fix: Include RLS filters for cache keys This fix makes sure that RLS filters are searched for templatable jinja content, ensuring cached visualizations aren't shown to the wrong user. Co-authored-by: Ville Brofeldt <[email protected]> Co-authored-by: Ville Brofeldt <[email protected]>
villebro
added a commit
that referenced
this pull request
Sep 11, 2020
* Fix: Include RLS filters for cache keys This fix makes sure that RLS filters are searched for templatable jinja content, ensuring cached visualizations aren't shown to the wrong user. * Fix: Include RLS filters for cache keys This fix makes sure that RLS filters are searched for templatable jinja content, ensuring cached visualizations aren't shown to the wrong user. Co-authored-by: Ville Brofeldt <[email protected]> Co-authored-by: Ville Brofeldt <[email protected]>
villebro
added a commit
that referenced
this pull request
Sep 16, 2020
* Fix: Include RLS filters for cache keys This fix makes sure that RLS filters are searched for templatable jinja content, ensuring cached visualizations aren't shown to the wrong user. * Fix: Include RLS filters for cache keys This fix makes sure that RLS filters are searched for templatable jinja content, ensuring cached visualizations aren't shown to the wrong user. Co-authored-by: Ville Brofeldt <[email protected]> Co-authored-by: Ville Brofeldt <[email protected]>
auxten
pushed a commit
to auxten/incubator-superset
that referenced
this pull request
Nov 20, 2020
* Fix: Include RLS filters for cache keys This fix makes sure that RLS filters are searched for templatable jinja content, ensuring cached visualizations aren't shown to the wrong user. * Fix: Include RLS filters for cache keys This fix makes sure that RLS filters are searched for templatable jinja content, ensuring cached visualizations aren't shown to the wrong user. Co-authored-by: Ville Brofeldt <[email protected]> Co-authored-by: Ville Brofeldt <[email protected]>
cccs-rc
pushed a commit
to CybercentreCanada/superset
that referenced
this pull request
Mar 6, 2024
* Fix: Include RLS filters for cache keys This fix makes sure that RLS filters are searched for templatable jinja content, ensuring cached visualizations aren't shown to the wrong user. * Fix: Include RLS filters for cache keys This fix makes sure that RLS filters are searched for templatable jinja content, ensuring cached visualizations aren't shown to the wrong user. Co-authored-by: Ville Brofeldt <[email protected]> Co-authored-by: Ville Brofeldt <[email protected]>
mistercrunch
added
🍒 0.37.2
🏷️ bot
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fix makes sure that RLS filters are searched for templatable jinja content, ensuring cached visualizations aren't shown to the wrong user.
SUMMARY
I added a check to see if there are any RLS filters that are templated
BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
TEST PLAN
I haven't tried it with multiple layers of RLS (eg, a user has multiple roles, and each role has different RLS filters), so that may need to be tested.
ADDITIONAL INFORMATION