chore(rls): Remove passing global username (#20344)

* chore(rls): Remove passing global username * Update manager.py * Update manager.py * Update manager.py * Update manager.py Co-authored-by: John Bodley <john.bodley@airbnb.com>
2022-07-05 10:51:24 -07:00 · 2022-07-05 10:51:24 -07:00 · ad308fbde2
parent 92bf1b8ef6
commit ad308fbde2
5 changed files with 8 additions and 24 deletions
--- a/superset/connectors/sqla/models.py
+++ b/superset/connectors/sqla/models.py
@ -1169,7 +1169,6 @@ class SqlaTable(Model, BaseDatasource):  # pylint: disable=too-many-public-metho
    def get_sqla_row_level_filters(
        self,
        template_processor: BaseTemplateProcessor,
-        username: Optional[str] = None,
    ) -> List[TextClause]:
        """
        Return the appropriate row level security filters for this table and the
@ -1177,14 +1176,12 @@ class SqlaTable(Model, BaseDatasource):  # pylint: disable=too-many-public-metho
        Flask global namespace.

        :param template_processor: The template processor to apply to the filters.
-        :param username: Optional username if there's no user in the Flask global
-        namespace.
        :returns: A list of SQL clauses to be ANDed together.
        """
        all_filters: List[TextClause] = []
        filter_groups: Dict[Union[int, str], List[TextClause]] = defaultdict(list)
        try:
-            for filter_ in security_manager.get_rls_filters(self, username):
+            for filter_ in security_manager.get_rls_filters(self):
                clause = self.text(
                    f"({template_processor.process_template(filter_.clause)})"
                )
--- a/superset/security/manager.py
+++ b/superset/security/manager.py
@ -1147,25 +1147,16 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods
            ]
        return []

-    def get_rls_filters(
-        self,
-        table: "BaseDatasource",
-        username: Optional[str] = None,
-    ) -> List[SqlaQuery]:
+    def get_rls_filters(self, table: "BaseDatasource") -> List[SqlaQuery]:
        """
        Retrieves the appropriate row level security filters for the current user and
        the passed table.

-        :param BaseDatasource table: The table to check against.
-        :param Optional[str] username: Optional username if there's no user in the Flask
-        global namespace.
+        :param table: The table to check against
        :returns: A list of filters
        """
-        if hasattr(g, "user"):
-            user = g.user
-        elif username:
-            user = self.find_user(username=username)
-        else:
+
+        if not (hasattr(g, "user") and g.user is not None):
            return []

        # pylint: disable=import-outside-toplevel
@ -1175,7 +1166,7 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods
            RowLevelSecurityFilter,
        )

-        user_roles = [role.id for role in self.get_user_roles(user)]
+        user_roles = [role.id for role in self.get_user_roles(g.user)]
        regular_filter_roles = (
            self.get_session()
            .query(RLSFilterRoles.c.rls_filter_id)
--- a/superset/sql_lab.py
+++ b/superset/sql_lab.py
@ -208,7 +208,6 @@ def execute_sql_statement(  # pylint: disable=too-many-arguments,too-many-statem
                    parsed_query._parsed[0],  # pylint: disable=protected-access
                    database.id,
                    query.schema,
-                    username=get_username(),
                )
            )
        )
--- a/superset/sql_parse.py
+++ b/superset/sql_parse.py
@ -553,7 +553,6 @@ def get_rls_for_table(
    candidate: Token,
    database_id: int,
    default_schema: Optional[str],
-    username: Optional[str] = None,
 ) -> Optional[TokenList]:
    """
    Given a table name, return any associated RLS predicates.
@ -586,7 +585,7 @@ def get_rls_for_table(
    template_processor = dataset.get_template_processor()
    predicate = " AND ".join(
        str(filter_)
-        for filter_ in dataset.get_sqla_row_level_filters(template_processor, username)
+        for filter_ in dataset.get_sqla_row_level_filters(template_processor)
    )
    if not predicate:
        return None
@ -601,7 +600,6 @@ def insert_rls(
    token_list: TokenList,
    database_id: int,
    default_schema: Optional[str],
-    username: Optional[str] = None,
 ) -> TokenList:
    """
    Update a statement inplace applying any associated RLS predicates.
@ -623,7 +621,7 @@ def insert_rls(
        elif state == InsertRLSState.SEEN_SOURCE and (
            isinstance(token, Identifier) or token.ttype == Keyword
        ):
-            rls = get_rls_for_table(token, database_id, default_schema, username)
+            rls = get_rls_for_table(token, database_id, default_schema)
            if rls:
                state = InsertRLSState.FOUND_TABLE

--- a/tests/unit_tests/sql_parse_tests.py
+++ b/tests/unit_tests/sql_parse_tests.py
@ -1409,7 +1409,6 @@ def test_insert_rls(
        candidate: Token,
        database_id: int,
        default_schema: str,
-        username: Optional[str] = None,
    ) -> Optional[TokenList]:
        """
        Return the RLS ``condition`` if ``candidate`` matches ``table``.