Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(rls): Remove passing global username #20344

Merged

Conversation

john-bodley
Copy link
Member

@john-bodley john-bodley commented Jun 10, 2022

SUMMARY

I'm not well versed in the row level security logic, but it seems there's functionality of the form,

if hasattr(g, "user"):
    user = g.user
elif username:
    user = self.find_user(username=username)
else: 
    return []

to obtain the user associated with the RLS check. The issue is the optional username—which is used to set the user if no current user exists—was only specified once via get_username() which makes the the above logic behave like,

user = self.find_user(username=g.user.username if g.user else None)

which can be then refactored as,

user = g.user if hasattr(g, "user") else None

which makes the elif clause unnecessarily as it's captured in the if clause. Furthermore that g.user and self.find_user(...) can return None and so the else should also replaced with the short circuit logic in essence returning if and only if there is isn't a user defined.

Said logic was added in #19999 but was likely made obsolete by #19914.

This PR removes the optional username argument throughout the RLS code path.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

TESTING INSTRUCTIONS

CI.

ADDITIONAL INFORMATION

  • Has associated issue:
  • Required feature flags:
  • Changes UI
  • Includes DB Migration (follow approval process in SIP-59)
    • Migration is atomic, supports rollback & is backwards-compatible
    • Confirm DB migration upgrade and downgrade tested
    • Runtime estimates and downtime expectations provided
  • Introduces new feature or API
  • Removes existing feature or API

@john-bodley john-bodley force-pushed the john-bodley--cleanup-rls-username branch from cdf6c06 to 29f4512 Compare June 10, 2022 07:05
@codecov
Copy link

codecov bot commented Jun 10, 2022

Codecov Report

Merging #20344 (73ec46b) into master (ec331e6) will increase coverage by 0.06%.
The diff coverage is 61.41%.

❗ Current head 73ec46b differs from pull request most recent head da4fab6. Consider uploading reports for the commit da4fab6 to get more accurate results

@@            Coverage Diff             @@
##           master   #20344      +/-   ##
==========================================
+ Coverage   66.64%   66.70%   +0.06%     
==========================================
  Files        1738     1754      +16     
  Lines       65060    65593     +533     
  Branches     6885     6938      +53     
==========================================
+ Hits        43360    43756     +396     
- Misses      19953    20079     +126     
- Partials     1747     1758      +11     
Flag Coverage Δ
hive 53.78% <ø> (+0.06%) ⬆️
mysql ?
postgres 82.43% <ø> (+0.07%) ⬆️
presto ?
python 82.70% <ø> (-0.09%) ⬇️
sqlite 82.22% <ø> (+0.12%) ⬆️
unit ?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
...art-controls/src/operators/contributionOperator.ts 100.00% <ø> (ø)
...ui-chart-controls/src/operators/flattenOperator.ts 100.00% <ø> (ø)
...t-ui-chart-controls/src/operators/pivotOperator.ts 100.00% <ø> (ø)
...ui-chart-controls/src/operators/prophetOperator.ts 100.00% <ø> (ø)
...i-chart-controls/src/operators/resampleOperator.ts 100.00% <ø> (ø)
...controls/src/operators/timeComparePivotOperator.ts 100.00% <ø> (ø)
...ui-core/src/chart/components/FallbackComponent.tsx 100.00% <ø> (ø)
...superset-ui-core/src/query/types/PostProcessing.ts 100.00% <ø> (ø)
.../superset-ui-core/src/query/types/QueryFormData.ts 100.00% <ø> (ø)
...set-ui-core/src/ui-overrides/UiOverrideRegistry.ts 100.00% <ø> (ø)
... and 281 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update ec331e6...da4fab6. Read the comment docs.

@john-bodley
Copy link
Member Author

ping @betodealmeida

@pull-request-size pull-request-size bot added size/M and removed size/S labels Jun 25, 2022
Copy link
Member

@zhaoyongjie zhaoyongjie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@john-bodley john-bodley merged commit ad308fb into apache:master Jul 5, 2022
@john-bodley john-bodley deleted the john-bodley--cleanup-rls-username branch July 5, 2022 17:52
john-bodley added a commit to airbnb/superset-fork that referenced this pull request Jul 7, 2022
* chore(rls): Remove passing global username

* Update manager.py

* Update manager.py

* Update manager.py

* Update manager.py

Co-authored-by: John Bodley <[email protected]>
(cherry picked from commit ad308fb)
akshatsri pushed a commit to charan1314/superset that referenced this pull request Jul 19, 2022
* chore(rls): Remove passing global username

* Update manager.py

* Update manager.py

* Update manager.py

* Update manager.py

Co-authored-by: John Bodley <[email protected]>
@mistercrunch mistercrunch added 🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels 🚢 2.1.0 labels Mar 13, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
🏷️ bot A label used by `supersetbot` to keep track of which PR where auto-tagged with release labels size/M 🚢 2.1.0
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants