You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@superset.apache.org by mi...@apache.org on 2024/03/19 11:54:29 UTC
(superset) branch 3.1 updated (63a3feced4 -> ae942dddc3)
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a change to branch 3.1
in repository https://gitbox.apache.org/repos/asf/superset.git
omit 63a3feced4 Revert "feat(sqlparse): improve table parsing (#26476)"
omit fad32cf4ae Revert "fix(sqlglot): Address regressions introduced in #26476 (#27217)"
new 1136606453 fix(deps): resolving canvg and html2canvas module not found (#27315)
new 09caaca251 fix(Alerts & Reports): Fixing bug that resets cron value to default when empty (#27262)
new a15975d3af fix(dashboard): Only fetch CSS templates for dashboard header menu when in edit mode (#27411)
new 553a469dba fix(webpack): remove double-dotted file extensions in webpack config (#27471)
new 51f904c42c fix: check if guest user modified query (#27484)
new f1f20e436c fix(postprocessing): resample with holes (#27487)
new ea83e9f9a7 fix(alerts/reports): implementing custom_width as an Antd number input (#27260)
new 8274d869b1 feat: `improve _extract_tables_from_sql` (#26748)
new ae942dddc3 fix: pass valid SQL to SM (#27464)
This update added new revisions after undoing existing revisions.
That is to say, some revisions that were in the old version of the
branch are not in the new version. This situation occurs
when a user --force pushes a change and generates a repository
containing something like this:
* -- * -- B -- O -- O -- O (63a3feced4)
\
N -- N -- N refs/heads/3.1 (ae942dddc3)
You should already have received notification emails for all of the O
revisions, and so the following emails describe only the N revisions
from the common base, B.
Any revisions marked "omit" are not gone; other references still
refer to them. Any revisions marked "discard" are gone forever.
The 9 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails. The revisions
listed as "add" were already present in the repository and have only
been added to this reference.
Summary of changes:
requirements/base.txt | 15 +-
requirements/testing.txt | 2 -
setup.py | 1 +
superset-frontend/package-lock.json | 40 +---
.../components/CssEditor/CssEditor.test.tsx | 54 +++--
.../src/dashboard/components/CssEditor/index.jsx | 25 +-
.../Header/HeaderActionsDropdown/index.jsx | 27 +--
.../src/features/alerts/AlertReportModal.tsx | 16 +-
superset-frontend/webpack.config.js | 4 +-
superset/commands/dataset/duplicate.py | 5 +-
superset/commands/sql_lab/export.py | 5 +-
superset/connectors/sqla/models.py | 2 +-
superset/connectors/sqla/utils.py | 2 +-
superset/db_engine_specs/base.py | 12 +-
superset/db_engine_specs/bigquery.py | 2 +-
superset/models/helpers.py | 2 +-
superset/models/sql_lab.py | 6 +-
superset/security/manager.py | 94 ++++++--
superset/sql_lab.py | 11 +-
superset/sql_parse.py | 265 ++++++++++++++-------
superset/sql_validators/presto_db.py | 4 +-
superset/sqllab/query_render.py | 6 +-
superset/utils/pandas_postprocessing/resample.py | 5 +-
.../unit_tests/commands/dataset}/__init__.py | 0
tests/unit_tests/jinja_context_test.py | 8 +
.../pandas_postprocessing/test_resample.py | 54 ++++-
tests/unit_tests/security/manager_test.py | 148 ++++++++++--
tests/unit_tests/sql_parse_tests.py | 95 ++++++--
28 files changed, 653 insertions(+), 257 deletions(-)
copy {superset/advanced_data_type => tests/unit_tests/commands/dataset}/__init__.py (100%)
(superset) 07/09: fix(alerts/reports): implementing custom_width as an Antd number input (#27260)
Posted by mi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch 3.1
in repository https://gitbox.apache.org/repos/asf/superset.git
commit ea83e9f9a7e7e23dd9e4e5144e46e35eefb8b1e7
Author: Jack <41...@users.noreply.github.com>
AuthorDate: Fri Mar 15 13:10:00 2024 -0500
fix(alerts/reports): implementing custom_width as an Antd number input (#27260)
---
superset-frontend/src/features/alerts/AlertReportModal.tsx | 14 ++++++++++----
1 file changed, 10 insertions(+), 4 deletions(-)
diff --git a/superset-frontend/src/features/alerts/AlertReportModal.tsx b/superset-frontend/src/features/alerts/AlertReportModal.tsx
index f836599ca4..ebc85db78b 100644
--- a/superset-frontend/src/features/alerts/AlertReportModal.tsx
+++ b/superset-frontend/src/features/alerts/AlertReportModal.tsx
@@ -36,7 +36,7 @@ import rison from 'rison';
import { useSingleViewResource } from 'src/views/CRUD/hooks';
import Icons from 'src/components/Icons';
-import { Input } from 'src/components/Input';
+import { Input, InputNumber } from 'src/components/Input';
import { Switch } from 'src/components/Switch';
import Modal from 'src/components/Modal';
import TimezoneSelector from 'src/components/TimezoneSelector';
@@ -890,6 +890,10 @@ const AlertReportModal: FunctionComponent<AlertReportModalProps> = ({
updateAlertState(name, parsedValue);
};
+ const onCustomWidthChange = (value: number | null | undefined) => {
+ updateAlertState('custom_width', value);
+ };
+
const onTimeoutVerifyChange = (
event: React.ChangeEvent<HTMLTextAreaElement | HTMLInputElement>,
) => {
@@ -1504,14 +1508,16 @@ const AlertReportModal: FunctionComponent<AlertReportModalProps> = ({
{TRANSLATIONS.CUSTOM_SCREENSHOT_WIDTH_TEXT}
</div>
<div className="input-container">
- <Input
+ <InputNumber
type="number"
name="custom_width"
- value={currentAlert?.custom_width || ''}
+ value={currentAlert?.custom_width || undefined}
+ min={600}
+ max={2400}
placeholder={
TRANSLATIONS.CUSTOM_SCREENSHOT_WIDTH_PLACEHOLDER_TEXT
}
- onChange={onInputChange}
+ onChange={onCustomWidthChange}
/>
</div>
</StyledInputContainer>
(superset) 08/09: feat: `improve _extract_tables_from_sql` (#26748)
Posted by mi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch 3.1
in repository https://gitbox.apache.org/repos/asf/superset.git
commit 8274d869b1d5a7bbe1992b9dc91b7c8d233f4740
Author: Beto Dealmeida <ro...@dealmeida.net>
AuthorDate: Mon Mar 18 13:02:58 2024 -0400
feat: `improve _extract_tables_from_sql` (#26748)
---
superset/sql_parse.py | 18 +++++++++++++---
tests/unit_tests/jinja_context_test.py | 8 ++++++++
tests/unit_tests/security/manager_test.py | 1 +
tests/unit_tests/sql_parse_tests.py | 34 ++++++++++++++++++++++++++-----
4 files changed, 53 insertions(+), 8 deletions(-)
diff --git a/superset/sql_parse.py b/superset/sql_parse.py
index c85afc9460..49ee4c491f 100644
--- a/superset/sql_parse.py
+++ b/superset/sql_parse.py
@@ -25,6 +25,7 @@ from dataclasses import dataclass
from typing import Any, cast, Optional
import sqlparse
+from flask_babel import gettext as __
from sqlalchemy import and_
from sqlglot import exp, parse, parse_one
from sqlglot.dialects import Dialects
@@ -55,7 +56,11 @@ from sqlparse.tokens import (
)
from sqlparse.utils import imt
-from superset.exceptions import QueryClauseValidationException
+from superset.errors import ErrorLevel, SupersetError, SupersetErrorType
+from superset.exceptions import (
+ QueryClauseValidationException,
+ SupersetSecurityException,
+)
from superset.utils.backports import StrEnum
try:
@@ -287,9 +292,16 @@ class ParsedQuery:
"""
try:
statements = parse(self.stripped(), dialect=self._dialect)
- except SqlglotError:
+ except SqlglotError as ex:
logger.warning("Unable to parse SQL (%s): %s", self._dialect, self.sql)
- return set()
+ dialect = self._dialect or "generic"
+ raise SupersetSecurityException(
+ SupersetError(
+ error_type=SupersetErrorType.QUERY_SECURITY_ACCESS_ERROR,
+ message=__(f"Unable to parse SQL ({dialect}): {self.sql}"),
+ level=ErrorLevel.ERROR,
+ )
+ ) from ex
return {
table
diff --git a/tests/unit_tests/jinja_context_test.py b/tests/unit_tests/jinja_context_test.py
index e2a5e8cd49..bbd9bcf06c 100644
--- a/tests/unit_tests/jinja_context_test.py
+++ b/tests/unit_tests/jinja_context_test.py
@@ -90,6 +90,14 @@ def test_dataset_macro(mocker: MockFixture) -> None:
)
DatasetDAO = mocker.patch("superset.daos.dataset.DatasetDAO")
DatasetDAO.find_by_id.return_value = dataset
+ mocker.patch(
+ "superset.connectors.sqla.models.security_manager.get_guest_rls_filters",
+ return_value=[],
+ )
+ mocker.patch(
+ "superset.models.helpers.security_manager.get_guest_rls_filters",
+ return_value=[],
+ )
assert (
dataset_macro(1)
diff --git a/tests/unit_tests/security/manager_test.py b/tests/unit_tests/security/manager_test.py
index 5a06013a68..325531c25b 100644
--- a/tests/unit_tests/security/manager_test.py
+++ b/tests/unit_tests/security/manager_test.py
@@ -202,6 +202,7 @@ def test_raise_for_access_query_default_schema(
sm = SupersetSecurityManager(appbuilder)
mocker.patch.object(sm, "can_access_database", return_value=False)
mocker.patch.object(sm, "get_schema_perm", return_value="[PostgreSQL].[public]")
+ mocker.patch.object(sm, "is_guest_user", return_value=False)
SqlaTable = mocker.patch("superset.connectors.sqla.models.SqlaTable")
SqlaTable.query_datasources_by_name.return_value = []
diff --git a/tests/unit_tests/sql_parse_tests.py b/tests/unit_tests/sql_parse_tests.py
index 2d2448c2fa..fc1ae1b231 100644
--- a/tests/unit_tests/sql_parse_tests.py
+++ b/tests/unit_tests/sql_parse_tests.py
@@ -25,7 +25,10 @@ from sqlalchemy import text
from sqlparse.sql import Identifier, Token, TokenList
from sqlparse.tokens import Name
-from superset.exceptions import QueryClauseValidationException
+from superset.exceptions import (
+ QueryClauseValidationException,
+ SupersetSecurityException,
+)
from superset.sql_parse import (
add_table_name,
extract_table_references,
@@ -265,13 +268,34 @@ def test_extract_tables_illdefined() -> None:
"""
Test that ill-defined tables return an empty set.
"""
- assert extract_tables("SELECT * FROM schemaname.") == set()
- assert extract_tables("SELECT * FROM catalogname.schemaname.") == set()
- assert extract_tables("SELECT * FROM catalogname..") == set()
+ with pytest.raises(SupersetSecurityException) as excinfo:
+ extract_tables("SELECT * FROM schemaname.")
+ assert (
+ str(excinfo.value) == "Unable to parse SQL (generic): SELECT * FROM schemaname."
+ )
+
+ with pytest.raises(SupersetSecurityException) as excinfo:
+ extract_tables("SELECT * FROM catalogname.schemaname.")
+ assert (
+ str(excinfo.value)
+ == "Unable to parse SQL (generic): SELECT * FROM catalogname.schemaname."
+ )
+
+ with pytest.raises(SupersetSecurityException) as excinfo:
+ extract_tables("SELECT * FROM catalogname..")
+ assert (
+ str(excinfo.value)
+ == "Unable to parse SQL (generic): SELECT * FROM catalogname.."
+ )
+
+ with pytest.raises(SupersetSecurityException) as excinfo:
+ extract_tables('SELECT * FROM "tbname')
+ assert str(excinfo.value) == 'Unable to parse SQL (generic): SELECT * FROM "tbname'
+
+ # odd edge case that works
assert extract_tables("SELECT * FROM catalogname..tbname") == {
Table(table="tbname", schema=None, catalog="catalogname")
}
- assert extract_tables('SELECT * FROM "tbname') == set()
def test_extract_tables_show_tables_from() -> None:
(superset) 01/09: fix(deps): resolving canvg and html2canvas module not found (#27315)
Posted by mi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch 3.1
in repository https://gitbox.apache.org/repos/asf/superset.git
commit 113660645313333cd6751881e2ad15cea0ee86f4
Author: Jack <41...@users.noreply.github.com>
AuthorDate: Sun Mar 3 18:26:17 2024 -0600
fix(deps): resolving canvg and html2canvas module not found (#27315)
(cherry picked from commit 5915851ba308ce06a914f173fba8b0c47c4e32c0)
---
superset-frontend/package-lock.json | 40 ++++++++++---------------------------
1 file changed, 10 insertions(+), 30 deletions(-)
diff --git a/superset-frontend/package-lock.json b/superset-frontend/package-lock.json
index 0a4ed84d6c..0576427e07 100644
--- a/superset-frontend/package-lock.json
+++ b/superset-frontend/package-lock.json
@@ -19620,8 +19620,7 @@
"node_modules/@types/raf": {
"version": "3.4.2",
"resolved": "https://registry.npmjs.org/@types/raf/-/raf-3.4.2.tgz",
- "integrity": "sha512-sM4HyDVlDFl4goOXPF+g9nNHJFZQGot+HgySjM4cRjqXzjdatcEvYrtG4Ia8XumR9T6k8G2tW9B7hnUj51Uf0A==",
- "optional": true
+ "integrity": "sha512-sM4HyDVlDFl4goOXPF+g9nNHJFZQGot+HgySjM4cRjqXzjdatcEvYrtG4Ia8XumR9T6k8G2tW9B7hnUj51Uf0A=="
},
"node_modules/@types/range-parser": {
"version": "1.2.4",
@@ -23903,7 +23902,6 @@
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/base64-arraybuffer/-/base64-arraybuffer-1.0.2.tgz",
"integrity": "sha512-I3yl4r9QB5ZRY3XuJVEPfc2XhZO6YweFPI+UovAzn+8/hb3oJ6lnysaFcjVpkCPfVWFUDvoZ8kmVDP7WyRtYtQ==",
- "optional": true,
"engines": {
"node": ">= 0.6.0"
}
@@ -25049,7 +25047,6 @@
"version": "3.0.10",
"resolved": "https://registry.npmjs.org/canvg/-/canvg-3.0.10.tgz",
"integrity": "sha512-qwR2FRNO9NlzTeKIPIKpnTY6fqwuYSequ8Ru8c0YkYU7U0oW+hLUvWadLvAu1Rl72OMNiFhoLu4f8eUjQ7l/+Q==",
- "optional": true,
"dependencies": {
"@babel/runtime": "^7.12.5",
"@types/raf": "^3.4.0",
@@ -27026,7 +27023,6 @@
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/css-line-break/-/css-line-break-2.1.0.tgz",
"integrity": "sha512-FHcKFCZcAha3LwfVBhCQbW2nCNbkZXn7KVUJcsT5/P8YmfsVja0FMPJr0B903j/E69HUphKiV9iQArX8SDYA4w==",
- "optional": true,
"dependencies": {
"utrie": "^1.0.2"
}
@@ -35230,7 +35226,6 @@
"version": "1.4.1",
"resolved": "https://registry.npmjs.org/html2canvas/-/html2canvas-1.4.1.tgz",
"integrity": "sha512-fPU6BHNpsyIhr8yyMpTLLxAbkaK8ArIBcmZIRiBLiDhjeqvXolaEmDGmELFuX9I4xDcaKKcJl+TKZLqruBbmWA==",
- "optional": true,
"dependencies": {
"css-line-break": "^2.1.0",
"text-segmentation": "^1.0.3"
@@ -40302,13 +40297,13 @@
"@babel/runtime": "^7.14.0",
"atob": "^2.1.2",
"btoa": "^1.2.1",
- "fflate": "^0.4.8"
+ "canvg": "^3.0.6",
+ "fflate": "^0.4.8",
+ "html2canvas": "^1.0.0-rc.5"
},
"optionalDependencies": {
- "canvg": "^3.0.6",
"core-js": "^3.6.0",
- "dompurify": "^2.2.0",
- "html2canvas": "^1.0.0-rc.5"
+ "dompurify": "^2.2.0"
}
},
"node_modules/jsprim": {
@@ -54151,7 +54146,6 @@
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/rgbcolor/-/rgbcolor-1.0.1.tgz",
"integrity": "sha512-9aZLIrhRaD97sgVhtJOW6ckOEh6/GnvQtdVNfdZ6s67+3/XwLS9lBcQYzEEhYVeUowN7pRzMLsyGhK2i/xvWbw==",
- "optional": true,
"engines": {
"node": ">= 0.8.15"
}
@@ -55553,7 +55547,6 @@
"version": "2.6.0",
"resolved": "https://registry.npmjs.org/stackblur-canvas/-/stackblur-canvas-2.6.0.tgz",
"integrity": "sha512-8S1aIA+UoF6erJYnglGPug6MaHYGo1Ot7h5fuXx4fUPvcvQfcdw2o/ppCse63+eZf8PPidSu4v1JnmEVtEDnpg==",
- "optional": true,
"engines": {
"node": ">=0.1.14"
}
@@ -56277,7 +56270,6 @@
"version": "6.0.3",
"resolved": "https://registry.npmjs.org/svg-pathdata/-/svg-pathdata-6.0.3.tgz",
"integrity": "sha512-qsjeeq5YjBZ5eMdFuUa4ZosMLxgr5RZ+F+Y1OrDhuOCEInRMA3x74XdBtggJcj9kOeInz0WE+LgCPDkZFlBYJw==",
- "optional": true,
"engines": {
"node": ">=12.0.0"
}
@@ -57118,7 +57110,6 @@
"version": "1.0.3",
"resolved": "https://registry.npmjs.org/text-segmentation/-/text-segmentation-1.0.3.tgz",
"integrity": "sha512-iOiPUo/BGnZ6+54OsWxZidGCsdU8YbE4PSpdPinp7DeMtUJNJBoJ/ouUSTJjHkh1KntHaltHl/gDs2FC4i5+Nw==",
- "optional": true,
"dependencies": {
"utrie": "^1.0.2"
}
@@ -58647,7 +58638,6 @@
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/utrie/-/utrie-1.0.2.tgz",
"integrity": "sha512-1MLa5ouZiOmQzUbjbu9VmjLzn1QLXBhwpUa7kdLUQK+KQ5KA9I1vk5U4YHe/X2Ch7PYnJfWuWT+VbuxbGwljhw==",
- "optional": true,
"dependencies": {
"base64-arraybuffer": "^1.0.2"
}
@@ -79592,8 +79582,7 @@
"@types/raf": {
"version": "3.4.2",
"resolved": "https://registry.npmjs.org/@types/raf/-/raf-3.4.2.tgz",
- "integrity": "sha512-sM4HyDVlDFl4goOXPF+g9nNHJFZQGot+HgySjM4cRjqXzjdatcEvYrtG4Ia8XumR9T6k8G2tW9B7hnUj51Uf0A==",
- "optional": true
+ "integrity": "sha512-sM4HyDVlDFl4goOXPF+g9nNHJFZQGot+HgySjM4cRjqXzjdatcEvYrtG4Ia8XumR9T6k8G2tW9B7hnUj51Uf0A=="
},
"@types/range-parser": {
"version": "1.2.4",
@@ -83012,8 +83001,7 @@
"base64-arraybuffer": {
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/base64-arraybuffer/-/base64-arraybuffer-1.0.2.tgz",
- "integrity": "sha512-I3yl4r9QB5ZRY3XuJVEPfc2XhZO6YweFPI+UovAzn+8/hb3oJ6lnysaFcjVpkCPfVWFUDvoZ8kmVDP7WyRtYtQ==",
- "optional": true
+ "integrity": "sha512-I3yl4r9QB5ZRY3XuJVEPfc2XhZO6YweFPI+UovAzn+8/hb3oJ6lnysaFcjVpkCPfVWFUDvoZ8kmVDP7WyRtYtQ=="
},
"base64-js": {
"version": "1.5.1",
@@ -83874,7 +83862,6 @@
"version": "3.0.10",
"resolved": "https://registry.npmjs.org/canvg/-/canvg-3.0.10.tgz",
"integrity": "sha512-qwR2FRNO9NlzTeKIPIKpnTY6fqwuYSequ8Ru8c0YkYU7U0oW+hLUvWadLvAu1Rl72OMNiFhoLu4f8eUjQ7l/+Q==",
- "optional": true,
"requires": {
"@babel/runtime": "^7.12.5",
"@types/raf": "^3.4.0",
@@ -85477,7 +85464,6 @@
"version": "2.1.0",
"resolved": "https://registry.npmjs.org/css-line-break/-/css-line-break-2.1.0.tgz",
"integrity": "sha512-FHcKFCZcAha3LwfVBhCQbW2nCNbkZXn7KVUJcsT5/P8YmfsVja0FMPJr0B903j/E69HUphKiV9iQArX8SDYA4w==",
- "optional": true,
"requires": {
"utrie": "^1.0.2"
}
@@ -91713,7 +91699,6 @@
"version": "1.4.1",
"resolved": "https://registry.npmjs.org/html2canvas/-/html2canvas-1.4.1.tgz",
"integrity": "sha512-fPU6BHNpsyIhr8yyMpTLLxAbkaK8ArIBcmZIRiBLiDhjeqvXolaEmDGmELFuX9I4xDcaKKcJl+TKZLqruBbmWA==",
- "optional": true,
"requires": {
"css-line-break": "^2.1.0",
"text-segmentation": "^1.0.3"
@@ -106145,8 +106130,7 @@
"rgbcolor": {
"version": "1.0.1",
"resolved": "https://registry.npmjs.org/rgbcolor/-/rgbcolor-1.0.1.tgz",
- "integrity": "sha512-9aZLIrhRaD97sgVhtJOW6ckOEh6/GnvQtdVNfdZ6s67+3/XwLS9lBcQYzEEhYVeUowN7pRzMLsyGhK2i/xvWbw==",
- "optional": true
+ "integrity": "sha512-9aZLIrhRaD97sgVhtJOW6ckOEh6/GnvQtdVNfdZ6s67+3/XwLS9lBcQYzEEhYVeUowN7pRzMLsyGhK2i/xvWbw=="
},
"rimraf": {
"version": "3.0.2",
@@ -107303,8 +107287,7 @@
"stackblur-canvas": {
"version": "2.6.0",
"resolved": "https://registry.npmjs.org/stackblur-canvas/-/stackblur-canvas-2.6.0.tgz",
- "integrity": "sha512-8S1aIA+UoF6erJYnglGPug6MaHYGo1Ot7h5fuXx4fUPvcvQfcdw2o/ppCse63+eZf8PPidSu4v1JnmEVtEDnpg==",
- "optional": true
+ "integrity": "sha512-8S1aIA+UoF6erJYnglGPug6MaHYGo1Ot7h5fuXx4fUPvcvQfcdw2o/ppCse63+eZf8PPidSu4v1JnmEVtEDnpg=="
},
"stackframe": {
"version": "1.2.1",
@@ -107851,8 +107834,7 @@
"svg-pathdata": {
"version": "6.0.3",
"resolved": "https://registry.npmjs.org/svg-pathdata/-/svg-pathdata-6.0.3.tgz",
- "integrity": "sha512-qsjeeq5YjBZ5eMdFuUa4ZosMLxgr5RZ+F+Y1OrDhuOCEInRMA3x74XdBtggJcj9kOeInz0WE+LgCPDkZFlBYJw==",
- "optional": true
+ "integrity": "sha512-qsjeeq5YjBZ5eMdFuUa4ZosMLxgr5RZ+F+Y1OrDhuOCEInRMA3x74XdBtggJcj9kOeInz0WE+LgCPDkZFlBYJw=="
},
"svgo": {
"version": "3.0.2",
@@ -108463,7 +108445,6 @@
"version": "1.0.3",
"resolved": "https://registry.npmjs.org/text-segmentation/-/text-segmentation-1.0.3.tgz",
"integrity": "sha512-iOiPUo/BGnZ6+54OsWxZidGCsdU8YbE4PSpdPinp7DeMtUJNJBoJ/ouUSTJjHkh1KntHaltHl/gDs2FC4i5+Nw==",
- "optional": true,
"requires": {
"utrie": "^1.0.2"
}
@@ -109565,7 +109546,6 @@
"version": "1.0.2",
"resolved": "https://registry.npmjs.org/utrie/-/utrie-1.0.2.tgz",
"integrity": "sha512-1MLa5ouZiOmQzUbjbu9VmjLzn1QLXBhwpUa7kdLUQK+KQ5KA9I1vk5U4YHe/X2Ch7PYnJfWuWT+VbuxbGwljhw==",
- "optional": true,
"requires": {
"base64-arraybuffer": "^1.0.2"
}
(superset) 02/09: fix(Alerts & Reports): Fixing bug that resets cron value to default when empty (#27262)
Posted by mi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch 3.1
in repository https://gitbox.apache.org/repos/asf/superset.git
commit 09caaca251575042ec4938463c8875f057c4fcff
Author: Jack <41...@users.noreply.github.com>
AuthorDate: Mon Mar 4 10:34:31 2024 -0600
fix(Alerts & Reports): Fixing bug that resets cron value to default when empty (#27262)
---
superset-frontend/src/features/alerts/AlertReportModal.tsx | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/superset-frontend/src/features/alerts/AlertReportModal.tsx b/superset-frontend/src/features/alerts/AlertReportModal.tsx
index e371efcf1b..f836599ca4 100644
--- a/superset-frontend/src/features/alerts/AlertReportModal.tsx
+++ b/superset-frontend/src/features/alerts/AlertReportModal.tsx
@@ -1358,7 +1358,7 @@ const AlertReportModal: FunctionComponent<AlertReportModalProps> = ({
<span className="required">*</span>
</StyledSectionTitle>
<AlertReportCronScheduler
- value={currentAlert?.crontab || ALERT_REPORTS_DEFAULT_CRON_VALUE}
+ value={currentAlert?.crontab || ''}
onChange={newVal => updateAlertState('crontab', newVal)}
/>
<div className="control-label">{TRANSLATIONS.TIMEZONE_TEXT}</div>
(superset) 04/09: fix(webpack): remove double-dotted file extensions in webpack config (#27471)
Posted by mi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch 3.1
in repository https://gitbox.apache.org/repos/asf/superset.git
commit 553a469dba6ec10347a39b35c22034a3911cee48
Author: Evan Rusackas <ev...@preset.io>
AuthorDate: Tue Mar 12 11:26:49 2024 -0600
fix(webpack): remove double-dotted file extensions in webpack config (#27471)
(cherry picked from commit 47ae9d4cc3ca94332cb14359fb8a306f91c2da60)
---
superset-frontend/webpack.config.js | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/superset-frontend/webpack.config.js b/superset-frontend/webpack.config.js
index 2fa922873e..9d67904862 100644
--- a/superset-frontend/webpack.config.js
+++ b/superset-frontend/webpack.config.js
@@ -404,7 +404,7 @@ const config = {
},
type: 'asset',
generator: {
- filename: '[name].[contenthash:8].[ext]',
+ filename: '[name].[contenthash:8][ext]',
},
},
{
@@ -432,7 +432,7 @@ const config = {
test: /\.(jpg|gif)$/,
type: 'asset/resource',
generator: {
- filename: '[name].[contenthash:8].[ext]',
+ filename: '[name].[contenthash:8][ext]',
},
},
/* for font-awesome */
(superset) 06/09: fix(postprocessing): resample with holes (#27487)
Posted by mi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch 3.1
in repository https://gitbox.apache.org/repos/asf/superset.git
commit f1f20e436c1cfc305c7c1e5e4295ce448d5a1149
Author: Ville Brofeldt <33...@users.noreply.github.com>
AuthorDate: Thu Mar 14 12:02:01 2024 -0700
fix(postprocessing): resample with holes (#27487)
(cherry picked from commit 7f19d296b16d8463931b42c8258600b210b56475)
---
superset/utils/pandas_postprocessing/resample.py | 5 +-
.../pandas_postprocessing/test_resample.py | 54 +++++++++++++++++++++-
2 files changed, 57 insertions(+), 2 deletions(-)
diff --git a/superset/utils/pandas_postprocessing/resample.py b/superset/utils/pandas_postprocessing/resample.py
index a82d7031e9..a689895bd6 100644
--- a/superset/utils/pandas_postprocessing/resample.py
+++ b/superset/utils/pandas_postprocessing/resample.py
@@ -43,13 +43,16 @@ def resample(
raise InvalidPostProcessingError(_("Resample operation requires DatetimeIndex"))
if method not in RESAMPLE_METHOD:
raise InvalidPostProcessingError(
- _("Resample method should in ") + ", ".join(RESAMPLE_METHOD) + "."
+ _("Resample method should be in ") + ", ".join(RESAMPLE_METHOD) + "."
)
if method == "asfreq" and fill_value is not None:
_df = df.resample(rule).asfreq(fill_value=fill_value)
+ _df = _df.fillna(fill_value)
elif method == "linear":
_df = df.resample(rule).interpolate()
else:
_df = getattr(df.resample(rule), method)()
+ if method in ("ffill", "bfill"):
+ _df = _df.fillna(method=method)
return _df
diff --git a/tests/unit_tests/pandas_postprocessing/test_resample.py b/tests/unit_tests/pandas_postprocessing/test_resample.py
index b1414c5fe8..207863ab87 100644
--- a/tests/unit_tests/pandas_postprocessing/test_resample.py
+++ b/tests/unit_tests/pandas_postprocessing/test_resample.py
@@ -21,7 +21,11 @@ from pandas import to_datetime
from superset.exceptions import InvalidPostProcessingError
from superset.utils import pandas_postprocessing as pp
-from tests.unit_tests.fixtures.dataframes import categories_df, timeseries_df
+from tests.unit_tests.fixtures.dataframes import (
+ categories_df,
+ timeseries_df,
+ timeseries_with_gap_df,
+)
def test_resample_should_not_side_effect():
@@ -63,6 +67,29 @@ def test_resample():
)
+def test_resample_ffill_with_gaps():
+ post_df = pp.resample(df=timeseries_with_gap_df, rule="1D", method="ffill")
+ assert post_df.equals(
+ pd.DataFrame(
+ index=pd.to_datetime(
+ [
+ "2019-01-01",
+ "2019-01-02",
+ "2019-01-03",
+ "2019-01-04",
+ "2019-01-05",
+ "2019-01-06",
+ "2019-01-07",
+ ]
+ ),
+ data={
+ "label": ["x", "y", "y", "y", "z", "z", "q"],
+ "y": [1.0, 2.0, 2.0, 2.0, 2.0, 2.0, 4.0],
+ },
+ )
+ )
+
+
def test_resample_zero_fill():
post_df = pp.resample(df=timeseries_df, rule="1D", method="asfreq", fill_value=0)
assert post_df.equals(
@@ -86,6 +113,31 @@ def test_resample_zero_fill():
)
+def test_resample_zero_fill_with_gaps():
+ post_df = pp.resample(
+ df=timeseries_with_gap_df, rule="1D", method="asfreq", fill_value=0
+ )
+ assert post_df.equals(
+ pd.DataFrame(
+ index=pd.to_datetime(
+ [
+ "2019-01-01",
+ "2019-01-02",
+ "2019-01-03",
+ "2019-01-04",
+ "2019-01-05",
+ "2019-01-06",
+ "2019-01-07",
+ ]
+ ),
+ data={
+ "label": ["x", "y", 0, 0, "z", 0, "q"],
+ "y": [1.0, 2.0, 0, 0, 0, 0, 4.0],
+ },
+ )
+ )
+
+
def test_resample_after_pivot():
df = pd.DataFrame(
data={
(superset) 05/09: fix: check if guest user modified query (#27484)
Posted by mi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch 3.1
in repository https://gitbox.apache.org/repos/asf/superset.git
commit 51f904c42cc1573059976c964a2d5bf945e2912b
Author: Beto Dealmeida <ro...@dealmeida.net>
AuthorDate: Tue Mar 12 21:28:06 2024 -0400
fix: check if guest user modified query (#27484)
(cherry picked from commit 735b895dd5e409bfc95406e847a82fd786d93a1d)
---
superset/security/manager.py | 85 +++++++++++++++++------
tests/unit_tests/security/manager_test.py | 112 +++++++++++++++++++++++++-----
2 files changed, 156 insertions(+), 41 deletions(-)
diff --git a/superset/security/manager.py b/superset/security/manager.py
index e6eb77e645..38f4e4bdfa 100644
--- a/superset/security/manager.py
+++ b/superset/security/manager.py
@@ -143,6 +143,56 @@ RoleModelView.edit_columns = ["name", "permissions", "user"]
RoleModelView.related_views = []
+def query_context_modified(query_context: "QueryContext") -> bool:
+ """
+ Check if a query context has been modified.
+
+ This is used to ensure guest users don't modify the payload and fetch data
+ different from what was shared with them in dashboards.
+ """
+ form_data = query_context.form_data
+ stored_chart = query_context.slice_
+
+ # sanity checks
+ if form_data is None or stored_chart is None:
+ return True
+
+ # cannot request a different chart
+ if form_data.get("slice_id") != stored_chart.id:
+ return True
+
+ # compare form_data
+ requested_metrics = {
+ frozenset(metric.items()) if isinstance(metric, dict) else metric
+ for metric in form_data.get("metrics") or []
+ }
+ stored_metrics = {
+ frozenset(metric.items()) if isinstance(metric, dict) else metric
+ for metric in stored_chart.params_dict.get("metrics") or []
+ }
+ if not requested_metrics.issubset(stored_metrics):
+ return True
+
+ # compare queries in query_context
+ queries_metrics = {
+ frozenset(metric.items()) if isinstance(metric, dict) else metric
+ for query in query_context.queries
+ for metric in query.metrics or []
+ }
+
+ if stored_chart.query_context:
+ stored_query_context = json.loads(cast(str, stored_chart.query_context))
+ for query in stored_query_context.get("queries") or []:
+ stored_metrics.update(
+ {
+ frozenset(metric.items()) if isinstance(metric, dict) else metric
+ for metric in query.get("metrics") or []
+ }
+ )
+
+ return not queries_metrics.issubset(stored_metrics)
+
+
class SupersetSecurityManager( # pylint: disable=too-many-public-methods
SecurityManager
):
@@ -1941,29 +1991,20 @@ class SupersetSecurityManager( # pylint: disable=too-many-public-methods
self.get_table_access_error_object(denied)
)
- if self.is_guest_user() and query_context:
- # Guest users MUST not modify the payload so it's requesting a different
- # chart or different ad-hoc metrics from what's saved.
- form_data = query_context.form_data
- stored_chart = query_context.slice_
-
- if (
- form_data is None
- or stored_chart is None
- or form_data.get("slice_id") != stored_chart.id
- or form_data.get("metrics", []) != stored_chart.params_dict["metrics"]
- or any(
- query.metrics != stored_chart.params_dict["metrics"]
- for query in query_context.queries
- )
- ):
- raise SupersetSecurityException(
- SupersetError(
- error_type=SupersetErrorType.DASHBOARD_SECURITY_ACCESS_ERROR,
- message=_("Guest user cannot modify chart payload"),
- level=ErrorLevel.ERROR,
- )
+ # Guest users MUST not modify the payload so it's requesting a
+ # different chart or different ad-hoc metrics from what's saved.
+ if (
+ query_context
+ and self.is_guest_user()
+ and query_context_modified(query_context)
+ ):
+ raise SupersetSecurityException(
+ SupersetError(
+ error_type=SupersetErrorType.DASHBOARD_SECURITY_ACCESS_ERROR,
+ message=_("Guest user cannot modify chart payload"),
+ level=ErrorLevel.ERROR,
)
+ )
if datasource or query_context or viz:
form_data = None
diff --git a/tests/unit_tests/security/manager_test.py b/tests/unit_tests/security/manager_test.py
index 7d2b9153a3..5a06013a68 100644
--- a/tests/unit_tests/security/manager_test.py
+++ b/tests/unit_tests/security/manager_test.py
@@ -15,6 +15,8 @@
# specific language governing permissions and limitations
# under the License.
+# pylint: disable=invalid-name, unused-argument, redefined-outer-name
+
import pytest
from flask_appbuilder.security.sqla.models import Role, User
from pytest_mock import MockFixture
@@ -25,6 +27,7 @@ from superset.exceptions import SupersetSecurityException
from superset.extensions import appbuilder
from superset.models.slice import Slice
from superset.security.manager import SupersetSecurityManager
+from superset.superset_typing import AdhocMetric
from superset.utils.core import override_user
@@ -36,12 +39,29 @@ def test_security_manager(app_context: None) -> None:
assert sm
-def test_raise_for_access_guest_user(
+@pytest.fixture
+def stored_metrics() -> list[AdhocMetric]:
+ """
+ Return a list of metrics.
+ """
+ return [
+ {
+ "column": None,
+ "expressionType": "SQL",
+ "hasCustomLabel": False,
+ "label": "COUNT(*) + 1",
+ "sqlExpression": "COUNT(*) + 1",
+ },
+ ]
+
+
+def test_raise_for_access_guest_user_ok(
mocker: MockFixture,
app_context: None,
+ stored_metrics: list[AdhocMetric],
) -> None:
"""
- Test that guest user can't modify chart payload.
+ Test that guest user can submit an unmodified chart payload.
"""
sm = SupersetSecurityManager(appbuilder)
mocker.patch.object(sm, "is_guest_user", return_value=True)
@@ -49,23 +69,11 @@ def test_raise_for_access_guest_user(
query_context = mocker.MagicMock()
query_context.slice_.id = 42
- stored_metrics = [
- {
- "aggregate": None,
- "column": None,
- "datasourceWarning": False,
- "expressionType": "SQL",
- "hasCustomLabel": False,
- "label": "COUNT(*) + 1",
- "optionName": "metric_ssa1gwimio_cxpyjc7vj3s",
- "sqlExpression": "COUNT(*) + 1",
- }
- ]
+ query_context.slice_.query_context = None
query_context.slice_.params_dict = {
"metrics": stored_metrics,
}
- # normal request
query_context.form_data = {
"slice_id": 42,
"metrics": stored_metrics,
@@ -73,7 +81,26 @@ def test_raise_for_access_guest_user(
query_context.queries = [QueryObject(metrics=stored_metrics)] # type: ignore
sm.raise_for_access(query_context=query_context)
- # tampered requests
+
+def test_raise_for_access_guest_user_tampered_id(
+ mocker: MockFixture,
+ app_context: None,
+ stored_metrics: list[AdhocMetric],
+) -> None:
+ """
+ Test that guest user cannot modify the chart ID.
+ """
+ sm = SupersetSecurityManager(appbuilder)
+ mocker.patch.object(sm, "is_guest_user", return_value=True)
+ mocker.patch.object(sm, "can_access", return_value=True)
+
+ query_context = mocker.MagicMock()
+ query_context.slice_.id = 42
+ query_context.slice_.query_context = None
+ query_context.slice_.params_dict = {
+ "metrics": stored_metrics,
+ }
+
query_context.form_data = {
"slice_id": 43,
"metrics": stored_metrics,
@@ -82,15 +109,32 @@ def test_raise_for_access_guest_user(
with pytest.raises(SupersetSecurityException):
sm.raise_for_access(query_context=query_context)
+
+def test_raise_for_access_guest_user_tampered_form_data(
+ mocker: MockFixture,
+ app_context: None,
+ stored_metrics: list[AdhocMetric],
+) -> None:
+ """
+ Test that guest user cannot modify metrics in the form data.
+ """
+ sm = SupersetSecurityManager(appbuilder)
+ mocker.patch.object(sm, "is_guest_user", return_value=True)
+ mocker.patch.object(sm, "can_access", return_value=True)
+
+ query_context = mocker.MagicMock()
+ query_context.slice_.id = 42
+ query_context.slice_.query_context = None
+ query_context.slice_.params_dict = {
+ "metrics": stored_metrics,
+ }
+
tampered_metrics = [
{
- "aggregate": None,
"column": None,
- "datasourceWarning": False,
"expressionType": "SQL",
"hasCustomLabel": False,
"label": "COUNT(*) + 2",
- "optionName": "metric_ssa1gwimio_cxpyjc7vj3s",
"sqlExpression": "COUNT(*) + 2",
}
]
@@ -102,6 +146,36 @@ def test_raise_for_access_guest_user(
with pytest.raises(SupersetSecurityException):
sm.raise_for_access(query_context=query_context)
+
+def test_raise_for_access_guest_user_tampered_queries(
+ mocker: MockFixture,
+ app_context: None,
+ stored_metrics: list[AdhocMetric],
+) -> None:
+ """
+ Test that guest user cannot modify metrics in the queries.
+ """
+ sm = SupersetSecurityManager(appbuilder)
+ mocker.patch.object(sm, "is_guest_user", return_value=True)
+ mocker.patch.object(sm, "can_access", return_value=True)
+
+ query_context = mocker.MagicMock()
+ query_context.slice_.id = 42
+ query_context.slice_.query_context = None
+ query_context.slice_.params_dict = {
+ "metrics": stored_metrics,
+ }
+
+ tampered_metrics = [
+ {
+ "column": None,
+ "expressionType": "SQL",
+ "hasCustomLabel": False,
+ "label": "COUNT(*) + 2",
+ "sqlExpression": "COUNT(*) + 2",
+ }
+ ]
+
query_context.form_data = {
"slice_id": 42,
"metrics": stored_metrics,
(superset) 03/09: fix(dashboard): Only fetch CSS templates for dashboard header menu when in edit mode (#27411)
Posted by mi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch 3.1
in repository https://gitbox.apache.org/repos/asf/superset.git
commit a15975d3af99c214d9ae930a9a973a5780e60892
Author: Mark Skelton <ma...@federato.ai>
AuthorDate: Fri Mar 8 07:21:36 2024 -0600
fix(dashboard): Only fetch CSS templates for dashboard header menu when in edit mode (#27411)
Co-authored-by: Michael S. Molina <mi...@gmail.com>
---
.../components/CssEditor/CssEditor.test.tsx | 54 +++++++++++++---------
.../src/dashboard/components/CssEditor/index.jsx | 25 ++++++++--
.../Header/HeaderActionsDropdown/index.jsx | 27 +----------
3 files changed, 55 insertions(+), 51 deletions(-)
diff --git a/superset-frontend/src/dashboard/components/CssEditor/CssEditor.test.tsx b/superset-frontend/src/dashboard/components/CssEditor/CssEditor.test.tsx
index 16b2a1afbb..28ac7672f6 100644
--- a/superset-frontend/src/dashboard/components/CssEditor/CssEditor.test.tsx
+++ b/superset-frontend/src/dashboard/components/CssEditor/CssEditor.test.tsx
@@ -21,6 +21,7 @@ import { render, screen, waitFor } from 'spec/helpers/testing-library';
import { CssEditor as AceCssEditor } from 'src/components/AsyncAceEditor';
import { IAceEditorProps } from 'react-ace';
import userEvent from '@testing-library/user-event';
+import fetchMock from 'fetch-mock';
import CssEditor from '.';
jest.mock('src/components/AsyncAceEditor', () => ({
@@ -33,46 +34,59 @@ jest.mock('src/components/AsyncAceEditor', () => ({
}));
const templates = [
- { label: 'Template A', css: 'background-color: red;' },
- { label: 'Template B', css: 'background-color: blue;' },
- { label: 'Template C', css: 'background-color: yellow;' },
+ { template_name: 'Template A', css: 'background-color: red;' },
+ { template_name: 'Template B', css: 'background-color: blue;' },
+ { template_name: 'Template C', css: 'background-color: yellow;' },
];
+fetchMock.get('glob:*/csstemplateasyncmodelview/api/read', {
+ result: templates,
+});
+
AceCssEditor.preload = () => new Promise(() => {});
-test('renders with default props', () => {
- render(<CssEditor triggerNode={<>Click</>} />);
+const defaultProps = {
+ triggerNode: <>Click</>,
+ addDangerToast: jest.fn(),
+};
+
+test('renders with default props', async () => {
+ await waitFor(() => render(<CssEditor {...defaultProps} />));
expect(screen.getByRole('button', { name: 'Click' })).toBeInTheDocument();
});
-test('renders with initial CSS', () => {
+test('renders with initial CSS', async () => {
const initialCss = 'margin: 10px;';
- render(<CssEditor triggerNode={<>Click</>} initialCss={initialCss} />);
+ await waitFor(() =>
+ render(<CssEditor {...defaultProps} initialCss={initialCss} />),
+ );
userEvent.click(screen.getByRole('button', { name: 'Click' }));
expect(screen.getByText(initialCss)).toBeInTheDocument();
});
test('renders with templates', async () => {
- render(<CssEditor triggerNode={<>Click</>} templates={templates} />);
+ await waitFor(() => render(<CssEditor {...defaultProps} />));
userEvent.click(screen.getByRole('button', { name: 'Click' }));
userEvent.hover(screen.getByText('Load a CSS template'));
await waitFor(() => {
templates.forEach(template =>
- expect(screen.getByText(template.label)).toBeInTheDocument(),
+ expect(screen.getByText(template.template_name)).toBeInTheDocument(),
);
});
});
-test('triggers onChange when using the editor', () => {
+test('triggers onChange when using the editor', async () => {
const onChange = jest.fn();
const initialCss = 'margin: 10px;';
const additionalCss = 'color: red;';
- render(
- <CssEditor
- triggerNode={<>Click</>}
- initialCss={initialCss}
- onChange={onChange}
- />,
+ await waitFor(() =>
+ render(
+ <CssEditor
+ {...defaultProps}
+ initialCss={initialCss}
+ onChange={onChange}
+ />,
+ ),
);
userEvent.click(screen.getByRole('button', { name: 'Click' }));
expect(onChange).not.toHaveBeenCalled();
@@ -82,12 +96,8 @@ test('triggers onChange when using the editor', () => {
test('triggers onChange when selecting a template', async () => {
const onChange = jest.fn();
- render(
- <CssEditor
- triggerNode={<>Click</>}
- templates={templates}
- onChange={onChange}
- />,
+ await waitFor(() =>
+ render(<CssEditor {...defaultProps} onChange={onChange} />),
);
userEvent.click(screen.getByRole('button', { name: 'Click' }));
userEvent.click(screen.getByText('Load a CSS template'));
diff --git a/superset-frontend/src/dashboard/components/CssEditor/index.jsx b/superset-frontend/src/dashboard/components/CssEditor/index.jsx
index ad12cb6c78..9fcd1768a8 100644
--- a/superset-frontend/src/dashboard/components/CssEditor/index.jsx
+++ b/superset-frontend/src/dashboard/components/CssEditor/index.jsx
@@ -21,7 +21,7 @@ import PropTypes from 'prop-types';
import { AntdDropdown } from 'src/components';
import { Menu } from 'src/components/Menu';
import Button from 'src/components/Button';
-import { t, styled } from '@superset-ui/core';
+import { t, styled, SupersetClient } from '@superset-ui/core';
import ModalTrigger from 'src/components/ModalTrigger';
import { CssEditor as AceCssEditor } from 'src/components/AsyncAceEditor';
@@ -47,7 +47,7 @@ const propTypes = {
initialCss: PropTypes.string,
triggerNode: PropTypes.node.isRequired,
onChange: PropTypes.func,
- templates: PropTypes.array,
+ addDangerToast: PropTypes.func.isRequired,
};
const defaultProps = {
@@ -60,6 +60,7 @@ class CssEditor extends React.PureComponent {
super(props);
this.state = {
css: props.initialCss,
+ templates: [],
};
this.changeCss = this.changeCss.bind(this);
this.changeCssTemplate = this.changeCssTemplate.bind(this);
@@ -67,6 +68,22 @@ class CssEditor extends React.PureComponent {
componentDidMount() {
AceCssEditor.preload();
+
+ SupersetClient.get({ endpoint: '/csstemplateasyncmodelview/api/read' })
+ .then(({ json }) => {
+ const templates = json.result.map(row => ({
+ value: row.template_name,
+ css: row.css,
+ label: row.template_name,
+ }));
+
+ this.setState({ templates });
+ })
+ .catch(() => {
+ this.props.addDangerToast(
+ t('An error occurred while fetching available CSS templates'),
+ );
+ });
}
changeCss(css) {
@@ -80,10 +97,10 @@ class CssEditor extends React.PureComponent {
}
renderTemplateSelector() {
- if (this.props.templates) {
+ if (this.state.templates) {
const menu = (
<Menu onClick={this.changeCssTemplate}>
- {this.props.templates.map(template => (
+ {this.state.templates.map(template => (
<Menu.Item key={template.css}>{template.label}</Menu.Item>
))}
</Menu>
diff --git a/superset-frontend/src/dashboard/components/Header/HeaderActionsDropdown/index.jsx b/superset-frontend/src/dashboard/components/Header/HeaderActionsDropdown/index.jsx
index b0d3fc251e..9c05b1ec76 100644
--- a/superset-frontend/src/dashboard/components/Header/HeaderActionsDropdown/index.jsx
+++ b/superset-frontend/src/dashboard/components/Header/HeaderActionsDropdown/index.jsx
@@ -19,12 +19,7 @@
import React from 'react';
import PropTypes from 'prop-types';
import { isEmpty } from 'lodash';
-import {
- isFeatureEnabled,
- FeatureFlag,
- SupersetClient,
- t,
-} from '@superset-ui/core';
+import { isFeatureEnabled, FeatureFlag, t } from '@superset-ui/core';
import { Menu } from 'src/components/Menu';
import { URL_PARAMS } from 'src/constants';
import ShareMenuItems from 'src/dashboard/components/menu/ShareMenuItems';
@@ -104,7 +99,6 @@ class HeaderActionsDropdown extends React.PureComponent {
super(props);
this.state = {
css: props.customCss,
- cssTemplates: [],
showReportSubMenu: null,
};
@@ -114,23 +108,6 @@ class HeaderActionsDropdown extends React.PureComponent {
this.setShowReportSubMenu = this.setShowReportSubMenu.bind(this);
}
- UNSAFE_componentWillMount() {
- SupersetClient.get({ endpoint: '/csstemplateasyncmodelview/api/read' })
- .then(({ json }) => {
- const cssTemplates = json.result.map(row => ({
- value: row.template_name,
- css: row.css,
- label: row.template_name,
- }));
- this.setState({ cssTemplates });
- })
- .catch(() => {
- this.props.addDangerToast(
- t('An error occurred while fetching available CSS templates'),
- );
- });
- }
-
UNSAFE_componentWillReceiveProps(nextProps) {
if (this.props.customCss !== nextProps.customCss) {
this.setState({ css: nextProps.customCss }, () => {
@@ -262,8 +239,8 @@ class HeaderActionsDropdown extends React.PureComponent {
<CssEditor
triggerNode={<span>{t('Edit CSS')}</span>}
initialCss={this.state.css}
- templates={this.state.cssTemplates}
onChange={this.changeCss}
+ addDangerToast={addDangerToast}
/>
</Menu.Item>
)}
(superset) 09/09: fix: pass valid SQL to SM (#27464)
Posted by mi...@apache.org.
This is an automated email from the ASF dual-hosted git repository.
michaelsmolina pushed a commit to branch 3.1
in repository https://gitbox.apache.org/repos/asf/superset.git
commit ae942dddc39e0c485e870a3b16dc3db8eebd2884
Author: Beto Dealmeida <ro...@dealmeida.net>
AuthorDate: Mon Mar 18 15:38:58 2024 -0400
fix: pass valid SQL to SM (#27464)
(cherry picked from commit 376bfd05bdba2bbc4bde2d209324105d0d408ee4)
---
superset/security/manager.py | 6 ++++-
tests/unit_tests/commands/dataset/__init__.py | 16 ++++++++++++
tests/unit_tests/security/manager_test.py | 35 +++++++++++++++++++++++++++
3 files changed, 56 insertions(+), 1 deletion(-)
diff --git a/superset/security/manager.py b/superset/security/manager.py
index 38f4e4bdfa..f125269fb9 100644
--- a/superset/security/manager.py
+++ b/superset/security/manager.py
@@ -59,6 +59,7 @@ from superset.exceptions import (
DatasetInvalidPermissionEvaluationException,
SupersetSecurityException,
)
+from superset.jinja_context import get_template_processor
from superset.security.guest_token import (
GuestToken,
GuestTokenResources,
@@ -1956,11 +1957,14 @@ class SupersetSecurityManager( # pylint: disable=too-many-public-methods
return
if query:
+ # make sure the quuery is valid SQL by rendering any Jinja
+ processor = get_template_processor(database=query.database)
+ rendered_sql = processor.process_template(query.sql)
default_schema = database.get_default_schema_for_query(query)
tables = {
Table(table_.table, table_.schema or default_schema)
for table_ in sql_parse.ParsedQuery(
- query.sql,
+ rendered_sql,
engine=database.db_engine_spec.engine,
).tables
}
diff --git a/tests/unit_tests/commands/dataset/__init__.py b/tests/unit_tests/commands/dataset/__init__.py
new file mode 100644
index 0000000000..13a83393a9
--- /dev/null
+++ b/tests/unit_tests/commands/dataset/__init__.py
@@ -0,0 +1,16 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
diff --git a/tests/unit_tests/security/manager_test.py b/tests/unit_tests/security/manager_test.py
index 325531c25b..22ec0dda4a 100644
--- a/tests/unit_tests/security/manager_test.py
+++ b/tests/unit_tests/security/manager_test.py
@@ -27,6 +27,7 @@ from superset.exceptions import SupersetSecurityException
from superset.extensions import appbuilder
from superset.models.slice import Slice
from superset.security.manager import SupersetSecurityManager
+from superset.sql_parse import Table
from superset.superset_typing import AdhocMetric
from superset.utils.core import override_user
@@ -245,6 +246,40 @@ def test_raise_for_access_query_default_schema(
)
+def test_raise_for_access_jinja_sql(mocker: MockFixture, app_context: None) -> None:
+ """
+ Test that Jinja gets rendered to SQL.
+ """
+ sm = SupersetSecurityManager(appbuilder)
+ mocker.patch.object(sm, "can_access_database", return_value=False)
+ mocker.patch.object(sm, "get_schema_perm", return_value="[PostgreSQL].[public]")
+ mocker.patch.object(sm, "can_access", return_value=False)
+ mocker.patch.object(sm, "is_guest_user", return_value=False)
+ get_table_access_error_object = mocker.patch.object(
+ sm, "get_table_access_error_object"
+ )
+ SqlaTable = mocker.patch("superset.connectors.sqla.models.SqlaTable")
+ SqlaTable.query_datasources_by_name.return_value = []
+
+ database = mocker.MagicMock()
+ database.get_default_schema_for_query.return_value = "public"
+ query = mocker.MagicMock()
+ query.database = database
+ query.sql = "SELECT * FROM {% if True %}ab_user{% endif %} WHERE 1=1"
+
+ with pytest.raises(SupersetSecurityException):
+ sm.raise_for_access(
+ database=None,
+ datasource=None,
+ query=query,
+ query_context=None,
+ table=None,
+ viz=None,
+ )
+
+ get_table_access_error_object.assert_called_with({Table("ab_user", "public")})
+
+
def test_raise_for_access_chart_for_datasource_permission(
mocker: MockFixture,
app_context: None,