You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2020/04/07 10:36:40 UTC
[GitHub] [incubator-superset] axelet opened a new pull request #9365: fix:
Row Level Security get_rls_filters func SELECT statement
axelet opened a new pull request #9365: fix: Row Level Security get_rls_filters func SELECT statement
URL: https://github.com/apache/incubator-superset/pull/9365
### CATEGORY
Choose one
- [x] Bug Fix
- [ ] Enhancement (new features, refinement)
- [ ] Refactor
- [ ] Add tests
- [ ] Build / Development Environment
- [ ] Documentation
### SUMMARY
<!--- Describe the change below, including rationale and design decisions -->
It appears that **get_rls_filters()** func have the following SELECT statement issue:
The **filter_roles** subquery should select **rls_filter_id** (corresponding to existing **role_id**) instead of selecting the **id** of (role_id, rls_filter_id) pair. This way the proper filters can then be selected from **row_level_security_filters** table.
The query in **get_rls_filters()** should look as follows:
SELECT row_level_security_filters.id AS row_level_security_filters_id, row_level_security_filters.clause AS row_level_security_filters_clause
FROM row_level_security_filters
WHERE row_level_security_filters.table_id = %(table_id_1)s AND row_level_security_filters.id IN (SELECT rls_filter_roles.**rls_filter_id**
FROM rls_filter_roles
WHERE rls_filter_roles.role_id IN (SELECT ab_user_role.role_id
FROM ab_user_role
WHERE ab_user_role.user_id = %(user_id_1)s))
### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
<!--- Skip this if not applicable -->
### TEST PLAN
<!--- What steps should be taken to verify the changes -->
### ADDITIONAL INFORMATION
<!--- Check any relevant boxes with "x" -->
<!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue -->
- [ ] Has associated issue: no issue
- [ ] Changes UI
- [ ] Requires DB Migration.
- [ ] Confirm DB Migration upgrade and downgrade tested.
- [ ] Introduces new feature or API
- [ ] Removes existing feature or API
### REVIEWERS
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
With regards,
Apache Git Services
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org