You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2020/04/07 10:36:40 UTC

[GitHub] [incubator-superset] axelet opened a new pull request #9365: fix: Row Level Security get_rls_filters func SELECT statement

axelet opened a new pull request #9365: fix: Row Level Security get_rls_filters func SELECT statement
URL: https://github.com/apache/incubator-superset/pull/9365
 
 
   ### CATEGORY
   
   Choose one
   
   - [x] Bug Fix
   - [ ] Enhancement (new features, refinement)
   - [ ] Refactor
   - [ ] Add tests
   - [ ] Build / Development Environment
   - [ ] Documentation
   
   ### SUMMARY
   <!--- Describe the change below, including rationale and design decisions -->
   It appears that **get_rls_filters()** func have the following SELECT statement issue:
   The **filter_roles** subquery should select **rls_filter_id** (corresponding to existing **role_id**) instead of selecting the **id** of (role_id, rls_filter_id) pair. This way the proper filters can then be selected from **row_level_security_filters** table.
   
   The query in **get_rls_filters()** should look as follows:
   
   SELECT row_level_security_filters.id AS row_level_security_filters_id, row_level_security_filters.clause AS row_level_security_filters_clause 
   FROM row_level_security_filters 
   WHERE row_level_security_filters.table_id = %(table_id_1)s AND row_level_security_filters.id IN (SELECT rls_filter_roles.**rls_filter_id** 
   FROM rls_filter_roles 
   WHERE rls_filter_roles.role_id IN (SELECT ab_user_role.role_id 
   FROM ab_user_role 
   WHERE ab_user_role.user_id = %(user_id_1)s))
   
   
   ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
   <!--- Skip this if not applicable -->
   
   ### TEST PLAN
   <!--- What steps should be taken to verify the changes -->
   
   ### ADDITIONAL INFORMATION
   <!--- Check any relevant boxes with "x" -->
   <!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue -->
   - [ ] Has associated issue: no issue
   - [ ] Changes UI
   - [ ] Requires DB Migration.
   - [ ] Confirm DB Migration upgrade and downgrade tested.
   - [ ] Introduces new feature or API
   - [ ] Removes existing feature or API
   
   ### REVIEWERS
   

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org