You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2022/08/26 11:16:50 UTC

[GitHub] [superset] Painyjames opened a new issue, #21207: ParsedQuery to return tables within subselects

Painyjames opened a new issue, #21207:
URL: https://github.com/apache/superset/issues/21207

   Hi,
   
   We are currently having some issues with SQL Lab permissions related to tables appearing in subselects.
   
   Our Superset users have datasource permissions that are evaluated when the execute a query in SQL Lab.
   Sql Lab uses the [ParsedQuery](https://github.com/apache/superset/blob/383313b105b0e82bea0f38cc971630eded5affe0/superset/sql_parse.py#L189) class to extract the tables on that query and then evaluates if a user can actually execute the query based on those permissions.
   
   Since [ParsedQuery](https://github.com/apache/superset/blob/383313b105b0e82bea0f38cc971630eded5affe0/superset/sql_parse.py#L335) excludes subselects from the table parsing mechanism, a user could hide a particular table that he/she doesn't have access to inside a subquery and get away with that.
   
   Our idea is to modify the ParsedQuery logic to actually include, or at least give the option to include, the subqueries when retrieving the tables involved in a query, would that be something sensible?
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] Painyjames commented on issue #21207: ParsedQuery to return tables within subselects

Posted by GitBox <gi...@apache.org>.

Painyjames commented on issue #21207:
URL: https://github.com/apache/superset/issues/21207#issuecomment-1253406068

   Turns out that the subselects are not excluded.
   What happens instead is that tables that have the same name as aliases are removed form the list of tables in the SQL query. This causes issues when tables have restricted access, since users can circumvent this access check by just writing their query in a particular manner.
   This [PR](https://github.com/apache/superset/pull/21535) sorts that issue.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

Re: [I] ParsedQuery to return tables within subselects [superset]

Posted by "dpgaspar (via GitHub)" <gi...@apache.org>.

dpgaspar closed issue #21207: ParsedQuery to return tables within subselects
URL: https://github.com/apache/superset/issues/21207


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

[GitHub] [superset] Painyjames commented on issue #21207: ParsedQuery to return tables within subselects

Posted by GitBox <gi...@apache.org>.

Painyjames commented on issue #21207:
URL: https://github.com/apache/superset/issues/21207#issuecomment-1228370359

   related to this [PR](https://github.com/apache/superset/pull/1598)


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org

Re: [I] ParsedQuery to return tables within subselects [superset]

Posted by "dpgaspar (via GitHub)" <gi...@apache.org>.

dpgaspar commented on issue #21207:
URL: https://github.com/apache/superset/issues/21207#issuecomment-1905983416

   This was fixed by: #21535 and #26476
   
   feel free to reopen if not
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org