You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@superset.apache.org by GitBox <gi...@apache.org> on 2021/12/03 16:56:06 UTC

[GitHub] [superset] villebro commented on a change in pull request #17644: fix: Allows PUT and DELETE only for owners of dashboard filter state

villebro commented on a change in pull request #17644:
URL: https://github.com/apache/superset/pull/17644#discussion_r762098073



##########
File path: superset/key_value/commands/create.py
##########
@@ -33,14 +33,14 @@ class CreateKeyValueCommand(BaseCommand, ABC):
     def __init__(
         self, user: User, resource_id: int, value: str,
     ):
-        self._actor = user
+        self._user = user

Review comment:
       I think "actor" is perhaps more descriptive here:
   - the "actor" is doing something
   - the key-value pair has an "owner"

##########
File path: superset/dashboards/filter_state/commands/create.py
##########
@@ -16,17 +16,21 @@
 # under the License.
 from typing import Optional
 
+from flask_appbuilder.security.sqla.models import User
+
 from superset.dashboards.dao import DashboardDAO
 from superset.extensions import cache_manager
 from superset.key_value.commands.create import CreateKeyValueCommand
 from superset.key_value.utils import cache_key
 
 
 class CreateFilterStateCommand(CreateKeyValueCommand):
-    def create(self, resource_id: int, key: str, value: str) -> Optional[bool]:
+    def create(
+        self, user: User, resource_id: int, key: str, value: str
+    ) -> Optional[bool]:
         dashboard = DashboardDAO.get_by_id_or_slug(str(resource_id))
         if dashboard:
             return cache_manager.filter_state_cache.set(
-                cache_key(resource_id, key), value
+                cache_key(resource_id, key), [user.get_user_id(), value]

Review comment:
       For future extesibility, should we consider making the value a dict, like this?
   ```python
   {
       "owner": user.get_user_id(),
       "value": value,
   }
   ```
   Having a dedicated `TypedDict` for this would also make development easier.




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org



---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org