fix: cache key with guest token rls (#19110)

* add guest rls clause to cache key * lint * pylint * add app back (cherry picked from commit 2726816)
apache · Apr 3, 2022 · cb5d814 · cb5d814
1 parent 7d0ee28
commit cb5d814
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 12 deletions.
diff --git a/superset/common/query_context_processor.py b/superset/common/query_context_processor.py
@@ -26,7 +26,7 @@
 from pandas import DateOffset
 from typing_extensions import TypedDict
 
-from superset import app, is_feature_enabled
+from superset import app
 from superset.annotation_layers.dao import AnnotationLayerDAO
 from superset.charts.dao import ChartDAO
 from superset.common.chart_data import ChartDataResultFormat
@@ -159,10 +159,7 @@ def query_cache_key(self, query_obj: QueryObject, **kwargs: Any) -> Optional[str
             query_obj.cache_key(
                 datasource=datasource.uid,
                 extra_cache_keys=extra_cache_keys,
-                rls=security_manager.get_rls_ids(datasource)
-                if is_feature_enabled("ROW_LEVEL_SECURITY")
-                and datasource.is_rls_supported
-                else [],
+                rls=security_manager.get_rls_cache_key(datasource),
                 changed_on=datasource.changed_on,
                 **kwargs,
             )

diff --git a/superset/security/manager.py b/superset/security/manager.py
@@ -1222,6 +1222,20 @@ def get_rls_ids(self, table: "BaseDatasource") -> List[int]:
         ids.sort()  # Combinations rather than permutations
         return ids
 
+    def get_guest_rls_filters_str(self, table: "BaseDatasource") -> List[str]:
+        return [f.get("clause", "") for f in self.get_guest_rls_filters(table)]
+
+    def get_rls_cache_key(self, datasource: "BaseDatasource") -> List[str]:
+        # pylint: disable=import-outside-toplevel
+        from superset import is_feature_enabled
+
+        rls_ids = []
+        if is_feature_enabled("ROW_LEVEL_SECURITY") and datasource.is_rls_supported:
+            rls_ids = self.get_rls_ids(datasource)
+        rls_str = [str(rls_id) for rls_id in rls_ids]
+        guest_rls = self.get_guest_rls_filters_str(datasource)
+        return guest_rls + rls_str
+
     @staticmethod
     def raise_for_user_activity_access(user_id: int) -> None:
         user = g.user if g.user and g.user.get_id() else None

diff --git a/superset/viz.py b/superset/viz.py
@@ -55,7 +55,7 @@
 from geopy.point import Point
 from pandas.tseries.frequencies import to_offset
 
-from superset import app, is_feature_enabled
+from superset import app
 from superset.common.db_query_status import QueryStatus
 from superset.constants import NULL_STRING
 from superset.errors import ErrorLevel, SupersetError, SupersetErrorType
@@ -459,12 +459,7 @@ def cache_key(self, query_obj: QueryObjectDict, **extra: Any) -> str:
         cache_dict["time_range"] = self.form_data.get("time_range")
         cache_dict["datasource"] = self.datasource.uid
         cache_dict["extra_cache_keys"] = self.datasource.get_extra_cache_keys(query_obj)
-        cache_dict["rls"] = (
-            security_manager.get_rls_ids(self.datasource)
-            if is_feature_enabled("ROW_LEVEL_SECURITY")
-            and self.datasource.is_rls_supported
-            else []
-        )
+        cache_dict["rls"] = security_manager.get_rls_cache_key(self.datasource)
         cache_dict["changed_on"] = self.datasource.changed_on
         json_data = self.json_dumps(cache_dict, sort_keys=True)
         return md5_sha_from_str(json_data)