Custom SecurityManager SAWarning: Usage of the 'Session.add()' operation is not currently supported within the execution stage of the flush process

[C-monC]

Hi,

I am trying to make a custom security manager.
When I commit a new user using the add_user function I get the error

sqlalchemy.exc.ResourceClosedError: This transaction is closed

To reproduce the error either make the TokenSecurityManager class or add

        gamma_role = self.find_role("Gamma")
        user = self.add_user(username="vadsvad",
                    email=u"test@test.com",
                    first_name="fdasdf",
                    last_name="asdfdsafd",
                    role=gamma_role)

at line

superset/superset/security/manager.py

Line 252 in 4f1996d

The SecurityMangerClass:

class TokenSecurityManager(SupersetSecurityManager):

    def __init__(self, appbuilder):
        super(TokenSecurityManager, self).__init__(appbuilder)

    def request_loader(self, request: Request) -> Optional[User]:
        # pylint: disable=import-outside-toplevel
        from superset.extensions import feature_flag_manager

        gamma_role = self.find_role("Gamma")
        user = self.add_user(username="vadsvad",
                    email=u"test@test.com",
                    first_name="fdasdf",
                    last_name="asdfdsafd",
                    role=gamma_role)
        return None

    def add_user(
        self,
        username,
        first_name,
        last_name,
        email,
        role,
        hashed_password=""
    ):  
        """
            Generic function to create user
        """
        # try:
        user = self.user_model()
        user.first_name = first_name
        user.last_name = last_name
        user.username = username
        user.email = email
        user.active = True
        user.roles = [role]
        user.password = hashed_password
        self.get_session.add(user)
        self.get_session.commit()     <---------- error thrown on this line.
        return user
        # except Exception as e:
        #     self.get_session.rollback()
        #     return False

I know this is more of a Flask AppBuilder issue but any assistance into where this transaction is being closed will be great.
I could just create a new session engine + session as a workaround. I just don't understand how this doesn't work

[TacoBel42]

Hi! Same error but other case.

def copy_role_to_view_menu(mapper, connection, target: Role):
    security_manager.add_permissions_view(["some_permission"], target.name)

sa.event.listen(Role, "after_insert", copy_role_to_view_menu)

code like that throws

[rusackas]

We're happy to support bugs in Superset, but custom code and forks is difficult to support in general. Closing this as stale since it's been silent for so long, and we're trying to steer toward a more actionable Issues backlog. If people are still encountering this in current versions (currently 3.x) please open a new Issue or a PR to address the problem.