Skip to content

Commit

Permalink
fix(explore): retain chart ownership on query context update (apache#…
Browse files Browse the repository at this point in the history
  • Loading branch information
villebro authored and Emmanuel Bavoux committed Nov 14, 2021
1 parent 4f1c992 commit 8500f7d
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 8 deletions.
12 changes: 5 additions & 7 deletions superset/charts/commands/update.py
Original file line number Diff line number Diff line change
Expand Up @@ -84,13 +84,17 @@ def validate(self) -> None:
if not self._model:
raise ChartNotFoundError()

# Check ownership; when only updating query context we ignore
# Check and update ownership; when only updating query context we ignore
# ownership so the update can be performed by report workers
if not is_query_context_update(self._properties):
try:
check_ownership(self._model)
owners = self.populate_owners(self._actor, owner_ids)
self._properties["owners"] = owners
except SupersetSecurityException as ex:
raise ChartForbiddenError() from ex
except ValidationError as ex:
exceptions.append(ex)

# Validate/Populate datasource
if datasource_id is not None:
Expand All @@ -107,12 +111,6 @@ def validate(self) -> None:
exceptions.append(DashboardsNotFoundValidationError())
self._properties["dashboards"] = dashboards

# Validate/Populate owner
try:
owners = self.populate_owners(self._actor, owner_ids)
self._properties["owners"] = owners
except ValidationError as ex:
exceptions.append(ex)
if exceptions:
exception = ChartInvalidError()
exception.add_list(exceptions)
Expand Down
30 changes: 29 additions & 1 deletion tests/integration_tests/charts/commands_tests.py
Original file line number Diff line number Diff line change
Expand Up @@ -321,11 +321,39 @@ def test_update_v1_response(self, mock_sm_g, mock_g):
json_obj = {
"description": "test for update",
"cache_timeout": None,
"owners": [1],
"owners": [actor.id],
}
command = UpdateChartCommand(actor, model_id, json_obj)
last_saved_before = db.session.query(Slice).get(pk).last_saved_at
command.run()
chart = db.session.query(Slice).get(pk)
assert chart.last_saved_at != last_saved_before
assert chart.last_saved_by == actor

@patch("superset.views.base.g")
@patch("superset.security.manager.g")
@pytest.mark.usefixtures("load_energy_table_with_slice")
def test_query_context_update_command(self, mock_sm_g, mock_g):
""""
Test that a user can generate the chart query context
payloadwithout affecting owners
"""
chart = db.session.query(Slice).all()[0]
pk = chart.id
admin = security_manager.find_user(username="admin")
chart.owners = [admin]
db.session.commit()

actor = security_manager.find_user(username="alpha")
mock_g.user = mock_sm_g.user = actor
query_context = json.dumps({"foo": "bar"})
json_obj = {
"query_context_generation": True,
"query_context": query_context,
}
command = UpdateChartCommand(actor, pk, json_obj)
command.run()
chart = db.session.query(Slice).get(pk)
assert chart.query_context == query_context
assert len(chart.owners) == 1
assert chart.owners[0] == admin

0 comments on commit 8500f7d

Please sign in to comment.