ygelfand opened a new pull request #18924:
URL: https://github.com/apache/superset/pull/18924
### SUMMARY
Cache keys from guest token row level security clauses were not being
evaluated, causing data to leak across sessions via cache.
### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
<!--- Skip this if not applicable -->
### TESTING INSTRUCTIONS
In one session, create/use an guest_token without a rls clause, and a
session with a rls clause with an additional cache key e.g.:
``` "rls": [
{ "clause": "publisher = '{{cache_key_wrapper('Nintendo')}}'" }
]
```
The same dashboard should have independent cache for each session, and the
one with the rls clause should be unable to see unfiltered data.
### ADDITIONAL INFORMATION
<!--- Check any relevant boxes with "x" -->
<!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue -->
- [ ] Has associated issue:
- [ ] Required feature flags:
- [ ] Changes UI
- [ ] Includes DB Migration (follow approval process in
[SIP-59](https://github.com/apache/superset/issues/13351))
- [ ] Migration is atomic, supports rollback & is backwards-compatible
- [ ] Confirm DB migration upgrade and downgrade tested
- [ ] Runtime estimates and downtime expectations provided
- [ ] Introduces new feature or API
- [ ] Removes existing feature or API
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
