justinpark opened a new pull request, #22896: URL: https://github.com/apache/superset/pull/22896
### SUMMARY When any random user clones a dashboard without clone charts, the original owner of the chart cannot update the chart. It's caused by the #21497 which starts passing the linked `dashboards` ids and the following validation logic triggered. https://github.com/apache/superset/blob/7bd2afd724799be2d5ca3edb90c5b95a56609211/superset/charts/commands/update.py#L107-L110 The main problem is base `find_by_ids` applies `base_filter` which excludes the dashboard without ownership under draft status. (see the following logs) ``` superset_app | SELECT dashboards.uuid AS dashboards_uuid, dashboards.created_on AS dashboards_created_on, dashboards.changed_on AS dashboards_changed_on, dashboards.id AS dashboards_id, dashboards.dashboard_title AS dashboards_dashboard_title, dashboards.position_json AS dashboards_position_json, dashboards.description AS dashboards_description, dashboards.css AS dashboards_css, dashboards.certified_by AS dashboards_certified_by, dashboards.certification_details AS dashboards_certification_details, dashboards.json_metadata AS dashboards_json_metadata, dashboards.slug AS dashboards_slug, dashboards.published AS dashboards_published, dashboards.is_managed_externally AS dashboards_is_managed_externally, dashboards.external_url AS dashboards_external_url, dashboards.created_by_fk AS dashboards_created_by_fk, dashboards.changed_by_fk AS dashboards_changed_by_fk superset_app | FROM dashboards superset_app | WHERE dashboards.id IN (__[POSTCOMPILE_id_1]) AND (dashboards.id IN (SELECT dashboards.id superset_app | FROM dashboards JOIN dashboard_user AS dashboard_user_1 ON dashboards.id = dashboard_user_1.dashboard_id JOIN ab_user ON ab_user.id = dashboard_user_1.user_id superset_app | WHERE ab_user.id = %(id_2)s) OR dashboards.id IN (SELECT dashboards.id superset_app | FROM dashboards LEFT OUTER JOIN (dashboard_slices AS dashboard_slices_1 JOIN slices ON slices.id = dashboard_slices_1.slice_id) ON dashboards.id = dashboard_slices_1.dashboard_id superset_app | WHERE dashboards.published IS true AND true) OR dashboards.id IN (SELECT favstar.obj_id superset_app | FROM favstar superset_app | WHERE favstar.user_id = %(user_id_1)s AND favstar.class_name = %(class_name_1)s)) ``` Since the `DashboardsNotFoundValidation` checks the existence, this commit adds the `skip_base_filter` option on find_by_ids as `find_by_id` has and use the option for DashboardsNotFoundValidation. https://github.com/apache/superset/blob/7bd2afd724799be2d5ca3edb90c5b95a56609211/superset/dao/base.py#L56-L63 ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF - Before https://user-images.githubusercontent.com/1392866/215229495-51c51f7b-0e46-4577-8e7d-7686274c86fa.mov - After: https://user-images.githubusercontent.com/1392866/215229482-acf97753-3589-4e92-8eb0-9e347ce7b297.mov ### TESTING INSTRUCTIONS 1. Create a dashboard and a chart 2. Login with a different user 3. Clone the above dashboard without duplicates charts 4. Login with the original user and edit chart ### ADDITIONAL INFORMATION - [ ] Has associated issue: - [ ] Required feature flags: - [ ] Changes UI - [ ] Includes DB Migration (follow approval process in [SIP-59](https://github.com/apache/superset/issues/13351)) - [ ] Migration is atomic, supports rollback & is backwards-compatible - [ ] Confirm DB migration upgrade and downgrade tested - [ ] Runtime estimates and downtime expectations provided - [ ] Introduces new feature or API - [ ] Removes existing feature or API cc: @ktmud @john-bodley -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org --------------------------------------------------------------------- To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org For additional commands, e-mail: notifications-h...@superset.apache.org
