john-bodley opened a new pull request, #24892: URL: https://github.com/apache/superset/pull/24892
<!--- Please write the PR title following the conventions at https://www.conventionalcommits.org/en/v1.0.0/ Example: fix(dashboard): load charts correctly --> ### SUMMARY This PR reverts https://github.com/apache/superset/pull/24808. Regrettably @Vitor-Avila after further review I believe the logic outlined in your fix (per the integration test you added) exposes a security vulnerability, i.e., per this check in your test, ```python security_manager.raise_for_access(datasource=test_dataset) ``` will mean said user will have access to the `test_dataset` datasource irrespective of the context. Thus by granting dashboard access to to a guest user you would be in fact (possibly unknowingly) granting full access to all datasources which are referenced within the native dashboard filters. I think the right—context aware—solution is to change the `raise_for_access` caller to include the dashboard context. Note in https://github.com/apache/superset/pull/24804 I've refactored the dashboard security logic by folding `raise_for_dashboard_access` into `raise_for_access` so the later is (or can be dashboard aware). The TL;DR is your change flexes to accommodate the need for the dashboard filters to function but is over generous in terms of the context in which the permissions are allowed. ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF <!--- Skip this if not applicable --> ### TESTING INSTRUCTIONS CI. ### ADDITIONAL INFORMATION <!--- Check any relevant boxes with "x" --> <!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue --> - [ ] Has associated issue: - [ ] Required feature flags: - [ ] Changes UI - [ ] Includes DB Migration (follow approval process in [SIP-59](https://github.com/apache/superset/issues/13351)) - [ ] Migration is atomic, supports rollback & is backwards-compatible - [ ] Confirm DB migration upgrade and downgrade tested - [ ] Runtime estimates and downtime expectations provided - [ ] Introduces new feature or API - [ ] Removes existing feature or API -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
