rscarborough1996 opened a new issue, #27177:
URL: https://github.com/apache/superset/issues/27177
### Bug description
After upgrading from 3.1.0 to 3.1.1, dashboards and filters no longer work
and give this error: "Guest user cannot modify chart payload". I didn't change
any permissions, and I even tried changing GUEST_ROLE_NAME to "Admin", but it
still didn't work. I can see that the POST request to /api/v1/chart/data is
coming back with 403, but I can't tell what is causing it.
### How to reproduce the bug
Using the Docker 3.1.1 image:
1. Create an embedded dashboard app
2. Try to use it
### Screenshots/recordings
_No response_
### Superset version
3.1.1
### Python version
I don't know
### Node version
I don't know
### Browser
Chrome
### Additional context
Logs:
SupersetErrorException
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1823, in
full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1799, in
dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
File
"/usr/local/lib/python3.9/site-packages/flask_appbuilder/security/decorators.py",
line 95, in wraps
return f(self, *args, **kwargs)
File "/app/superset/views/base_api.py", line 127, in wraps
raise ex
File "/app/superset/views/base_api.py", line 121, in wraps
duration, response = time_function(f, self, *args, **kwargs)
File "/app/superset/utils/core.py", line 1463, in time_function
response = func(*args, **kwargs)
File "/app/superset/utils/log.py", line 255, in wrapper
value = f(*args, **kwargs)
File "/app/superset/charts/data/api.py", line 235, in data
command.validate()
File "/app/superset/commands/chart/data/get_data_command.py", line 68, in
validate
self._query_context.raise_for_access()
File "/app/superset/common/query_context.py", line 137, in raise_for_access
self._processor.raise_for_access()
File "/app/superset/common/query_context_processor.py", line 754, in
raise_for_access
security_manager.raise_for_access(query_context=self._query_context)
File "/app/superset/security/manager.py", line 1960, in raise_for_access
raise SupersetSecurityException(
superset.exceptions.SupersetSecurityException: Guest user cannot modify
chart payload
2024-02-20 19:57:34,465:WARNING:superset.views.base:SupersetErrorException
Traceback (most recent call last):
File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1823, in
full_dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.9/site-packages/flask/app.py", line 1799, in
dispatch_request
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
File
"/usr/local/lib/python3.9/site-packages/flask_appbuilder/security/decorators.py",
line 95, in wraps
return f(self, *args, **kwargs)
File "/app/superset/views/base_api.py", line 127, in wraps
raise ex
File "/app/superset/views/base_api.py", line 121, in wraps
duration, response = time_function(f, self, *args, **kwargs)
File "/app/superset/utils/core.py", line 1463, in time_function
response = func(*args, **kwargs)
File "/app/superset/utils/log.py", line 255, in wrapper
value = f(*args, **kwargs)
File "/app/superset/charts/data/api.py", line 235, in data
command.validate()
File "/app/superset/commands/chart/data/get_data_command.py", line 68, in
validate
self._query_context.raise_for_access()
File "/app/superset/common/query_context.py", line 137, in raise_for_access
self._processor.raise_for_access()
File "/app/superset/common/query_context_processor.py", line 754, in
raise_for_access
security_manager.raise_for_access(query_context=self._query_context)
File "/app/superset/security/manager.py", line 1960, in raise_for_access
raise SupersetSecurityException(
superset.exceptions.SupersetSecurityException: Guest user cannot modify
chart payload
172.20.0.1 - - [20/Feb/2024:19:57:34 +0000] "POST
/api/v1/chart/data?form_data=%7B%22slice_id%22%3A108%7D&dashboard_id=65
HTTP/1.1" 403 149
"http://localhost:8088/embedded/3f11daf2-84ac-4c8f-80aa-e9310b488fe7";
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like
Gecko) Chrome/121.0.0.0 Safari/537.36"
### Checklist
- [X] I have searched Superset docs and Slack and didn't find a solution to
my problem.
- [X] I have searched the GitHub issue tracker and didn't find a similar bug
report.
- [X] I have checked Superset's logs for errors and if I found a relevant
Python stacktrace, I included it here as text in the "additional context"
section.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org
