bmaquet opened a new pull request, #32770:
URL: https://github.com/apache/superset/pull/32770
### SUMMARY
This PR adds a new `current_user_roles()` Jinja macro to Superset that
returns the roles of the currently logged-in user. This enables role-based data
access control when integrating with semantic layers like Cube.dev, allowing
organizations to implement fine-grained access control policies based on user
roles.
The implementation follows the pattern of existing user context macros
(`current_username()`, `current_user_id()`, etc.) and includes proper cache key
generation support.
Example usage:
```sql
SELECT * FROM my_cube
WHERE role IN ({{ current_user_roles() }})
```
### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
<img width="1168" alt="Screenshot 2025-03-20 at 10 46 33"
src="https://github.com/user-attachments/assets/b6d25ab0-7139-4b54-b235-04eb9c28c24b";
/>
<img width="1492" alt="Screenshot 2025-03-20 at 10 46 48"
src="https://github.com/user-attachments/assets/a2f1174d-0926-4562-b527-8c3061ca24cc";
/>
<img width="1500" alt="Screenshot 2025-03-20 at 10 59 17"
src="https://github.com/user-attachments/assets/18d1a8a1-310e-42be-9f5a-06464617ec93";
/>
<img width="881" alt="Screenshot 2025-03-20 at 10 59 54"
src="https://github.com/user-attachments/assets/c364ff3d-961b-46cc-83e8-1191bcf68d70";
/>
### TESTING INSTRUCTIONS
<!--- Required! What steps can be taken to manually verify the changes? -->
### ADDITIONAL INFORMATION
<!--- Check any relevant boxes with "x" -->
<!--- HINT: Include "Fixes #nnn" if you are fixing an existing issue -->
- [ ] Has associated issue:
- [ ] Required feature flags:
- [ ] Changes UI
- [ ] Includes DB Migration (follow approval process in
[SIP-59](https://github.com/apache/superset/issues/13351))
- [ ] Migration is atomic, supports rollback & is backwards-compatible
- [ ] Confirm DB migration upgrade and downgrade tested
- [ ] Runtime estimates and downtime expectations provided
- [ ] Introduces new feature or API
- [ ] Removes existing feature or API
### TESTING INSTRUCTIONS
1. Launch superset and add roles to the admin user
2. Launch SQL Lab and run the below query
```
SELECT
'{{current_user_roles() }}'
FROM public.users
LIMIT 1
```
This should return the roles
4. Create a Regular RLS with clause `__role = '{{ current_user_roles() }}'`.
Attach the roles added to the admin user in step 1. and attach a dataset (e.g.
`bart_lines`)
5. Create a chart on the `bart_lines` dataset. You will notice the macro is
returning the roles.
### ADDITIONAL INFORMATION
- [x] Has associated issue:
https://github.com/apache/superset/discussions/32769
- [ ] Required feature flags: None
- [ ] Changes UI: No
- [ ] Includes DB Migration: No
- [x] Introduces new feature or API: Yes (new Jinja macro)
- [ ] Removes existing feature or API: No
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
