GitHub user dosubot[bot] added a comment to the discussion: Restrict charts
<!-- Answer -->
You need to resolve usernames to user IDs before filtering, because the
Slice.owners relationship is based on user IDs, not usernames. Here’s how you
can fix your filter:
```python
from superset.charts.filters import BaseFilter
from superset.models.slice import Slice
from superset.security import get_username, security_manager
from sqlalchemy.orm import Query
class ChartOwnedByUserOrAdminFilter(BaseFilter):
name = "Owned by user or admin"
arg_name = "chart_owned_by_user_or_admin"
def apply(self, query: Query, value) -> Query:
if security_manager.is_admin():
return query # Admins see all charts
# Collect usernames you want to include
current_user = get_username()
usernames = ["admin", current_user]
usernames = list(set(usernames)) # Remove duplicates
# Resolve usernames to user IDs
user_ids = []
for username in usernames:
user = security_manager.get_user_by_username(username)
if user:
user_ids.append(user.id)
if not user_ids:
# No valid users found, return empty query
return query.filter(False)
# Filter charts where any owner matches one of these user IDs
return
query.filter(Slice.owners.any(security_manager.user_model.id.in_(user_ids)))
```
This approach matches how Superset filters by ownership in chart filters—always
by user ID, never by username directly
([reference](https://github.com/apache/superset/blob/master/superset/charts/filters.py)).
You can extend this to support emails by looking up users by email as well.
Make sure your filter is registered in `base_filters` in
`superset/charts/api.py` so it’s always applied. Restart the server after
making changes.
<!-- Dosu Comment Footer -->
*To reply, just mention [@dosu](https://go.dosu.dev/dosubot).*
---
<sup>How did I do?
[Good](https://app.dosu.dev/response-feedback/ca8c4cec-d5d2-4629-b4cf-0e5a025c5d5c?feedback_type=great_response)
|
[Irrelevant](https://app.dosu.dev/response-feedback/ca8c4cec-d5d2-4629-b4cf-0e5a025c5d5c?feedback_type=irrelevant_answer)
|
[Incorrect](https://app.dosu.dev/response-feedback/ca8c4cec-d5d2-4629-b4cf-0e5a025c5d5c?feedback_type=incorrect_sources)
|
[Verbose](https://app.dosu.dev/response-feedback/ca8c4cec-d5d2-4629-b4cf-0e5a025c5d5c?feedback_type=too_verbose)
|
[Hallucination](https://app.dosu.dev/response-feedback/ca8c4cec-d5d2-4629-b4cf-0e5a025c5d5c?feedback_type=hallucination)
| [Report
🐛](https://app.dosu.dev/response-feedback/ca8c4cec-d5d2-4629-b4cf-0e5a025c5d5c?feedback_type=bug_report)
|
[Other](https://app.dosu.dev/response-feedback/ca8c4cec-d5d2-4629-b4cf-0e5a025c5d5c?feedback_type=other)</sup>
[](https://app.dosu.dev/a28d3c7e-a9d3-459e-9fb6-3a6f9ff4f357/ask?utm_source=github) [](https://cursor.com/link/prompt?text=You%20need%20to%20resolve%20usernames%20to%20user%20IDs%20before%20filtering%2C%20because%20the%20Slice.owners%20relationship%20is%20based%20on%20user%20IDs%2C%20not%20usernames.%20Here%E2%80%99s%20how%20you%20can%20fix%20your%20filter%3A%0A%0A%60%60%60python%0Afrom%20superset.charts.filters%20import%20BaseFilter%0Afrom%20superset.models.slice%20import%20Slice%0Afrom%20superset.security%20import%20get_username%2C%20security_manager%0Afrom%20sqlalchemy.orm%20import%20Query%0A%0Aclass%20ChartOwnedByUserOrAdminFilter%28BaseFilter%29%3A%0A%20%20%20%20name%20%3D%20%22Owned%20by%20user%20or%20admin%22%0A%20%20%20%20arg_name%20%3D%20%22chart_owned_by_user_or_admin%22%0A%0A%20%20%20%20def%20apply%28self%2C%20query%3A%20Query%2C%20value%29%20-%3E%20Query%3A%0A
%20%20%20%20%20%20%20%20if%20security_manager.is_admin%28%29%3A%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20query%20%20%23%20Admins%20see%20all%20charts%0A%0A%20%20%20%20%20%20%20%20%23%20Collect%20usernames%20you%20want%20to%20include%0A%20%20%20%20%20%20%20%20current_user%20%3D%20get_username%28%29%0A%20%20%20%20%20%20%20%20usernames%20%3D%20%5B%22admin%22%2C%20current_user%5D%0A%20%20%20%20%20%20%20%20usernames%20%3D%20list%28set%28usernames%29%29%20%20%23%20Remove%20duplicates%0A%0A%20%20%20%20%20%20%20%20%23%20Resolve%20usernames%20to%20user%20IDs%0A%20%20%20%20%20%20%20%20user_ids%20%3D%20%5B%5D%0A%20%20%20%20%20%20%20%20for%20username%20in%20usernames%3A%0A%20%20%20%20%20%20%20%20%20%20%20%20user%20%3D%20security_manager.get_user_by_username%28username%29%0A%20%20%20%20%20%20%20%20%20%20%20%20if%20user%3A%0A%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20%20user_ids.append%28user.id%29%0A%20%20%20%20%20%20%20%20if%20not%20user_ids%3A%0A%20%20%20%20%20%20%20%20%20%20%20%20%23%
20No%20valid%20users%20found%2C%20return%20empty%20query%0A%20%20%20%20%20%20%20%20%20%20%20%20return%20query.filter%28False%29%0A%0A%20%20%20%20%20%20%20%20%23%20Filter%20charts%20where%20any%20owner%20matches%20one%20of%20these%20user%20IDs%0A%20%20%20%20%20%20%20%20return%20query.filter%28Slice.owners.any%28security_manager.user_model.id.in_%28user_ids%29%29%29%0A%60%60%60%0A%0AThis%20approach%20matches%20how%20Superset%20filters%20by%20ownership%20in%20chart%20filters%E2%80%94always%20by%20user%20ID%2C%20never%20by%20username%20directly%20%28%5Breference%5D%28https%3A//github.com/apache/superset/blob/master/superset/charts/filters.py%29%29.%20You%20can%20extend%20this%20to%20support%20emails%20by%20looking%20up%20users%20by%20email%20as%20well.%0A%0AMake%20sure%20your%20filter%20is%20registered%20in%20%60base_filters%60%20in%20%60superset/charts/api.py%60%20so%20it%E2%80%99s%20always%20applied.%20Restart%20the%20server%20after%20making%20changes.) [](https://go.dosu.dev/discord-bot) [](https://twitter.com/intent/tweet?text=%40dosu_ai%20helped%20me%20solve%20this%20issue!&url=https%3A//github.com/apache/superset/discussions/36259)
GitHub link:
https://github.com/apache/superset/discussions/36259#discussioncomment-15083601
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
