b-yacoubi opened a new issue, #37695:
URL: https://github.com/apache/superset/issues/37695
### Bug description
We have a base RLS filter applying a clause that looks like `column_name IN
{{ rls() }}`. The rls function is a custom Jinja macro that essentially looks
in the current flask session for a list and formats it properly so that the
final value may look like `column_name IN ('a', 'b', 'c')`:
```
def rls():
"""
Returns RLS roles formatted for SQL IN clause.
Example: ['admin', "Joe's role"] -> ('admin', 'Joe''s role')
Returns (NULL) if empty.
"""
# filled in during authentication process
values = session.get("rls", [])
if not values:
return "(NULL)"
binds = [bindparam(f"v_{i}", v) for i, v in enumerate(values)]
escaped = [str(b.compile(dialect=postgresql.dialect(),
compile_kwargs={"literal_binds": True})) for b in binds]
return f"({', '.join(escaped)})"
```
This works fine in most places, although I've been bitten by
https://github.com/apache/superset/issues/33346 (which should really be
indicated clearly somewhere in the docs!).
However, if I open a chart (where this RLS is working) in SQL lab using the
dropdown menu, Then this `rls()` macro malfunctions (returning me an empty
list): enumerating the values in `flask.session` shows that the whole thing is
empty in that context.
This prompts two questions:
- Why is the flask session filled out in all contexts but this one? Is there
something particular about the way queries are built in the SQL Lab?
- Why does the RLS even apply in this view? Isn't it supposed _not_ to
trigger inside the SQL Lab?
This happens on both 5.0.0 and 6.0.0.
### Screenshots/recordings
_No response_
### Superset version
6.0.0
### Python version
I don't know
### Node version
I don't know
### Browser
Firefox
### Additional context
_No response_
### Checklist
- [x] I have searched Superset docs and Slack and didn't find a solution to
my problem.
- [x] I have searched the GitHub issue tracker and didn't find a similar bug
report.
- [x] I have checked Superset's logs for errors and if I found a relevant
Python stacktrace, I included it here as text in the "additional context"
section.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
