mikebridge commented on code in PR #40129:
URL: https://github.com/apache/superset/pull/40129#discussion_r3344694739
##########
superset/commands/chart/importers/v1/utils.py:
##########
@@ -48,20 +48,86 @@ def import_chart(
overwrite: bool = False,
ignore_permissions: bool = False,
) -> Slice:
+ """Import a chart from a config dict, handling existing matches.
+
+ Permission model for an existing UUID match:
+
+ +--------------+---------------+---------------------+-----------------+
+ | Existing row | overwrite arg | Caller has perms? | Outcome |
+ +==============+===============+=====================+=================+
+ | alive | False | (n/a) | return existing |
+ +--------------+---------------+---------------------+-----------------+
+ | alive | True | can_write + owner | UPDATE in place |
+ +--------------+---------------+---------------------+-----------------+
+ | alive | True | can_write, | raise |
+ | | | not owner/admin | |
+ +--------------+---------------+---------------------+-----------------+
+ | soft-deleted | False or True | can_write + owner | restore + UPDATE|
+ +--------------+---------------+---------------------+-----------------+
+ | soft-deleted | False or True | can_write, | raise |
+ | | | not owner/admin | |
+ +--------------+---------------+---------------------+-----------------+
+ | soft-deleted | False or True | not can_write | raise (Case B) |
+ +--------------+---------------+---------------------+-----------------+
+
+ Re-importing a soft-deleted UUID is implicitly a restore-with-update:
+ the user is bringing the chart back by uploading it again. We apply
+ the same ownership check as the explicit overwrite path so non-owners
+ cannot resurrect via re-import, and we raise rather than silently
+ returning a soft-deleted row to callers without write permission
+ (which would let them reattach dashboards to a deleted chart).
+ """
can_write = ignore_permissions or security_manager.can_access("can_write",
"Chart")
- existing = db.session.query(Slice).filter_by(uuid=config["uuid"]).first()
+ from superset.commands.importers.v1.utils import find_existing_for_import
Review Comment:
Fixed in 7f15310b2d — moved `find_existing_for_import` to module-top
imports. Verified `superset.commands.importers.v1.utils` does not reach
`superset.commands.chart.importers.v1.utils` via any import chain. (Noting your
re-review retraction at `6a4ebdfd` — the prior pass flagged this in a state
where it was already at module top.)
##########
superset/commands/chart/importers/v1/utils.py:
##########
@@ -48,20 +48,86 @@ def import_chart(
overwrite: bool = False,
ignore_permissions: bool = False,
) -> Slice:
+ """Import a chart from a config dict, handling existing matches.
+
+ Permission model for an existing UUID match:
+
+ +--------------+---------------+---------------------+-----------------+
+ | Existing row | overwrite arg | Caller has perms? | Outcome |
+ +==============+===============+=====================+=================+
+ | alive | False | (n/a) | return existing |
+ +--------------+---------------+---------------------+-----------------+
+ | alive | True | can_write + owner | UPDATE in place |
+ +--------------+---------------+---------------------+-----------------+
+ | alive | True | can_write, | raise |
+ | | | not owner/admin | |
+ +--------------+---------------+---------------------+-----------------+
+ | soft-deleted | False or True | can_write + owner | restore + UPDATE|
+ +--------------+---------------+---------------------+-----------------+
+ | soft-deleted | False or True | can_write, | raise |
+ | | | not owner/admin | |
+ +--------------+---------------+---------------------+-----------------+
+ | soft-deleted | False or True | not can_write | raise (Case B) |
+ +--------------+---------------+---------------------+-----------------+
+
+ Re-importing a soft-deleted UUID is implicitly a restore-with-update:
+ the user is bringing the chart back by uploading it again. We apply
+ the same ownership check as the explicit overwrite path so non-owners
+ cannot resurrect via re-import, and we raise rather than silently
+ returning a soft-deleted row to callers without write permission
+ (which would let them reattach dashboards to a deleted chart).
+ """
can_write = ignore_permissions or security_manager.can_access("can_write",
"Chart")
- existing = db.session.query(Slice).filter_by(uuid=config["uuid"]).first()
+ from superset.commands.importers.v1.utils import find_existing_for_import
Review Comment:
Fixed in 7f15310b2d — moved `find_existing_for_import` to module-top
imports. Verified `superset.commands.importers.v1.utils` does not reach
`superset.commands.chart.importers.v1.utils` via any import chain. (Noting your
re-review retraction at `6a4ebdfd` — the prior pass flagged this in a state
where it was already at module top.)
##########
superset/commands/chart/importers/v1/utils.py:
##########
@@ -48,20 +48,86 @@ def import_chart(
overwrite: bool = False,
ignore_permissions: bool = False,
) -> Slice:
+ """Import a chart from a config dict, handling existing matches.
+
+ Permission model for an existing UUID match:
+
+ +--------------+---------------+---------------------+-----------------+
+ | Existing row | overwrite arg | Caller has perms? | Outcome |
+ +==============+===============+=====================+=================+
+ | alive | False | (n/a) | return existing |
+ +--------------+---------------+---------------------+-----------------+
+ | alive | True | can_write + owner | UPDATE in place |
+ +--------------+---------------+---------------------+-----------------+
+ | alive | True | can_write, | raise |
+ | | | not owner/admin | |
+ +--------------+---------------+---------------------+-----------------+
+ | soft-deleted | False or True | can_write + owner | restore + UPDATE|
+ +--------------+---------------+---------------------+-----------------+
+ | soft-deleted | False or True | can_write, | raise |
+ | | | not owner/admin | |
+ +--------------+---------------+---------------------+-----------------+
+ | soft-deleted | False or True | not can_write | raise (Case B) |
+ +--------------+---------------+---------------------+-----------------+
+
+ Re-importing a soft-deleted UUID is implicitly a restore-with-update:
+ the user is bringing the chart back by uploading it again. We apply
+ the same ownership check as the explicit overwrite path so non-owners
+ cannot resurrect via re-import, and we raise rather than silently
+ returning a soft-deleted row to callers without write permission
+ (which would let them reattach dashboards to a deleted chart).
+ """
can_write = ignore_permissions or security_manager.can_access("can_write",
"Chart")
- existing = db.session.query(Slice).filter_by(uuid=config["uuid"]).first()
+ from superset.commands.importers.v1.utils import find_existing_for_import
+
user = get_user()
Review Comment:
Both addressed in 7f15310b2d: (1) added an inline comment block above the
`user = get_user()` call explaining the intentional bypass for background /
example-loader paths where `ignore_permissions=True` establishes trust at the
command level — and noting this now applies to soft-deleted matches via
`needs_mutation`, not just `overwrite=True`; (2) dropped the redundant `(user
:= get_user())` walrus rebind near the end of `import_chart`, replaced with `if
user and user not in chart.owners:` since the local binding is still in scope.
##########
superset/commands/chart/importers/v1/utils.py:
##########
@@ -48,20 +48,86 @@ def import_chart(
overwrite: bool = False,
ignore_permissions: bool = False,
) -> Slice:
+ """Import a chart from a config dict, handling existing matches.
+
+ Permission model for an existing UUID match:
+
+ +--------------+---------------+---------------------+-----------------+
+ | Existing row | overwrite arg | Caller has perms? | Outcome |
+ +==============+===============+=====================+=================+
+ | alive | False | (n/a) | return existing |
+ +--------------+---------------+---------------------+-----------------+
+ | alive | True | can_write + owner | UPDATE in place |
+ +--------------+---------------+---------------------+-----------------+
+ | alive | True | can_write, | raise |
+ | | | not owner/admin | |
+ +--------------+---------------+---------------------+-----------------+
+ | soft-deleted | False or True | can_write + owner | restore + UPDATE|
+ +--------------+---------------+---------------------+-----------------+
+ | soft-deleted | False or True | can_write, | raise |
+ | | | not owner/admin | |
+ +--------------+---------------+---------------------+-----------------+
+ | soft-deleted | False or True | not can_write | raise (Case B) |
+ +--------------+---------------+---------------------+-----------------+
+
+ Re-importing a soft-deleted UUID is implicitly a restore-with-update:
+ the user is bringing the chart back by uploading it again. We apply
+ the same ownership check as the explicit overwrite path so non-owners
+ cannot resurrect via re-import, and we raise rather than silently
+ returning a soft-deleted row to callers without write permission
+ (which would let them reattach dashboards to a deleted chart).
+ """
can_write = ignore_permissions or security_manager.can_access("can_write",
"Chart")
- existing = db.session.query(Slice).filter_by(uuid=config["uuid"]).first()
+ from superset.commands.importers.v1.utils import find_existing_for_import
+
user = get_user()
Review Comment:
Both addressed in 7f15310b2d: (1) added an inline comment block above the
`user = get_user()` call explaining the intentional bypass for background /
example-loader paths where `ignore_permissions=True` establishes trust at the
command level — and noting this now applies to soft-deleted matches via
`needs_mutation`, not just `overwrite=True`; (2) dropped the redundant `(user
:= get_user())` walrus rebind near the end of `import_chart`, replaced with `if
user and user not in chart.owners:` since the local binding is still in scope.
##########
UPDATING.md:
##########
@@ -30,6 +30,18 @@ Importing a dataset now validates the `catalog` field
against the target databas
If you relied on importing datasets with a non-default catalog, enable "Allow
changing catalogs" on the target connection, or set the dataset's catalog to
the connection's default before importing.
+### Soft delete and restore for charts
+
+`DELETE /api/v1/chart/<id>` no longer hard-deletes the chart. The row is
marked with a `deleted_at` timestamp and hidden from all list, detail, and
lookup endpoints. Charts in this state are excluded from default queries and
from relationship loads (e.g. `dashboard.slices`).
+
+**New endpoint** — `POST /api/v1/chart/<uuid>/restore` clears `deleted_at` and
returns the chart to active state. Requires `can_write on Chart` and ownership
of the row (or admin). Soft-deleted charts can also be surfaced in the list
endpoint via the new `chart_deleted_state` rison filter: `include` returns both
live and soft-deleted rows, `only` returns just the soft-deleted ones. Any
other value is ignored.
+
+**Permissions migration:** existing role grants of `can_write on Chart` cover
the new restore endpoint automatically; no role migration is required.
+
+**Schema migration:** the migration adds a nullable `deleted_at` column and an
index on it (`ix_slices_deleted_at`) to the `slices` table. The column add is
instant; the index build runs inline (no `CONCURRENTLY`) and may briefly block
reads on the `slices` table for the duration of the build on large Postgres
deployments. MySQL InnoDB builds the index online (no blocking).
Review Comment:
Fixed in 7f15310b2d — UPDATING.md now correctly states that the index build
may briefly block writes (INSERT/UPDATE/DELETE queued during `ShareLock`) on
the `slices` table, with reads unaffected. Added a separate rollback note for
the visibility-filter-rollback edge case Richard called out in his review.
##########
UPDATING.md:
##########
@@ -30,6 +30,18 @@ Importing a dataset now validates the `catalog` field
against the target databas
If you relied on importing datasets with a non-default catalog, enable "Allow
changing catalogs" on the target connection, or set the dataset's catalog to
the connection's default before importing.
+### Soft delete and restore for charts
+
+`DELETE /api/v1/chart/<id>` no longer hard-deletes the chart. The row is
marked with a `deleted_at` timestamp and hidden from all list, detail, and
lookup endpoints. Charts in this state are excluded from default queries and
from relationship loads (e.g. `dashboard.slices`).
+
+**New endpoint** — `POST /api/v1/chart/<uuid>/restore` clears `deleted_at` and
returns the chart to active state. Requires `can_write on Chart` and ownership
of the row (or admin). Soft-deleted charts can also be surfaced in the list
endpoint via the new `chart_deleted_state` rison filter: `include` returns both
live and soft-deleted rows, `only` returns just the soft-deleted ones. Any
other value is ignored.
+
+**Permissions migration:** existing role grants of `can_write on Chart` cover
the new restore endpoint automatically; no role migration is required.
+
+**Schema migration:** the migration adds a nullable `deleted_at` column and an
index on it (`ix_slices_deleted_at`) to the `slices` table. The column add is
instant; the index build runs inline (no `CONCURRENTLY`) and may briefly block
reads on the `slices` table for the duration of the build on large Postgres
deployments. MySQL InnoDB builds the index online (no blocking).
Review Comment:
Fixed in 7f15310b2d — UPDATING.md now correctly states that the index build
may briefly block writes (INSERT/UPDATE/DELETE queued during `ShareLock`) on
the `slices` table, with reads unaffected. Added a separate rollback note for
the visibility-filter-rollback edge case Richard called out in his review.
##########
superset/migrations/versions/2026-05-08_12-00_7c4a8d09ca37_add_deleted_at_to_slices.py:
##########
@@ -0,0 +1,52 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+"""Add deleted_at column and index to slices for soft-delete.
+
+Adds a nullable ``deleted_at`` column and an index on it to the
+``slices`` table to support soft deletion of charts. Companion to
+the ``SoftDeleteMixin`` infrastructure shipped in PR #39977.
+
+Revision ID: 7c4a8d09ca37
+Revises: 33d7e0e21daa
+Create Date: 2026-05-08 12:00:00.000000
+"""
+
+from sqlalchemy import Column, DateTime
+
+from superset.migrations.shared.utils import (
+ add_columns,
+ create_index,
+ drop_columns,
+ drop_index,
+)
+
+# revision identifiers, used by Alembic.
+revision = "7c4a8d09ca37"
+down_revision = "33d7e0e21daa"
Review Comment:
There's a story here — first attempt at "updating to current head"
(`a1b2c3d4e5f6`) actually broke CI with "Multiple head revisions present",
because the chain on master is `a1b2c3d4e5f6 → ce6bd21901ab → 33d7e0e21daa`
(the 2025-11-04-dated `33d7e0e21daa` was merged after the 2026-03-02-dated
migrations via a feature branch — file dates don't reflect alembic chain
order). Reverted to the original `down_revision = "33d7e0e21daa"` in
4a80c6a567, which is actually the correct value. Cross-PR coordination still
applies: whichever entity PR lands first stays at `33d7e0e21daa`; the others
rebase onto the newly-merged revision.
##########
superset/migrations/versions/2026-05-08_12-00_7c4a8d09ca37_add_deleted_at_to_slices.py:
##########
@@ -0,0 +1,52 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+"""Add deleted_at column and index to slices for soft-delete.
+
+Adds a nullable ``deleted_at`` column and an index on it to the
+``slices`` table to support soft deletion of charts. Companion to
+the ``SoftDeleteMixin`` infrastructure shipped in PR #39977.
+
+Revision ID: 7c4a8d09ca37
+Revises: 33d7e0e21daa
+Create Date: 2026-05-08 12:00:00.000000
+"""
+
+from sqlalchemy import Column, DateTime
+
+from superset.migrations.shared.utils import (
+ add_columns,
+ create_index,
+ drop_columns,
+ drop_index,
+)
+
+# revision identifiers, used by Alembic.
+revision = "7c4a8d09ca37"
+down_revision = "33d7e0e21daa"
Review Comment:
There's a story here — first attempt at "updating to current head"
(`a1b2c3d4e5f6`) actually broke CI with "Multiple head revisions present",
because the chain on master is `a1b2c3d4e5f6 → ce6bd21901ab → 33d7e0e21daa`
(the 2025-11-04-dated `33d7e0e21daa` was merged after the 2026-03-02-dated
migrations via a feature branch — file dates don't reflect alembic chain
order). Reverted to the original `down_revision = "33d7e0e21daa"` in
4a80c6a567, which is actually the correct value. Cross-PR coordination still
applies: whichever entity PR lands first stays at `33d7e0e21daa`; the others
rebase onto the newly-merged revision.
##########
tests/integration_tests/charts/soft_delete_tests.py:
##########
@@ -0,0 +1,406 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements. See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership. The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License. You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied. See the License for the
+# specific language governing permissions and limitations
+# under the License.
+"""Integration tests for chart soft-delete and restore."""
+
+from superset.constants import SKIP_VISIBILITY_FILTER_CLASSES
+from superset.extensions import db
+from superset.models.dashboard import Dashboard
+from superset.models.slice import Slice
+from superset.utils import json
+from tests.integration_tests.base_tests import SupersetTestCase
+from tests.integration_tests.constants import ADMIN_USERNAME, ALPHA_USERNAME
+from tests.integration_tests.insert_chart_mixin import InsertChartMixin
+
+
+def _hard_delete_chart(chart_id: int) -> None:
+ """Hard-delete a chart row regardless of soft-delete state."""
+ row = (
+ db.session.query(Slice)
+ .execution_options(**{SKIP_VISIBILITY_FILTER_CLASSES: {Slice}})
+ .filter(Slice.id == chart_id)
+ .one_or_none()
+ )
+ if row:
+ db.session.delete(row)
+ db.session.commit()
+
+
+def _hard_delete_dashboard_for_charts_test(dashboard_id: int) -> None:
+ """Hard-delete a dashboard row regardless of soft-delete state."""
+ row = (
+ db.session.query(Dashboard)
+ .execution_options(**{SKIP_VISIBILITY_FILTER_CLASSES: {Dashboard}})
+ .filter(Dashboard.id == dashboard_id)
+ .one_or_none()
+ )
+ if row:
+ db.session.delete(row)
+ db.session.commit()
+
+
+class TestChartSoftDelete(InsertChartMixin, SupersetTestCase):
+ """Tests for chart soft-delete behaviour (T013, T016)."""
+
+ def test_delete_chart_soft_deletes(self):
Review Comment:
(1) `-> None` annotations added on all 12 test methods in b2b34b79e8. (2)
`addCleanup` pattern deferred — agree it's the right shape but the diff to
switch all 12 tests would be substantive and the trailing
`_hard_delete_chart(chart_id)` pattern matches what the sibling soft-delete
test suites do. Worth a follow-up cleanup commit once the entity PRs land.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
