msyavuz opened a new pull request, #40815: URL: https://github.com/apache/superset/pull/40815
### SUMMARY Matrixify (subplot grid) builds its row/column axes from dimension **values frozen into `formData` at design time**. The cell data queries already enforce RLS, but the *grid structure itself* — which subplots exist and their header labels — is generated client-side from that frozen list with no per-viewer check. So an RLS-restricted viewer (notably an embedded guest) gets a subplot, with a value label, for **every** value the chart author could see — leaking the value identifiers and producing a grid of empty cells. This made the feature hard to use in embedded contexts. Fix: resolve the allowed dimension values **per render** and intersect the stored axis values against them before building the grid. - New `useMatrixifyAllowedValues` hook fetches the RLS-filtered distinct values for each dimension axis via the existing `/datasource/<type>/<id>/column/<col>/values/` endpoint, which applies the *requesting viewer's* RLS server-side. - `MatrixifyGridRenderer` drops any frozen value not in the allow-list before generating the grid, so forbidden subplots and their labels are never emitted. - **Fails closed**: the grid renders nothing until the allow-list resolves (loading spinner), and on fetch error it shows a message rather than the unfiltered list. The grid is never built from unfiltered values. - No fetch for metrics-only matrixify. Effect is keyed on primitives so it won't refetch-loop when `formData` identity changes each render. Applies in all contexts (explore, dashboard, embedded) since `MatrixifyGridRenderer` is the single render path via `SuperChart`. ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF N/A — behavior change is per-viewer RLS filtering of which subplots appear; not easily captured as a static screenshot without an RLS-configured fixture. ### TESTING INSTRUCTIONS 1. Create a dataset with an RLS rule restricting a dimension (e.g. `region` to `US`) for a non-admin/embedded role. 2. As admin, build a chart with Matrixify enabled, rows = that dimension, selecting values the admin can see (e.g. `US`, `EU`, `APAC`). 3. View the chart (or embed it) as the restricted role/guest token. 4. **Before:** subplots/headers appear for `EU`, `APAC` (empty cells). **After:** only `US` renders. Automated: `npm run test -- packages/superset-ui-core/src/chart/components/Matrixify` (hook + renderer suites: fetch/normalize, fail-closed, loading/error gates, value filtering). ### ADDITIONAL INFORMATION - [ ] Has associated issue: - [ ] Required feature flags: No - [x] Changes UI — RLS-restricted viewers now see fewer/empty-free matrixify subplots; adds loading/error states to the grid - [ ] Includes DB Migration: No - [ ] Introduces new feature or API: No — reuses the existing datasource column-values endpoint - [ ] Removes existing feature or API: No Follow-ups (not in this PR): confirm the values endpoint is reachable under an embedded **guest token**; `topn` mode currently intersects rather than re-ranking per viewer, so a restricted viewer may see fewer than N subplots. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
