Abdulrehman-PIAIC80387 commented on PR #40839: URL: https://github.com/apache/superset/pull/40839#issuecomment-4668074580
Thanks for the review @sadpandajoe! @Copilot — addressed both points in `3111a4e3e2`: 1. **Per-user vs same-RLS caching** — dropped `get_user_id()` from the cache key entirely. The RLS fingerprint from `security_manager.get_rls_cache_key()` is the sole security-isolation field now, which is the canonical helper used by `viz.py:479` and `query_context_processor.py:239`. Two users with identical effective RLS now correctly share a cache entry (matches the PR description). Different RLS contexts, guest sessions with different guest tokens, and anonymous sessions each get their own partition. 2. **Test isolation** — added `setUp()` that calls `cache_manager.data_cache.clear()` before every test in the class, so future test order changes can't introduce cache-bleed flakes. Also removed the now-obsolete `test_..._isolated_per_user` test since per-user partitioning is no longer the behavior; `test_..._isolated_per_rls_context` covers the actual security guarantee. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
