rusackas commented on PR #40662: URL: https://github.com/apache/superset/pull/40662#issuecomment-4673983017
Great catches @rebenitez1802 — both confirmed and fixed in 2bc4f98: **🔴 Probe Query polluting the session** — you nailed it. The transient `Query` joined the session through the `database` backref's `cascade="all, delete-orphan"`, and with `client_id` being `nullable=False` the next `apply_rls` → `db.session.query(...)` autoflush would `IntegrityError` on every RLS-enabled estimate. Now mirrors the probe pattern in `SupersetSecurityManager.raise_for_access`: set `client_id=shortid()[:10]` + `user_id`, then `db.session.expunge(probe_query)`. The unit tests mocked the session so they never saw it — added an integration test that runs a real session + real `apply_rls` and would have caught the regression. **🟡 search_path gate bypassed with explicit schema** — also correct. `get_default_schema_for_query` is now called unconditionally (parity with the executor at `sql_lab.py:450`) so the engine's per-query gate runs even when a schema is pinned; the explicit schema still wins as the RLS predicate target. Flipped `test_apply_sql_security_respects_explicit_catalog_schema` from `assert_not_called()` to asserting the gate runs. Thanks for the thorough review. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
