codeant-ai-for-open-source[bot] commented on code in PR #40994:
URL: https://github.com/apache/superset/pull/40994#discussion_r3402221201
##########
superset/cli/importexport.py:
##########
@@ -48,16 +48,26 @@
is_flag=True,
help="Force load data even if table already exists",
)
-def import_directory(directory: str, overwrite: bool, force: bool) -> None:
[email protected](
+ "--username",
+ "-u",
+ required=False,
+ default="admin",
+ help="Specify the user name to assign imported assets to",
+)
+def import_directory(
+ directory: str, overwrite: bool, force: bool, username: Optional[str] =
"admin"
+) -> None:
"""Imports configs from a given directory"""
# pylint: disable=import-outside-toplevel
from superset.examples.utils import load_configs_from_directory
- load_configs_from_directory(
- root=Path(directory),
- overwrite=overwrite,
- force_data=force,
- )
+ with override_user(user=security_manager.find_user(username=username)):
Review Comment:
**Suggestion:** `security_manager.find_user(username=username)` can return
`None` for an unknown username, and the command currently proceeds anyway. In
that case `override_user` sets `g.user` to `None`, so imports will again create
ownerless assets (the exact issue this PR is trying to fix). Fail fast with a
clear CLI error when the user does not exist before calling `override_user`.
[logic error]
<details>
<summary><b>Severity Level:</b> Major ⚠️</summary>
```mdx
- ❌ Imported dashboards/charts become uneditable due to missing owners.
- ⚠️ CLI hides username typos; admins see confusing ownership results.
```
</details>
<details>
<summary><b>Steps of Reproduction ✅ </b></summary>
```mdx
1. In `superset/cli/importexport.py:36-60`, the `import_directory` Click
command is
defined with a `--username/-u` option and calls
`override_user(user=security_manager.find_user(username=username))` at line
65.
2. `security_manager.find_user` delegates to FAB's `find_user`, which
returns `None` when
the username does not exist (see `superset/security/manager.py:5-15` for the
similar
`get_user_by_username` behavior and FAB's documented `find_user` semantics).
3. When a user runs `superset import-directory -u nonexisting_user /assets`,
`security_manager.find_user(username="nonexisting_user")` returns `None`, so
`override_user` is entered with `user=None`. In
`superset/utils/core.py:1507-1515`,
`override_user` assigns `g.user = user`, so `g.user` becomes `None` for the
duration of
the context.
4. Inside this `override_user` context, `load_configs_from_directory` is
invoked
(`superset/cli/importexport.py:63-70`), which builds and runs an
`ImportExamplesCommand`
(`superset/examples/utils.py:243-259`,
`superset/commands/importers/v1/examples.py:14-33`). Ownership for imported
assets is
computed from `g.user`; because `g.user` is `None`, imported
charts/dashboards/datasets
end up ownerless, reproducing the "no owners, uneditable assets" behavior
the PR
description is trying to eliminate — but now triggered whenever an invalid
username is
passed.
```
</details>
[Fix in
Cursor](https://app.codeant.ai/fix-in-ide?tool=cursor&prompt_id=5b6772eeef864ae68f9c0e3e2e9165eb&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
| [Fix in VSCode
Claude](https://app.codeant.ai/fix-in-ide?tool=vscode-claude&prompt_id=5b6772eeef864ae68f9c0e3e2e9165eb&service=github&base_url=https%3A%2F%2Fgithub.com&org=apache&repo=apache%2Fsuperset)
*(Use Cmd/Ctrl + Click for best experience)*
<details>
<summary><b>Prompt for AI Agent 🤖 </b></summary>
```mdx
This is a comment left during a code review.
**Path:** superset/cli/importexport.py
**Line:** 65:65
**Comment:**
*Logic Error: `security_manager.find_user(username=username)` can
return `None` for an unknown username, and the command currently proceeds
anyway. In that case `override_user` sets `g.user` to `None`, so imports will
again create ownerless assets (the exact issue this PR is trying to fix). Fail
fast with a clear CLI error when the user does not exist before calling
`override_user`.
Validate the correctness of the flagged issue. If correct, How can I resolve
this? If you propose a fix, implement it and please make it concise.
Once fix is implemented, also check other comments on the same PR, and ask
user if the user wants to fix the rest of the comments as well. if said yes,
then fetch all the comments validate the correctness and implement a minimal fix
```
</details>
<a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40994&comment_hash=82bbdf2e17bf3b361de35de378ef566e8da2067bdfe37b69b28ff82ed36d87dd&reaction=like'>👍</a>
| <a
href='https://app.codeant.ai/feedback?pr_url=https%3A%2F%2Fgithub.com%2Fapache%2Fsuperset%2Fpull%2F40994&comment_hash=82bbdf2e17bf3b361de35de378ef566e8da2067bdfe37b69b28ff82ed36d87dd&reaction=dislike'>👎</a>
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
