razzius opened a new issue #13538: URL: https://github.com/apache/superset/issues/13538
If a user does not have permission to view a chart, but the chart is cached, the cached chart will display for the user. ### Expected results The chart should error. ### Actual results The chart displays the cached result. If the user force refreshes the chart data, the chart will error. #### How to reproduce the bug 1. Enable caching via DATA_CACHE_CONFIG in superset_config.py 2. Log in a user that can see a chart 3. View the chart, which will cache its result data 4. Log out and log in as a user that should not be able to see that chart 5. View the same chart, and observe that it loads (it should not load) 6. (optional) click "cached" button to force refresh, and observe that it errors (as expected) ### Environment - superset version: Superset 1.0.1 - python version: Python 3.7.3 - node.js version: v10.21.0 ### Checklist - [x] I have checked the superset logs for python stacktraces and included it here as text if there are any. - [x] I have reproduced the issue with at least the latest released version of superset. - [x] I have checked the issue tracker for the same issue and I haven't found one similar. ### Additional context ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
