pansarshrek opened a new issue, #27025:
URL: https://github.com/apache/superset/issues/27025
### Bug description
Hi,
We're experiencing problems with DASHBOARD_RBAC after upgrading from
Superset 2.1.1 to Superset 3.0.3. The same setup works for us in our old
instance of Superset running 2.1.1.
**Setup:**
Running Superset 3.0.3 on Kubernetes with Helm chart version 0.10.15. We're
using Celery workers and Redis caching.
We build the Superset docker image based on `apache/superset:3.0.3-py310`
Two roles are set on the user accessing the dashboard: Gamma and
DashboardRole.
The dashboard is configured to grant access to users with the Dashboard role
assigned.
The dashboard contains 1 chart and 1 filter.
**Symptoms:**
Filters and charts sometimes render correctly and sometimes not. See
attached screenshots.
When filters or charts fail to render there are failed requests in the
network tab. For example:
```
GET /api/v1/chart/data/qc-{hash}
{
"errors": [
{
"message": "This endpoint requires the datasource
superset_validation.test_data, database or `all_datasource_access` permission",
"error_type": "DATASOURCE_SECURITY_ACCESS_ERROR",
"level": "error",
"extra": {
"link": "",
"datasource": "superset_validation.test_data"
}
}
]
}
```
It seems like datasource security check is not successful for cached chart
data.
If I try the same setup with an admin user there are no failures and
charts/filters render correctly 100% of the time.
### How to reproduce the bug
1. Users opens the welcome page and opens the dashboard (the user can
successfully see the dashboard on the welcome page due to DASHBOARD_RBAC
configuration)
2. Sometimes the chart and the filter renders correctly and sometimes it
does not.
3. Apply a filter
4. In cases, when the chart or filter failed to render you can see failed
requests in the Chrome network tab: 403 forbidden for requests to
`/api/v1/chart/data/qc-{hash}` and 404 not found to `/api/v1/chart/{pk}`
### Screenshots/recordings
### Superset version
3.0.3
### Python version
3.10
### Node version
Not applicable
### Browser
Chrome
### Additional context
The following stack traces can be seen in the logs:
```
superset.exceptions.SupersetSecurityException: This endpoint requires the
datasource superset_validation.test_data, database or `all_datasource_access`
permission
raise SupersetSecurityException(
File "/app/superset/security/manager.py", line 1939, in raise_for_access
security_manager.raise_for_access(query_context=self._query_context)
File "/app/superset/common/query_context_processor.py", line 754, in
raise_for_access
self._processor.raise_for_access()
File "/app/superset/common/query_context.py", line 137, in raise_for_access
self._query_context.raise_for_access()
File "/app/superset/charts/data/commands/get_data_command.py", line 68, in
validate
command.validate()
File "/app/superset/charts/data/api.py", line 307, in data_from_cache
value = f(*args, **kwargs)
File "/app/superset/utils/log.py", line 255, in wrapper
response = func(*args, **kwargs)
File "/app/superset/utils/core.py", line 1526, in time_function
duration, response = time_function(f, self, *args, **kwargs)
File "/app/superset/views/base_api.py", line 121, in wraps
raise ex
File "/app/superset/views/base_api.py", line 127, in wraps
return f(self, *args, **kwargs)
File
"/usr/local/lib/python3.10/site-packages/flask_appbuilder/security/decorators.py",
line 95, in wraps
return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args)
File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 1799, in
dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 1823, in
full_dispatch_request
```
And
```
werkzeug.exceptions.NotFound: 404 Not Found: The requested URL was not found
on the server. If you entered the URL manually please check your spelling and
try again.
raise NotFound() from None
File "/usr/local/lib/python3.10/site-packages/werkzeug/routing/map.py",
line 655, in match
result = self.url_adapter.match(return_rule=True) # type: ignore
File "/usr/local/lib/python3.10/site-packages/flask/ctx.py", line 351, in
match_request
raise request.routing_exception # type: ignore
File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 1770, in
raise_routing_exception
self.raise_routing_exception(req)
File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 1788, in
dispatch_request
rv = self.dispatch_request()
File "/usr/local/lib/python3.10/site-packages/flask/app.py", line 1823, in
full_dispatch_request
```
### Checklist
- [X] I have searched Superset docs and Slack and didn't find a solution to
my problem.
- [X] I have searched the GitHub issue tracker and didn't find a similar bug
report.
- [X] I have checked Superset's logs for errors and if I found a relevant
Python stacktrace, I included it here as text in the "additional context"
section.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscr...@superset.apache.org
For additional commands, e-mail: notifications-h...@superset.apache.org
