GitHub user alccta added a comment to the discussion: [5.0] Guest token RLS not
working using embedded Superset SDK after 4.1.3->5.0.0 upgrade
The problem was because we did not set the user name when applying for the
guest token in
```
{
resources: [{ type: "dashboard", id: 'DASHBOARD_ID'}],
rls: [{"clause":"organisation_id = 'ORGANISATION_ID'"}],
user: { username: "", first_name: "", last_name: "" },
}
```
Checking the logic of superset, when checking to apply the RLS rules in
superset/security/manager.py, it gets the current user and checks one exists
via the superset/tasks/utils.py:get_current_user method which just returns the
username. Because empty string is falsey in python, the
manager.py:get_current_guest_user_if_guest returns None which makes
get_guest_rls_filters return []
Fix was simple:
```
{
resources: [{ type: "dashboard", id: 'DASHBOARD_ID'}],
rls: [{"clause":"organisation_id = 'ORGANISATION_ID'"}],
user: { username: "SOME_USER_MUST_EXIST_HERE", first_name: "", last_name: ""
},
}
```
GitHub link:
https://github.com/apache/superset/discussions/36494#discussioncomment-15426454
----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
