Yash2412 commented on code in PR #33924:
URL: https://github.com/apache/superset/pull/33924#discussion_r2751100967
##########
docs/docs/configuration/sql-templating.mdx:
##########
@@ -301,6 +301,111 @@ Here's a concrete example:
WHERE country_code = 'US'
```
+**Guest User Attributes**
+
+The `{{ get_guest_user_attribute('attribute_name') }}` macro returns a
specific attribute value from the
+guest user context. This is useful when working with embedded Superset where
guest tokens can contain
+custom attributes that need to be accessed in SQL queries.
+
+This macro supports all JSON-native types (string, number, boolean, array,
object, null) for both attribute values
+and default values. The return type depends on the type of the attribute
stored in the guest token.
+
+This macro only works when the current user is a guest user (authenticated via
guest token). If the current user is
+not a guest user, or if the specified attribute doesn't exist, the macro will
return `None` or the provided default value.
+
+Guest user attributes are set when creating guest tokens via the
`/security/guest_token` API endpoint.
+The attributes are passed in the `user` object within the request payload.
+
+Here's an example of how to create a guest token with custom attributes of
various types:
+
+```json
+{
+ "user": {
+ "username": "bob_with_attrs",
+ "first_name": "Bob",
+ "last_name": "Smith",
+ "attributes": {
+ "department": "Engineering",
+ "region": "US",
+ "role": "developer",
+ "team": "data-platform",
+ "clearance_level": "standard",
+ "projects": ["analytics", "ml-platform"],
+ "team_lead": true,
+ "employee_id": 12345,
+ "budget_limit": 50000.75,
+ "config": {
+ "theme": "dark",
+ "notifications": true
+ }
+ }
+ },
+ "resources": [{
+ "type": "dashboard",
+ "id": "dashboard-uuid"
+ }],
+ "rls": []
+}
+```
+
+The `attributes` field in the `user` object can contain any custom key-value
pairs that your application needs.
+These attributes will be available in SQL queries through the
`get_guest_user_attribute()` macro and can be
+any JSON-native type.
+
+For more information about setting up embedded Superset and creating guest
tokens, see the
+[embedded SDK
documentation](https://www.npmjs.com/package/@superset-ui/embedded-sdk) and
[networking
settings](/docs/configuration/networking-settings#html-embedding-of-dashboards-and-charts).
+
+If you have caching enabled in your Superset configuration, then by default
the attribute value will be used
+by Superset when calculating the cache key. A cache key is a unique identifier
that determines if there's a
+cache hit in the future and Superset can retrieve cached data.
+
+You can disable the inclusion of the attribute value in the calculation of the
+cache key by adding the following parameter to your Jinja code:
+
+```
+{{ get_guest_user_attribute('department', add_to_cache_keys=False) }}
+```
+
+You can also provide a default value if the attribute is not found. The
default value can be any JSON-native type:
+
+```
+{{ get_guest_user_attribute('region', default='US') }}
+{{ get_guest_user_attribute('team_lead', default=False) }}
+{{ get_guest_user_attribute('budget_limit', default=0) }}
+{{ get_guest_user_attribute('projects', default=[]) }}
+```
+
+Here are concrete examples of using guest user attributes of different types
in queries:
+
+```sql
+-- String attributes
+SELECT *
+FROM sales_data
+WHERE region = '{{ get_guest_user_attribute("region", default="global") }}'
+ AND department = '{{ get_guest_user_attribute("department") }}'
Review Comment:
This is not applicable here as the token is generated by the system and the
function get_guest_user_attribute("region", default="global") will return
value only from the guest token, hence preventing the sql injection.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
