aminghadersohi opened a new pull request, #37967:
URL: https://github.com/apache/superset/pull/37967
### SUMMARY
The MCP chatbot didn't know who the current user was. When asked "what's the
chart I created most recently?", it queried all charts and assumed the user was
whoever created the top result (e.g., confused one user with another).
This PR adds:
1. **`current_user` field to `get_instance_info` response** - exposes
authenticated user identity (id, username, first_name, last_name, email) so the
LLM knows who it's talking to
2. **`created_by_fk` filter column** on `list_charts` and `list_dashboards`
- lets the LLM filter assets by creator
3. **Updated LLM instructions** - tells the chatbot to greet the user by
name and documents the workflow for finding own assets
4. **Fixed `parse_request` decorator bug** - was evaluating
`MCP_PARSE_REQUEST_ENABLED` at decoration time instead of call time, causing
string/dict parsing to silently fail when config was False
### Architecture / Flow
**Before (broken):**
```
User: "What chart did I create most recently?"
└─> LLM calls list_charts(order_by=created_on, desc)
└─> Returns ALL charts (no user filtering)
└─> LLM guesses user = whoever created the top result ❌
```
**After (fixed):**
```
User: "What chart did I create most recently?"
└─> LLM calls get_instance_info()
└─> Response includes current_user: {id: 5, username: "sophie",
first_name: "Sophie", ...}
└─> LLM calls list_charts(filters=[{col: "created_by_fk", opr:
"eq", value: 5}])
└─> Returns only Sophie's charts ✅
```
**Data Flow Diagram:**
```
┌──────────┐ ┌──────────────────┐ ┌─────────────────────┐
│ MCP │────>│ get_instance_info │────>│ Response: │
│ Client │ │ │ │ instance_summary │
│ (LLM) │ │ reads Flask g.user│ │ current_user: { │
│ │ └──────────────────┘ │ id: 5, │
│ │ │ username: sophie │
│ │ ┌──────────────────┐ │ first_name: ... │
│ │────>│ list_charts │ │ } │
│ │ │ filter: │ └─────────────────────┘
│ │ │ created_by_fk=5 │────>│ Only Sophie's charts│
└──────────┘ └──────────────────┘ └─────────────────────┘
```
**`parse_request` decorator fix:**
```
BEFORE (bug): AFTER (fix):
┌─────────────────────┐ ┌─────────────────────┐
│ Module load time │ │ Module load time │
│ parse_enabled=False │ ← cached once │ (nothing cached) │
│ │ │ │
│ Request comes in │ │ Request comes in │
│ if parse_enabled: │ ← always False │ if is_enabled(): │ ← checked live
│ parse(request) │ │ parse(request) │
│ # never parses! ❌ │ │ # works correctly ✅ │
└─────────────────────┘ └─────────────────────┘
```
### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
N/A - backend/API only change
### TESTING INSTRUCTIONS
**Automated Tests (18 new tests):**
```bash
pytest tests/unit_tests/mcp_service/system/tool/test_get_current_user.py -v
```
**QA Steps:**
1. **Verify current_user in get_instance_info:**
- Call `get_instance_info` via MCP client
- Confirm response includes `current_user` with `id`, `username`,
`first_name`, `last_name`, `email`
- Verify the user info matches the authenticated user
2. **Verify created_by_fk filter on charts:**
- Get your user ID from `get_instance_info` → `current_user.id`
- Call `list_charts` with filter: `[{"col": "created_by_fk", "opr": "eq",
"value": <your_id>}]`
- Confirm only your charts are returned
- Try with a non-existent user ID → should return empty
3. **Verify created_by_fk filter on dashboards:**
- Same as step 2 but with `list_dashboards`
4. **Verify chatbot behavior (end-to-end):**
- Ask the chatbot: "What's the most recent chart I created?"
- Verify it correctly identifies YOU (not another user)
- Ask: "List my dashboards" → should filter by your user ID
5. **Verify parse_request fix:**
- Set `MCP_PARSE_REQUEST_ENABLED = False` in config
- Call `get_schema` with a JSON string request
- Should still work (decorator checks config at call time now)
### ADDITIONAL INFORMATION
- No new tool created - `current_user` is added to existing
`get_instance_info` response
- No `list_users` tool (privacy) - users can only discover their own identity
- RBAC already limits results to accessible assets, `created_by_fk` is an
additional convenience filter
- `parse_request` fix is unrelated but was discovered during testing
(decorator was caching config at decoration time)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
