fix: Add user filtering to changed_by. Fixes #27986 (#29287)

marre · Markus Eriksson · sadpandajoe · commit 16295b086a1f · 2024-08-12T17:04:53.000-07:00
Co-authored-by: Markus Eriksson <markus.eriksson@sinch.com> (cherry picked from commit 922128f)
diff --git a/superset/charts/api.py b/superset/charts/api.py
@@ -269,10 +269,12 @@ def ensure_thumbnails_enabled(self) -> Optional[Response]:
     base_related_field_filters = {
         "owners": [["id", BaseFilterRelatedUsers, lambda: []]],
         "created_by": [["id", BaseFilterRelatedUsers, lambda: []]],
+        "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]],
     }
     related_field_filters = {
         "owners": RelatedFieldFilter("first_name", FilterRelatedOwners),
         "created_by": RelatedFieldFilter("first_name", FilterRelatedOwners),
+        "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners),
     }
 
     allowed_rel_fields = {"owners", "created_by", "changed_by"}
diff --git a/superset/css_templates/api.py b/superset/css_templates/api.py
@@ -35,7 +35,12 @@
 )
 from superset.extensions import event_logger
 from superset.models.core import CssTemplate
-from superset.views.base_api import BaseSupersetModelRestApi, statsd_metrics
+from superset.views.base_api import (
+    BaseSupersetModelRestApi,
+    RelatedFieldFilter,
+    statsd_metrics,
+)
+from superset.views.filters import BaseFilterRelatedUsers, FilterRelatedOwners
 
 logger = logging.getLogger(__name__)
 
@@ -91,6 +96,13 @@ class CssTemplateRestApi(BaseSupersetModelRestApi):
     openapi_spec_tag = "CSS Templates"
     openapi_spec_methods = openapi_spec_methods_override
 
+    related_field_filters = {
+        "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners),
+    }
+    base_related_field_filters = {
+        "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]],
+    }
+
     @expose("/", methods=("DELETE",))
     @protect()
     @safe
diff --git a/superset/dashboards/api.py b/superset/dashboards/api.py
@@ -276,13 +276,15 @@ def ensure_thumbnails_enabled(self) -> Optional[Response]:
     base_related_field_filters = {
         "owners": [["id", BaseFilterRelatedUsers, lambda: []]],
         "created_by": [["id", BaseFilterRelatedUsers, lambda: []]],
+        "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]],
         "roles": [["id", BaseFilterRelatedRoles, lambda: []]],
     }
 
     related_field_filters = {
         "owners": RelatedFieldFilter("first_name", FilterRelatedOwners),
         "roles": RelatedFieldFilter("name", FilterRelatedRoles),
         "created_by": RelatedFieldFilter("first_name", FilterRelatedOwners),
+        "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners),
     }
     allowed_rel_fields = {"owners", "roles", "created_by", "changed_by"}
 
diff --git a/superset/databases/api.py b/superset/databases/api.py
@@ -125,11 +125,13 @@
 from superset.utils.ssh_tunnel import mask_password_info
 from superset.views.base_api import (
     BaseSupersetModelRestApi,
+    RelatedFieldFilter,
     requires_form_data,
     requires_json,
     statsd_metrics,
 )
 from superset.views.error_handling import json_error_response
+from superset.views.filters import BaseFilterRelatedUsers, FilterRelatedOwners
 
 logger = logging.getLogger(__name__)
 
@@ -304,6 +306,13 @@ class DatabaseRestApi(BaseSupersetModelRestApi):
     openapi_spec_methods = openapi_spec_methods_override
     """ Overrides GET methods OpenApi descriptions """
 
+    related_field_filters = {
+        "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners),
+    }
+    base_related_field_filters = {
+        "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]],
+    }
+
     @expose("/<int:pk>/connection", methods=("GET",))
     @protect()
     @safe
diff --git a/superset/datasets/api.py b/superset/datasets/api.py
@@ -242,10 +242,12 @@ class DatasetRestApi(BaseSupersetModelRestApi):
 
     base_related_field_filters = {
         "owners": [["id", BaseFilterRelatedUsers, lambda: []]],
+        "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]],
         "database": [["id", DatabaseFilter, lambda: []]],
     }
     related_field_filters = {
         "owners": RelatedFieldFilter("first_name", FilterRelatedOwners),
+        "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners),
         "database": "database_name",
     }
     search_filters = {
diff --git a/superset/queries/api.py b/superset/queries/api.py
@@ -144,11 +144,13 @@ class QueryRestApi(BaseSupersetModelRestApi):
     ]
     base_related_field_filters = {
         "created_by": [["id", BaseFilterRelatedUsers, lambda: []]],
+        "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]],
         "user": [["id", BaseFilterRelatedUsers, lambda: []]],
         "database": [["id", DatabaseFilter, lambda: []]],
     }
     related_field_filters = {
         "created_by": RelatedFieldFilter("first_name", FilterRelatedOwners),
+        "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners),
         "user": RelatedFieldFilter("first_name", FilterRelatedOwners),
     }
 
diff --git a/superset/queries/saved_queries/api.py b/superset/queries/saved_queries/api.py
@@ -56,9 +56,11 @@
 from superset.utils import json
 from superset.views.base_api import (
     BaseSupersetModelRestApi,
+    RelatedFieldFilter,
     requires_form_data,
     statsd_metrics,
 )
+from superset.views.filters import BaseFilterRelatedUsers, FilterRelatedOwners
 
 logger = logging.getLogger(__name__)
 
@@ -179,8 +181,12 @@ class SavedQueryRestApi(BaseSupersetModelRestApi):
 
     related_field_filters = {
         "database": "database_name",
+        "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners),
+    }
+    base_related_field_filters = {
+        "database": [["id", DatabaseFilter, lambda: []]],
+        "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]],
     }
-    base_related_field_filters = {"database": [["id", DatabaseFilter, lambda: []]]}
     allowed_rel_fields = {"database", "changed_by", "created_by"}
     allowed_distinct_fields = {"catalog", "schema"}
 
diff --git a/superset/reports/api.py b/superset/reports/api.py
@@ -228,6 +228,7 @@ def ensure_alert_reports_enabled(self) -> Optional[Response]:
         "database": [["id", DatabaseFilter, lambda: []]],
         "owners": [["id", BaseFilterRelatedUsers, lambda: []]],
         "created_by": [["id", BaseFilterRelatedUsers, lambda: []]],
+        "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]],
     }
     text_field_rel_fields = {
         "dashboard": "dashboard_title",
@@ -239,6 +240,7 @@ def ensure_alert_reports_enabled(self) -> Optional[Response]:
         "chart": "slice_name",
         "database": "database_name",
         "created_by": RelatedFieldFilter("first_name", FilterRelatedOwners),
+        "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners),
         "owners": RelatedFieldFilter("first_name", FilterRelatedOwners),
     }
 
diff --git a/superset/row_level_security/api.py b/superset/row_level_security/api.py
@@ -47,10 +47,15 @@
 from superset.views.base import DatasourceFilter
 from superset.views.base_api import (
     BaseSupersetModelRestApi,
+    RelatedFieldFilter,
     requires_json,
     statsd_metrics,
 )
-from superset.views.filters import BaseFilterRelatedRoles
+from superset.views.filters import (
+    BaseFilterRelatedRoles,
+    BaseFilterRelatedUsers,
+    FilterRelatedOwners,
+)
 
 logger = logging.getLogger(__name__)
 
@@ -129,9 +134,13 @@ class RLSRestApi(BaseSupersetModelRestApi):
     edit_model_schema = RLSPutSchema()
 
     allowed_rel_fields = {"tables", "roles", "created_by", "changed_by"}
+    related_field_filters = {
+        "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners),
+    }
     base_related_field_filters = {
         "tables": [["id", DatasourceFilter, lambda: []]],
         "roles": [["id", BaseFilterRelatedRoles, lambda: []]],
+        "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]],
     }
 
     openapi_spec_methods = openapi_spec_methods_override

Original file line number	Diff line number	Diff line change
`@@ -269,10 +269,12 @@ def ensure_thumbnails_enabled(self) -> Optional[Response]:`
`269`	`269`	`base_related_field_filters = {`
`270`	`270`	`"owners": [["id", BaseFilterRelatedUsers, lambda: []]],`
`271`	`271`	`"created_by": [["id", BaseFilterRelatedUsers, lambda: []]],`
	`272`	`+ "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]],`
`272`	`273`	`}`
`273`	`274`	`related_field_filters = {`
`274`	`275`	`"owners": RelatedFieldFilter("first_name", FilterRelatedOwners),`
`275`	`276`	`"created_by": RelatedFieldFilter("first_name", FilterRelatedOwners),`
	`277`	`+ "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners),`
`276`	`278`	`}`
`277`	`279`
`278`	`280`	`allowed_rel_fields = {"owners", "created_by", "changed_by"}`
Original file line number	Diff line number	Diff line change
`@@ -276,13 +276,15 @@ def ensure_thumbnails_enabled(self) -> Optional[Response]:`
`276`	`276`	`base_related_field_filters = {`
`277`	`277`	`"owners": [["id", BaseFilterRelatedUsers, lambda: []]],`
`278`	`278`	`"created_by": [["id", BaseFilterRelatedUsers, lambda: []]],`
	`279`	`+ "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]],`
`279`	`280`	`"roles": [["id", BaseFilterRelatedRoles, lambda: []]],`
`280`	`281`	`}`
`281`	`282`
`282`	`283`	`related_field_filters = {`
`283`	`284`	`"owners": RelatedFieldFilter("first_name", FilterRelatedOwners),`
`284`	`285`	`"roles": RelatedFieldFilter("name", FilterRelatedRoles),`
`285`	`286`	`"created_by": RelatedFieldFilter("first_name", FilterRelatedOwners),`
	`287`	`+ "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners),`
`286`	`288`	`}`
`287`	`289`	`allowed_rel_fields = {"owners", "roles", "created_by", "changed_by"}`
`288`	`290`
Original file line number	Diff line number	Diff line change
`@@ -242,10 +242,12 @@ class DatasetRestApi(BaseSupersetModelRestApi):`
`242`	`242`
`243`	`243`	`base_related_field_filters = {`
`244`	`244`	`"owners": [["id", BaseFilterRelatedUsers, lambda: []]],`
	`245`	`+ "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]],`
`245`	`246`	`"database": [["id", DatabaseFilter, lambda: []]],`
`246`	`247`	`}`
`247`	`248`	`related_field_filters = {`
`248`	`249`	`"owners": RelatedFieldFilter("first_name", FilterRelatedOwners),`
	`250`	`+ "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners),`
`249`	`251`	`"database": "database_name",`
`250`	`252`	`}`
`251`	`253`	`search_filters = {`
Original file line number	Diff line number	Diff line change
`@@ -144,11 +144,13 @@ class QueryRestApi(BaseSupersetModelRestApi):`
`144`	`144`	`]`
`145`	`145`	`base_related_field_filters = {`
`146`	`146`	`"created_by": [["id", BaseFilterRelatedUsers, lambda: []]],`
	`147`	`+ "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]],`
`147`	`148`	`"user": [["id", BaseFilterRelatedUsers, lambda: []]],`
`148`	`149`	`"database": [["id", DatabaseFilter, lambda: []]],`
`149`	`150`	`}`
`150`	`151`	`related_field_filters = {`
`151`	`152`	`"created_by": RelatedFieldFilter("first_name", FilterRelatedOwners),`
	`153`	`+ "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners),`
`152`	`154`	`"user": RelatedFieldFilter("first_name", FilterRelatedOwners),`
`153`	`155`	`}`
`154`	`156`
Original file line number	Diff line number	Diff line change
`@@ -228,6 +228,7 @@ def ensure_alert_reports_enabled(self) -> Optional[Response]:`
`228`	`228`	`"database": [["id", DatabaseFilter, lambda: []]],`
`229`	`229`	`"owners": [["id", BaseFilterRelatedUsers, lambda: []]],`
`230`	`230`	`"created_by": [["id", BaseFilterRelatedUsers, lambda: []]],`
	`231`	`+ "changed_by": [["id", BaseFilterRelatedUsers, lambda: []]],`
`231`	`232`	`}`
`232`	`233`	`text_field_rel_fields = {`
`233`	`234`	`"dashboard": "dashboard_title",`
`@@ -239,6 +240,7 @@ def ensure_alert_reports_enabled(self) -> Optional[Response]:`
`239`	`240`	`"chart": "slice_name",`
`240`	`241`	`"database": "database_name",`
`241`	`242`	`"created_by": RelatedFieldFilter("first_name", FilterRelatedOwners),`
	`243`	`+ "changed_by": RelatedFieldFilter("first_name", FilterRelatedOwners),`
`242`	`244`	`"owners": RelatedFieldFilter("first_name", FilterRelatedOwners),`
`243`	`245`	`}`
`244`	`246`