From 562e3a769b083a365ad8a967cdc980021426f33b Mon Sep 17 00:00:00 2001
From: cccs-tom <59839056+cccs-tom@users.noreply.github.com>
Date: Wed, 25 May 2022 04:58:15 -0400
Subject: [PATCH] fix: Allow dataset owners to see their datasets (#20135)

(cherry picked from commit b0c6935f0600f111f06ae7ff05f7fa902e9ad252)
---
 superset/views/base.py                        |  9 ++++++++
 tests/integration_tests/datasets/api_tests.py | 21 +++++++++++++++++++
 2 files changed, 30 insertions(+)

diff --git a/superset/views/base.py b/superset/views/base.py
index 3024c4490d1..e505af53005 100644
--- a/superset/views/base.py
+++ b/superset/views/base.py
@@ -622,10 +622,19 @@ class DatasourceFilter(BaseFilter):  # pylint: disable=too-few-public-methods
             return query
         datasource_perms = security_manager.user_view_menu_names("datasource_access")
         schema_perms = security_manager.user_view_menu_names("schema_access")
+        owner_ids_query = (
+            db.session.query(models.SqlaTable.id)
+            .join(models.SqlaTable.owners)
+            .filter(
+                security_manager.user_model.id
+                == security_manager.user_model.get_user_id()
+            )
+        )
         return query.filter(
             or_(
                 self.model.perm.in_(datasource_perms),
                 self.model.schema_perm.in_(schema_perms),
+                models.SqlaTable.id.in_(owner_ids_query),
             )
         )
 
diff --git a/tests/integration_tests/datasets/api_tests.py b/tests/integration_tests/datasets/api_tests.py
index bcc3f88b9f7..2031d645570 100644
--- a/tests/integration_tests/datasets/api_tests.py
+++ b/tests/integration_tests/datasets/api_tests.py
@@ -213,6 +213,27 @@ class TestDatasetApi(SupersetTestCase):
         response = json.loads(rv.data.decode("utf-8"))
         assert response["result"] == []
 
+    def test_get_dataset_list_gamma_owned(self):
+        """
+        Dataset API: Test get dataset list owned by gamma
+        """
+        main_db = get_main_database()
+        owned_dataset = self.insert_dataset(
+            "ab_user", [self.get_user("gamma").id], main_db
+        )
+
+        self.login(username="gamma")
+        uri = "api/v1/dataset/"
+        rv = self.get_assert_metric(uri, "get_list")
+        assert rv.status_code == 200
+        response = json.loads(rv.data.decode("utf-8"))
+
+        assert response["count"] == 1
+        assert response["result"][0]["table_name"] == "ab_user"
+
+        db.session.delete(owned_dataset)
+        db.session.commit()
+
     def test_get_dataset_related_database_gamma(self):
         """
         Dataset API: Test get dataset related databases gamma