fix: User-provided Jinja template parameters causing SQL parsing errors (#34802)

(cherry picked from commit e1234b2264)
2026-05-12 19:35:17 +00:00 · 2025-08-22 14:39:14 -03:00
parent 878289a2e6
commit aa69ce43d9
10 changed files with 75 additions and 39 deletions
--- a/superset/security/manager.py
+++ b/superset/security/manager.py
@@ -66,7 +66,7 @@ from superset.security.guest_token import (
    GuestTokenUser,
    GuestUser,
 )
-from superset.sql_parse import extract_tables_from_jinja_sql, Table
+from superset.sql_parse import process_jinja_sql, Table
 from superset.tasks.utils import get_current_user
 from superset.utils import json
 from superset.utils.core import (
@@ -2162,6 +2162,7 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods
        sql: Optional[str] = None,
        catalog: Optional[str] = None,
        schema: Optional[str] = None,
+        template_params: Optional[dict[str, Any]] = None,
    ) -> None:
        """
        Raise an exception if the user cannot access the resource.
@@ -2175,6 +2176,7 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods
        :param sql: The SQL string (requires database)
        :param catalog: Optional catalog name
        :param schema: Optional schema name
+        :param template_params: Optional template parameters for Jinja templating
        :raises SupersetSecurityException: If the user cannot access the resource
        """
        # pylint: disable=import-outside-toplevel
@@ -2214,14 +2216,18 @@ class SupersetSecurityManager(  # pylint: disable=too-many-public-methods
                # If the DB engine spec doesn't implement the logic the schema is read
                # from the SQLAlchemy URI if possible; if not, we use the SQLAlchemy
                # inspector to read it.
-                default_schema = database.get_default_schema_for_query(query)
+                default_schema = database.get_default_schema_for_query(
+                    query, template_params
+                )
                tables = {
                    Table(
                        table_.table,
                        table_.schema or default_schema,
                        table_.catalog or query.catalog or default_catalog,
                    )
-                    for table_ in extract_tables_from_jinja_sql(query.sql, database)
+                    for table_ in process_jinja_sql(
+                        query.sql, database, template_params
+                    ).tables
                }
            elif table:
                # Make sure table has the default catalog, if not specified.