fix: Refactor ownership checks and ensure consistency (#20499)

Co-authored-by: John Bodley <john.bodley@airbnb.com>

superset/explore/permalink/api.py

@@ -16,7 +16,7 @@
 # under the License.
 import logging
 
-from flask import g, request, Response
+from flask import request, Response
 from flask_appbuilder.api import BaseApi, expose, protect, safe
 from marshmallow import ValidationError
 
@@ -100,7 +100,7 @@ class ExplorePermalinkRestApi(BaseApi):
         """
         try:
             state = self.add_model_schema.load(request.json)
-            key = CreateExplorePermalinkCommand(actor=g.user, state=state).run()
+            key = CreateExplorePermalinkCommand(state=state).run()
             http_origin = request.headers.environ.get("HTTP_ORIGIN")
             url = f"{http_origin}/superset/explore/p/{key}/"
             return self.response(201, key=key, url=url)
@@ -156,7 +156,7 @@ class ExplorePermalinkRestApi(BaseApi):
               $ref: '#/components/responses/500'
         """
         try:
-            value = GetExplorePermalinkCommand(actor=g.user, key=key).run()
+            value = GetExplorePermalinkCommand(key=key).run()
             if not value:
                 return self.response_404()
             return self.response(200, **value)

superset/explore/permalink/commands/create.py

@@ -17,7 +17,6 @@
 import logging
 from typing import Any, Dict, Optional
 
-from flask_appbuilder.security.sqla.models import User
 from sqlalchemy.exc import SQLAlchemyError
 
 from superset.explore.permalink.commands.base import BaseExplorePermalinkCommand
@@ -31,8 +30,7 @@ logger = logging.getLogger(__name__)
 
 
 class CreateExplorePermalinkCommand(BaseExplorePermalinkCommand):
-    def __init__(self, actor: User, state: Dict[str, Any]):
-        self.actor = actor
+    def __init__(self, state: Dict[str, Any]):
         self.chart_id: Optional[int] = state["formData"].get("slice_id")
         self.datasource: str = state["formData"]["datasource"]
         self.state = state
@@ -43,9 +41,7 @@ class CreateExplorePermalinkCommand(BaseExplorePermalinkCommand):
             d_id, d_type = self.datasource.split("__")
             datasource_id = int(d_id)
             datasource_type = DatasourceType(d_type)
-            check_chart_access(
-                datasource_id, self.chart_id, self.actor, datasource_type
-            )
+            check_chart_access(datasource_id, self.chart_id, datasource_type)
             value = {
                 "chartId": self.chart_id,
                 "datasourceId": datasource_id,
@@ -54,7 +50,6 @@ class CreateExplorePermalinkCommand(BaseExplorePermalinkCommand):
                 "state": self.state,
             }
             command = CreateKeyValueCommand(
-                actor=self.actor,
                 resource=self.resource,
                 value=value,
             )

superset/explore/permalink/commands/get.py

@@ -17,7 +17,6 @@
 import logging
 from typing import Optional
 
-from flask_appbuilder.security.sqla.models import User
 from sqlalchemy.exc import SQLAlchemyError
 
 from superset.datasets.commands.exceptions import DatasetNotFoundError
@@ -34,8 +33,7 @@ logger = logging.getLogger(__name__)
 
 
 class GetExplorePermalinkCommand(BaseExplorePermalinkCommand):
-    def __init__(self, actor: User, key: str):
-        self.actor = actor
+    def __init__(self, key: str):
         self.key = key
 
     def run(self) -> Optional[ExplorePermalinkValue]:
@@ -55,7 +53,7 @@ class GetExplorePermalinkCommand(BaseExplorePermalinkCommand):
                 datasource_type = DatasourceType(
                     value.get("datasourceType", DatasourceType.TABLE)
                 )
-                check_chart_access(datasource_id, chart_id, self.actor, datasource_type)
+                check_chart_access(datasource_id, chart_id, datasource_type)
                 return value
             return None
         except (