mirror of
https://github.com/apache/superset.git
synced 2026-07-11 17:25:31 +00:00
Addresses review feedback on the cost-estimate security-parity path: - The transient Query built to resolve the per-query schema joined the session via the `database` backref's `cascade="all, delete-orphan"`. With no `client_id` (nullable=False) it autoflushed into an IntegrityError the moment `apply_rls` issued its own session query, 500-ing every RLS-enabled estimate that references a table. Mirror the probe pattern in `SupersetSecurityManager.raise_for_access`: set `client_id`/`user_id` and `db.session.expunge` the probe. - `get_default_schema_for_query` was skipped whenever the caller pinned a schema, bypassing the engine's per-query gate (e.g. Postgres rejecting `SET search_path`) that the executor runs unconditionally. Always resolve through it; an explicit schema still wins as the RLS predicate target. Unit tests patch the session (so they can't see the autoflush); add an integration test exercising a real session + real `apply_rls` that would have caught the regression, and flip the explicit-schema test to assert the gate now runs. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>