diff --git a/superset/async_events/async_query_manager.py b/superset/async_events/async_query_manager.py index ba98c214f2c64..c54eb03753df3 100644 --- a/superset/async_events/async_query_manager.py +++ b/superset/async_events/async_query_manager.py @@ -191,13 +191,21 @@ def submit_explore_json_job( force: Optional[bool] = False, user_id: Optional[int] = None, ) -> dict[str, Any]: + # pylint: disable=import-outside-toplevel + from superset import security_manager + job_metadata = self.init_job(channel_id, user_id) + if guest_user := security_manager.get_current_guest_user_if_guest(): + job_metadata["guest_token"] = guest_user.guest_token self._load_explore_json_into_cache_job.delay( job_metadata, form_data, response_type, force, ) + # clean up guest token so that it doesn't get exposed upper level + if "guest_token" in job_metadata: + del job_metadata["guest_token"] return job_metadata def submit_chart_data_job( @@ -214,6 +222,7 @@ def submit_chart_data_job( if guest_user := security_manager.get_current_guest_user_if_guest(): job_metadata["guest_token"] = guest_user.guest_token self._load_chart_data_into_cache_job.delay(job_metadata, form_data) + # clean up guest token so that it doesn't get exposed upper level if "guest_token" in job_metadata: del job_metadata["guest_token"] return job_metadata diff --git a/superset/tasks/async_queries.py b/superset/tasks/async_queries.py index e59adbc8cb393..13e25bc7eccf9 100644 --- a/superset/tasks/async_queries.py +++ b/superset/tasks/async_queries.py @@ -113,8 +113,14 @@ def load_explore_json_into_cache( # pylint: disable=too-many-locals cache_key_prefix = "ejr-" # ejr: explore_json request if user_id := job_metadata.get("user_id"): + # logged in user user = security_manager.get_user_by_id(user_id) + elif guest_token := job_metadata.get("guest_token"): + # embedded guest user + user = security_manager.get_guest_user_from_token(guest_token) + del job_metadata["guest_token"] else: + # default to anonymous user if no user is found user = security_manager.get_anonymous_user() with override_user(user, force=False): @@ -146,7 +152,13 @@ def load_explore_json_into_cache( # pylint: disable=too-many-locals "response_type": response_type, } cache_key = generate_cache_key(cache_value, cache_key_prefix) - set_and_log_cache(cache_manager.cache, cache_key, cache_value) + cache_instance = cache_manager.cache + cache_timeout = ( + cache_instance.cache.default_timeout if cache_instance.cache else None + ) + set_and_log_cache( + cache_instance, cache_key, cache_value, cache_timeout=cache_timeout + ) result_url = f"/superset/explore_json/data/{cache_key}" async_query_manager.update_job( job_metadata,