fix(Embedded): Dashboard screenshot should use GuestUser (#30200)

2024-09-10 15:11:09 +02:00 · 2024-09-10 15:11:09 +02:00 · 52a03f18a1
parent 6baeb659a7
commit 52a03f18a1
2 changed files with 15 additions and 11 deletions
--- a/superset/dashboards/api.py
+++ b/superset/dashboards/api.py
@ -1041,7 +1041,6 @@ class DashboardRestApi(BaseSupersetModelRestApi):
        def trigger_celery() -> WerkzeugResponse:
            logger.info("Triggering screenshot ASYNC")
            cache_dashboard_screenshot.delay(
-                current_user=get_current_user(),
                dashboard_id=dashboard.id,
                dashboard_url=dashboard_url,
                force=True,
--- a/superset/tasks/thumbnails.py
+++ b/superset/tasks/thumbnails.py
@ -20,10 +20,11 @@
 import logging
 from typing import cast, Optional

-from flask import current_app
+from flask import current_app, g

 from superset import security_manager, thumbnail_cache
 from superset.extensions import celery_app
+from superset.security.guest_token import GuestUser
 from superset.tasks.utils import get_executor
 from superset.utils.core import override_user
 from superset.utils.screenshots import ChartScreenshot, DashboardScreenshot
@ -109,7 +110,6 @@ def cache_dashboard_thumbnail(
 # pylint: disable=too-many-arguments
@celery_app.task(name="cache_dashboard_screenshot", soft_time_limit=300)
 def cache_dashboard_screenshot(
-    current_user: Optional[str],
    dashboard_id: int,
    dashboard_url: str,
    force: bool = True,
@ -124,18 +124,23 @@ def cache_dashboard_screenshot(
        return

    dashboard = Dashboard.get(dashboard_id)
+    current_user = g.user

    logger.info("Caching dashboard: %s", dashboard_url)
-    _, username = get_executor(
-        executor_types=current_app.config["THUMBNAIL_EXECUTE_AS"],
-        model=dashboard,
-        current_user=current_user,
-    )
-    user = security_manager.find_user(username)
-    with override_user(user):
+
+    # Requests from Embedded should always use the Guest user
+    if not isinstance(current_user, GuestUser):
+        _, username = get_executor(
+            executor_types=current_app.config["THUMBNAIL_EXECUTE_AS"],
+            model=dashboard,
+            current_user=current_user.username,
+        )
+        current_user = security_manager.find_user(username)
+
+    with override_user(current_user):
        screenshot = DashboardScreenshot(dashboard_url, dashboard.digest)
        screenshot.compute_and_cache(
-            user=user,
+            user=current_user,
            cache=thumbnail_cache,
            force=force,
            window_size=window_size,