From 52a03f18a110c5eedebc6f6c2ca9ea01d8bc914c Mon Sep 17 00:00:00 2001
From: Geido <60598000+geido@users.noreply.github.com>
Date: Tue, 10 Sep 2024 15:11:09 +0200
Subject: [PATCH] fix(Embedded): Dashboard screenshot should use GuestUser
 (#30200)

---
 superset/dashboards/api.py   |  1 -
 superset/tasks/thumbnails.py | 25 +++++++++++++++----------
 2 files changed, 15 insertions(+), 11 deletions(-)

diff --git a/superset/dashboards/api.py b/superset/dashboards/api.py
index 53371925a..193901b48 100644
--- a/superset/dashboards/api.py
+++ b/superset/dashboards/api.py
@@ -1041,7 +1041,6 @@ class DashboardRestApi(BaseSupersetModelRestApi):
         def trigger_celery() -> WerkzeugResponse:
             logger.info("Triggering screenshot ASYNC")
             cache_dashboard_screenshot.delay(
-                current_user=get_current_user(),
                 dashboard_id=dashboard.id,
                 dashboard_url=dashboard_url,
                 force=True,
diff --git a/superset/tasks/thumbnails.py b/superset/tasks/thumbnails.py
index 483fb8495..eb64ac49c 100644
--- a/superset/tasks/thumbnails.py
+++ b/superset/tasks/thumbnails.py
@@ -20,10 +20,11 @@
 import logging
 from typing import cast, Optional
 
-from flask import current_app
+from flask import current_app, g
 
 from superset import security_manager, thumbnail_cache
 from superset.extensions import celery_app
+from superset.security.guest_token import GuestUser
 from superset.tasks.utils import get_executor
 from superset.utils.core import override_user
 from superset.utils.screenshots import ChartScreenshot, DashboardScreenshot
@@ -109,7 +110,6 @@ def cache_dashboard_thumbnail(
 # pylint: disable=too-many-arguments
 @celery_app.task(name="cache_dashboard_screenshot", soft_time_limit=300)
 def cache_dashboard_screenshot(
-    current_user: Optional[str],
     dashboard_id: int,
     dashboard_url: str,
     force: bool = True,
@@ -124,18 +124,23 @@ def cache_dashboard_screenshot(
         return
 
     dashboard = Dashboard.get(dashboard_id)
+    current_user = g.user
 
     logger.info("Caching dashboard: %s", dashboard_url)
-    _, username = get_executor(
-        executor_types=current_app.config["THUMBNAIL_EXECUTE_AS"],
-        model=dashboard,
-        current_user=current_user,
-    )
-    user = security_manager.find_user(username)
-    with override_user(user):
+
+    # Requests from Embedded should always use the Guest user
+    if not isinstance(current_user, GuestUser):
+        _, username = get_executor(
+            executor_types=current_app.config["THUMBNAIL_EXECUTE_AS"],
+            model=dashboard,
+            current_user=current_user.username,
+        )
+        current_user = security_manager.find_user(username)
+
+    with override_user(current_user):
         screenshot = DashboardScreenshot(dashboard_url, dashboard.digest)
         screenshot.compute_and_cache(
-            user=user,
+            user=current_user,
             cache=thumbnail_cache,
             force=force,
             window_size=window_size,