diff --git a/superset/views/base.py b/superset/views/base.py index 17183e59a774f..a6e6793d88fc4 100644 --- a/superset/views/base.py +++ b/superset/views/base.py @@ -622,10 +622,19 @@ def apply(self, query: Query, value: Any) -> Query: return query datasource_perms = security_manager.user_view_menu_names("datasource_access") schema_perms = security_manager.user_view_menu_names("schema_access") + owner_ids_query = ( + db.session.query(models.SqlaTable.id) + .join(models.SqlaTable.owners) + .filter( + security_manager.user_model.id + == security_manager.user_model.get_user_id() + ) + ) return query.filter( or_( self.model.perm.in_(datasource_perms), self.model.schema_perm.in_(schema_perms), + models.SqlaTable.id.in_(owner_ids_query), ) ) diff --git a/tests/integration_tests/datasets/api_tests.py b/tests/integration_tests/datasets/api_tests.py index 781ae929b743c..fa467e0816867 100644 --- a/tests/integration_tests/datasets/api_tests.py +++ b/tests/integration_tests/datasets/api_tests.py @@ -214,6 +214,27 @@ def test_get_dataset_list_gamma(self): response = json.loads(rv.data.decode("utf-8")) assert response["result"] == [] + def test_get_dataset_list_gamma_owned(self): + """ + Dataset API: Test get dataset list owned by gamma + """ + main_db = get_main_database() + owned_dataset = self.insert_dataset( + "ab_user", [self.get_user("gamma").id], main_db + ) + + self.login(username="gamma") + uri = "api/v1/dataset/" + rv = self.get_assert_metric(uri, "get_list") + assert rv.status_code == 200 + response = json.loads(rv.data.decode("utf-8")) + + assert response["count"] == 1 + assert response["result"][0]["table_name"] == "ab_user" + + db.session.delete(owned_dataset) + db.session.commit() + def test_get_dataset_related_database_gamma(self): """ Dataset API: Test get dataset related databases gamma