From 7c8a50aa03b38cf70e7611d2dbfa3abe16a7293c Mon Sep 17 00:00:00 2001
From: gtg472b <gtsc0obydo0@gmail.com>
Date: Sun, 6 Sep 2020 14:14:35 -0600
Subject: [PATCH 1/2] Fix: Include RLS filters for cache keys

This fix makes sure that RLS filters are searched for templatable jinja content, ensuring cached visualizations aren't shown to the wrong user.
---
 superset/connectors/sqla/models.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/superset/connectors/sqla/models.py b/superset/connectors/sqla/models.py
index 601a69ddb63dd..967d75e479901 100644
--- a/superset/connectors/sqla/models.py
+++ b/superset/connectors/sqla/models.py
@@ -1454,6 +1454,11 @@ def has_extra_cache_key_calls(self, query_obj: QueryObjectDict) -> bool:
             templatable_statements.append(extras["where"])
         if "having" in extras:
             templatable_statements.append(extras["having"])
+        # make sure the RLS filters are included
+        if config["ENABLE_ROW_LEVEL_SECURITY"] and self.is_rls_supported:
+            templatable_statements += [
+                f.clause
+                for f in security_manager.get_rls_filters(self) ]
         for statement in templatable_statements:
             if ExtraCache.regex.search(statement):
                 return True

From 4f6d57d6725d6d0d57efcaf6e37f16562c5d90b8 Mon Sep 17 00:00:00 2001
From: gtg472b <gtsc0obydo0@gmail.com>
Date: Mon, 7 Sep 2020 08:22:58 -0600
Subject: [PATCH 2/2] Fix: Include RLS filters for cache keys

This fix makes sure that RLS filters are searched for templatable jinja content, ensuring cached visualizations aren't shown to the wrong user.

Co-authored-by: Ville Brofeldt <33317356+villebro@users.noreply.github.com>
---
 superset/connectors/sqla/models.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/superset/connectors/sqla/models.py b/superset/connectors/sqla/models.py
index 967d75e479901..667c9d4a3ee7b 100644
--- a/superset/connectors/sqla/models.py
+++ b/superset/connectors/sqla/models.py
@@ -1454,11 +1454,10 @@ def has_extra_cache_key_calls(self, query_obj: QueryObjectDict) -> bool:
             templatable_statements.append(extras["where"])
         if "having" in extras:
             templatable_statements.append(extras["having"])
-        # make sure the RLS filters are included
         if config["ENABLE_ROW_LEVEL_SECURITY"] and self.is_rls_supported:
             templatable_statements += [
-                f.clause
-                for f in security_manager.get_rls_filters(self) ]
+                f.clause for f in security_manager.get_rls_filters(self)
+            ]
         for statement in templatable_statements:
             if ExtraCache.regex.search(statement):
                 return True