fix: handle empty catalog when DB supports them

[betodealmeida]

SUMMARY

Handle edge cases when catalog is passed as null but the database supports catalog. This happens when "Allow changing catalogs" is disabled in the database. In these cases we need to use the default catalog, so that permissions checks work as expected.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

N/A

TESTING INSTRUCTIONS

1. Add a database with catalogs (eg, Postgres)

• Catalog permissions are created (eg, [Postgres].[superset])
• Schema permissions are created (eg, [Postgres].[superset].[public])

2. Create a user A with catalog-level permissions to the default catalog

• User can see schemas in SQL Lab
• User can choose schema in SQL Lab
• User can choose table in SQL Lab
• User can run queries
• User can create a new dataset
• User can see charts built from the dataset

3. Create a user B with schema-level permissions to the default catalog

• User can see only 1 schema in SQL Lab
• User can choose table in SQL Lab
• User can run queries
• User can create a new dataset
• User can see charts built from the dataset

4. Create a user C with catalog-level permissions to a non-default catalog

• User can't see schemas/tables in SQL Lab
• User can't run queries in SQL Lab

5. Create a user D with schema-level permissions to a non-default catalog

• User can't see schemas/tables in SQL Lab
• User can't run queries in SQL Lab

6. Enable multi-catalog

• Admin should see all catalogs
• A, B, C, D should only see the catalogs they have access to
• Repeat steps from (2)

ADDITIONAL INFORMATION

• Has associated issue:
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[rusackas]

I just put this in draft mode whilst it doesn't have a title/description :) Best of luck with whatever it is! :D

[betodealmeida]

Note: In most cases, you can use Authorization: Bearer or Authorization: token to pass a token. However, if you are passing a JSON web token (JWT), you must use Authorization: Bearer. [source]

[Vitor-Avila]

Nice!

[sadpandajoe]

@supersetbot label 4.1

[Vitor-Avila]

Should catalog be added to the API path as well (when the table is not from the default one)? Not related with this PR, just asking if it's something we need to do.

[betodealmeida]

Yeah, but I I couldn't find any API calls to this endpoint — it seems like we return this in the database request now, instead of calling /select_star/, which is why I didn't change the code to pass a parameter. I think we should keep this endpoint until the next major version and then get rid of it.

[Vitor-Avila]

gotcha! thank you

[Vitor-Avila]

LGTM!

[Vitor-Avila]

Non-blocking comment: would be good if you could mention why these tests were removed.

[betodealmeida]

These tests were poorly written and relied on weird side effects.

[Vitor-Avila]

thank you!