chore(cubejs-server-core): make sure DAP doesn't generate empty filters

while empty filters are technically allowed, they still have potential
for breaking things downstream (like some UIs in Cube Cloud) which
weren't designed with empty filters in mind.

Author: bsod90

packages/cubejs-server-core/src/core/CompilerApi.js

@@ -339,11 +339,25 @@ export class CompilerApi {
       viewFiltersPerCubePerRole,
       hasAllowAllForCube
     );
-    query.filters = query.filters || [];
-    query.filters.push(rlsFilter);
+    if (rlsFilter) {
+      query.filters = query.filters || [];
+      query.filters.push(rlsFilter);
+    }
     return { query, denied: false };
   }
 
+  removeEmptyFilters(filter) {
+    if (filter?.and) {
+      const and = filter.and.map(f => this.removeEmptyFilters(f)).filter(f => f);
+      return and.length > 1 ? { and } : and.at(0) || null;
+    }
+    if (filter?.or) {
+      const or = filter.or.map(f => this.removeEmptyFilters(f)).filter(f => f);
+      return or.length > 1 ? { or } : or.at(0) || null;
+    }
+    return filter;
+  }
+
   buildFinalRlsFilter(cubeFiltersPerCubePerRole, viewFiltersPerCubePerRole, hasAllowAllForCube) {
     // - delete all filters for cubes where the user has allowAll
     // - combine the rest into per role maps
@@ -369,7 +383,7 @@ export class CompilerApi {
       {}
     );
 
-    return {
+    return this.removeEmptyFilters({
       and: [{
         or: Object.keys(cubeFiltersPerRole).map(role => ({
           and: cubeFiltersPerRole[role]
@@ -379,7 +393,7 @@ export class CompilerApi {
           and: viewFiltersPerRole[role]
         }))
       }]
-    };
+    });
   }
 
   async compilerCacheFn(requestId, key, path) {