[NEP-18176]: Implemeting data scoping based on user programmes and sites

soundarya-mv · soundarya-mv · commit 5a33b5d5de79 · 2024-08-29T12:28:16.000+10:00
diff --git a/lib/superset/guest_token.rb b/lib/superset/guest_token.rb
@@ -2,11 +2,13 @@ module Superset
   class GuestToken
     include Credential::EmbeddedUser
 
-    attr_accessor :embedded_dashboard_id, :current_user
+    attr_accessor :embedded_dashboard_id, :current_user, :current_user_sites, :current_user_programmes
 
-    def initialize(embedded_dashboard_id: , current_user: nil)
+    def initialize(embedded_dashboard_id: , current_user: nil, current_user_sites: [], current_user_programmes: [])
       @embedded_dashboard_id = embedded_dashboard_id
       @current_user = current_user
+      @current_user_sites = current_user_sites
+      @current_user_programmes = current_user_programmes
     end
 
     def guest_token
@@ -20,7 +22,11 @@ def params
             "id": embedded_dashboard_id.to_s,
             "type": "dashboard" }
         ],
-        "rls": [],
+        "rls": [
+          { 
+            "clause": rls_filter_clause
+          }
+        ],
         "user": current_user_params
       }
     end
@@ -65,5 +71,18 @@ def access_token
     def authenticator
       @authenticator ||= Superset::Authenticator.new(credentials)
     end
+
+    def rls_filter_clause
+      "#{site_clause} AND #{programme_clause}"
+    end
+
+    def site_clause
+      return true if current_user_sites.empty?
+      "site_id = ANY(ARRAY[#{current_user_sites}])" 
+    end
+
+    def programme_clause
+      "programme = ANY(string_to_array(replace(trim(('#{current_user_programmes.to_json}'), '[]'), '\"', ''), ','))"
+    end
   end
 end
