dosubot[bot]
commented
1 month ago I found a similar open issue: 4.0 - Imported charts shows error on embedding, which was last updated on September 04, 2024. This issue is related to the error "Guest user cannot modify chart payload" when embedding charts.
The error occurs because guest users are not allowed to modify the chart payload. This restriction is enforced to prevent guest users from requesting different charts or ad-hoc metrics from what is saved. The relevant code snippet checks if the user is a guest and if the query context has been modified. If both conditions are true, it raises a SupersetSecurityException with the message "Guest user cannot modify chart payload" [1].
To address this issue, you can automate the update of the query_context for each chart. This can be achieved by either directly interacting with the Superset backend database or using Superset's REST API to fetch and update charts. Here’s a brief overview of both approaches:
-
Direct Database Manipulation: Write a script that connects to the Superset database, fetches all charts, updates the
query_contextfield in their metadata, and saves the changes back to the database. This method requires direct access to the database and careful handling to avoid data corruption. -
Using Superset APIs: A safer, albeit potentially slower, method involves using the Superset REST API. You would use the
GET /chart/endpoint to fetch chart configurations, update thequery_contextin each configuration, and then use thePUT /chart/{pk}endpoint to update each chart.
Here’s a simplified example of how you might use Python to update chart metadata using Superset’s API:
import requests
SUPSERET_API_URL = "http://your-superset-instance/api/v1/chart"
API_TOKEN = "your_api_token"
def update_chart(chart_id, updated_config):
headers = {"Authorization": f"Bearer {API_TOKEN}"}
response = requests.put(f"{SUPSERET_API_URL}/{chart_id}", json=updated_config, headers=headers)
if response.status_code == 200:
print(f"Successfully updated chart {chart_id}")
else:
print(f"Failed to update chart {chart_id}: {response.text}")
# Example usage
chart_id = 123 # Example chart ID
updated_config = {
# Your updated chart configuration including the new query_context
}
update_chart(chart_id, updated_config)This script is a basic example and will need to be adjusted based on your specific requirements, including authentication and the exact structure of the updated_config [2].
Additionally, the Superset Embedded SDK documentation explains that embedded resources use a special auth token called a Guest Token to grant Superset access to your users without requiring them to log in directly. The guest token allows authentication to your Superset instance via creating an Anonymous user object, which defaults to the public role. This setup ensures that guest users have limited permissions, including restrictions on modifying chart payloads [3].
To continue talking to Dosu, mention @dosu.
rusackas
sadpandajoe
Bug description
When adding the new ECharts version of the Sankey to a dashboard that is embedded using the embedding SDK using a guest user token the chart will not render with error
Guest user cannot modify chart payloadHow to reproduce the bug
Screenshots/recordings
Superset version
master / latest-dev
Python version
3.9
Node version
18 or greater
Browser
Chrome
Additional context
No response
Checklist