feat: RLS for SQL Lab

[betodealmeida]

SUMMARY

Add a new feature flag RLS_IN_SQLLAB that when enabled will make Superset apply relevant RLS rules to queries ran in SQL Lab.

BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF

Created a simple RLS on bart_lines:

Confirmed that it works in Explore, as expected:

Ran query in SQL Lab, RLS is also applied:

TESTING INSTRUCTIONS

WIP

ADDITIONAL INFORMATION

• Has associated issue:
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

[codecov]

Codecov Report

Merging #19999 (aef0026) into master (62e1c34) will decrease coverage by 0.13%.
The diff coverage is 85.97%.

❗ Current head aef0026 differs from pull request most recent head 14848ac. Consider uploading reports for the commit 14848ac to get more accurate results

@@            Coverage Diff             @@
##           master   #19999      +/-   ##
==========================================
- Coverage   66.28%   66.15%   -0.14%     
==========================================
  Files        1712     1713       +1     
  Lines       63968    64071     +103     
  Branches     6731     6731              
==========================================
- Hits        42404    42386      -18     
- Misses      19853    19974     +121     
  Partials     1711     1711              

Flag	Coverage Δ
hive	?
mysql	82.04% <95.83%> (+0.04%)	⬆️
postgres	82.10% <97.50%> (+0.05%)	⬆️
presto	?
python	82.14% <97.50%> (-0.34%)	⬇️
sqlite	?
unit	?

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files	Coverage Δ
.../plugin-chart-echarts/src/Funnel/transformProps.ts	71.73% <ø> (ø)
...lugins/plugin-chart-echarts/src/Gauge/constants.ts	100.00% <ø> (ø)
...hart-echarts/src/MixedTimeseries/transformProps.ts	0.00% <0.00%> (ø)
...ins/plugin-chart-echarts/src/Pie/transformProps.ts	55.07% <ø> (ø)
...s/plugin-chart-echarts/src/Radar/transformProps.ts	0.00% <ø> (ø)
...plugin-chart-echarts/src/Treemap/transformProps.ts	51.51% <ø> (ø)
...ns/plugin-chart-word-cloud/src/chart/WordCloud.tsx	0.00% <0.00%> (ø)
...ins/preset-chart-xy/src/components/Line/Encoder.ts	100.00% <ø> (ø)
superset-frontend/src/SqlLab/actions/sqlLab.js	60.39% <0.00%> (ø)
...rc/SqlLab/components/ScheduleQueryButton/index.tsx	20.75% <0.00%> (ø)
... and 110 more

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 62e1c34...14848ac. Read the comment docs.

[betodealmeida]

This is the core of the PR, the rest is just passing username around.

[dpgaspar]

nice if flip, less indentation

[villebro]

One minor docstring comment. Also, would be nice to have at least minimal tests for this, as this is a fairly central security feature. If it's a lot of work, which I assume it is, I can try to help out!

[villebro]

nit: username is missing in the docstring here and in security_manager.get_rls_filters. The main description says it retrieves rls filters for "the current user" - we should perhaps remove that text from both docstrings and state that if username is missing, it will fall back to the current user.

[betodealmeida]

Ah, good catch and good point, @villebro! Let me fix the docstrings and add tests.

[villebro]

LGTM with a very minor non-blocking nit. This is really great, as it will open up SQL Lab to RLS users 🚀