Re: [D] New Jinja Macro - `guest_token_template_variable(variable_name)` [superset]

Wed, 25 Jun 2025 23:22:22 -0700 


GitHub user Yash2412 closed a discussion: New Jinja Macro - 
`guest_token_template_variable(variable_name)`

**Summary**

Add a new Jinja macro: `guest_token_template_variable(variable_name)` to 
Superset, which allows access to guest token-specific template variables in 
embedded dashboards.

**Motivation**

Currently, there is no direct way for guest users (viewing embedded dashboards 
via a `guest_token`) to pass template variables into SQL queries using Jinja. 
This limits the ability to build multi-tenant or dynamic dashboards for guest 
viewers.

**Proposed Solution**

Introduce a new macro `guest_token_template_variable("key")` that retrieves the 
value from the `guest_token` payload's `template_variables`.

For example, while generating a guest token:
```json
{
  "resources": [],
  "rls": [],
  "user": {
    "username": "guest",
    "first_name": "Guest",
    "last_name": "User"
  },
  "template_variables": {
    "tenant": "test1"
  }
}
```

And in a dataset's SQL:
```sql
SELECT * FROM my_table WHERE tenant_id = '{{ 
guest_token_template_variable("tenant") }}'
```


This would render as:
```sql
SELECT * FROM my_table WHERE tenant_id = 'test1'
```


**Benefits**
- Enables multi-tenancy or dynamic filters for embedded dashboards
- Improves guest token customization
- Keeps consistent behavior with current Jinja templating ecosystem

**Considerations**
- Should gracefully fallback if key is missing or guest token doesn't include 
template_variables
- Access to this macro must be restricted to guest tokens only to avoid leakage 
from non-guest users

**Alternatives**
Using current_user-based template logic is not helpful for guests as the user 
context is synthetic. This macro provides a clean and secure alternative.

**Additional Context**
This would enhance the embedded SDK and align with modern SaaS dashboard needs.

Would love to hear thoughts from the community and maintainers before starting 
the implementation. I'm happy to open a PR once there is consensus.

GitHub link: https://github.com/apache/superset/discussions/33918

----
This is an automatically sent email for [email protected].
To unsubscribe, please send an email to: 
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to