diegomedina248 commented on code in PR #20285:
URL: https://github.com/apache/superset/pull/20285#discussion_r890528371
##########
superset/security/manager.py:
##########
@@ -1054,19 +1054,24 @@ def raise_for_access(
denied = set()
for table_ in tables:
- schema_perm = self.get_schema_perm(database,
schema=table_.schema)
Review Comment:
`table._schema` could be the one defined in the query itself, or the one
selected on the left dropdown.
For that reason, we could be fetching the permission for a schema that does
not contain the table, and validate the request (if the user has permission to
that schema).
So, we invert the request order here, by querying all the datasources for
the database/table combination, and then matching the schema. If there's a
match, then we check the permission on that schema.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
