zephyring commented on code in PR #24301:
URL: https://github.com/apache/superset/pull/24301#discussion_r1232581425
##########
superset/queries/saved_queries/dao.py:
##########
@@ -44,3 +47,20 @@ def bulk_delete(models: Optional[list[SavedQuery]], commit:
bool = True) -> None
except SQLAlchemyError as ex:
db.session.rollback()
raise DAODeleteFailedError() from ex
+
+ @classmethod
+ def get_by_id(cls, _id: str) -> Optional[SavedQuery]:
Review Comment:
I agreed with using permalink as long term solution for `copy link` or any
other share with link feature as opposed to directly sharing with raw uuid.
Even though uuid is impossible to guess, it's still security through
obscurity(link can be leaked unintentionally).
And we should be consistent for authorization policy on a resource
regardless of the format of their IDs.
But like @jfrag1 said this PR is to fix a breaking changes of the other PR.
We will need to either revert that breaking PR or allow exception of this PR
for now until formal SIP is made around how we represent/export resource
application wide.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
