Re: [PR] fix(sqllab): enforce can_export_csv permission on streaming CSV expor… [superset]

via GitHub Tue, 10 Mar 2026 10:00:14 -0700


codeant-ai-for-open-source[bot] commented on PR #38526:
URL: https://github.com/apache/superset/pull/38526#issuecomment-4033004536


   ## **Sequence Diagram**
   
   This PR makes the SQL Lab streaming CSV export endpoint enforce the 
export_csv permission, returning 403 for users without can_export_csv while 
still streaming CSV data for authorized users.
   
   ```mermaid
   sequenceDiagram
       participant User
       participant SQLLabAPI as SQL Lab API
       participant Auth as Permission system
   
       User->>SQLLabAPI: POST export_streaming CSV
       SQLLabAPI->>Auth: Check export_csv on SQLLab
   
       alt User lacks export_csv
           Auth-->>SQLLabAPI: Forbidden
           SQLLabAPI-->>User: 403 Forbidden
       else User has export_csv
           Auth-->>SQLLabAPI: Allowed
           SQLLabAPI-->>User: Stream CSV response
       end
   ```
   
   ---
   *Generated by [CodeAnt AI](https://codeant.ai)*
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Re: [PR] fix(sqllab): enforce can_export_csv permission on streaming CSV expor… [superset]

Reply via email to