codeant-ai-for-open-source[bot] commented on PR #38678:
URL: https://github.com/apache/superset/pull/38678#issuecomment-4067543595
## **Sequence Diagram**
This PR removes the XLSX export path from the explore endpoint and keeps
export authorization focused on CSV downloads only. The core runtime change is
that CSV requests now perform a direct CSV permission check before generating
and returning file content.
```mermaid
sequenceDiagram
participant Client
participant ExploreAPI
participant Security
participant VizEngine
Client->>ExploreAPI: Request explore data with csv option
ExploreAPI->>Security: Check csv download permission
alt Permission granted
ExploreAPI->>VizEngine: Generate csv from chart data
VizEngine-->>ExploreAPI: Csv payload
ExploreAPI-->>Client: Return csv download
else Permission denied
ExploreAPI-->>Client: Return forbidden error
end
```
---
*Generated by [CodeAnt AI](https://codeant.ai)*
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
