aminghadersohi commented on PR #38845: URL: https://github.com/apache/superset/pull/38845#issuecomment-4128857591
Thanks for the feedback @Antonio-RiveroMartnez! Good question. I moved the data-level check into `auth.py` as `check_chart_data_access()`, sitting alongside `mcp_auth_hook` and `has_dataset_access`. The three tools now import from auth instead of chart_utils directly. The reason it's a separate function rather than part of `mcp_auth_hook` itself: the hook runs *before* the tool function (it doesn't know which specific charts/datasets will be accessed), while data-level checks need the actual ORM objects that are only available *inside* the tool after querying. Two inherently separate phases — but now both live in the auth module. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
