msyavuz opened a new pull request, #39947: URL: https://github.com/apache/superset/pull/39947
### SUMMARY `DatasourceRestApi.combined_list` (added in #37815) relied on the auto-derived `can_combined_list on Datasource` permission. Because `can_combined_list` is not in `SupersetSecurityManager.READ_ONLY_PERMISSION`, `_is_alpha_only` flags it as Alpha-only and excludes it from the Gamma role, so Gamma users get a 403 on the dataset list page (`/api/v1/datasource/?q=...`). Map the method to `read` via `method_permission_name` so the FAB check uses `can_read on Datasource`, which is already a `READ_ONLY_PERMISSION` and gets granted to Admin/Alpha/Gamma via the standard role sync. ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF N/A — backend permission mapping change, no UI difference. ### TESTING INSTRUCTIONS 1. Apply the patch and run `superset init` to register `can_read on Datasource` and re-sync role grants. 2. Log in as a Gamma user and navigate to the datasets list — request to `/api/v1/datasource/?q=...` should return 200 instead of 403. 3. Verify Admin/Alpha still load the page as before. 4. Run `pytest tests/integration_tests/datasource/api_tests.py::TestDatasourceApi::test_combined_list_invalid_order_column tests/integration_tests/datasource/api_tests.py::TestDatasourceApi::test_combined_list_semantic_layers_off`. ### ADDITIONAL INFORMATION - [ ] Has associated issue: No - [ ] Required feature flags: None - [ ] Changes UI: No — backend-only - [ ] Includes DB Migration: No - [ ] Introduces new feature or API: No - [ ] Removes existing feature or API: No Note: deployments must run `superset init` after upgrading so the new `can_read on Datasource` permission is registered and granted to existing roles. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
