sha174n commented on code in PR #40409:
URL: https://github.com/apache/superset/pull/40409#discussion_r3327371936
##########
superset/models/sql_lab.py:
##########
@@ -306,10 +306,15 @@ def raise_for_access(self) -> None:
"""
Raise an exception if the user cannot access the resource.
+ Re-validation of a SQL Lab query uses the same strict scoping as the
+ initial execute path (``force_dataset_match=True``) so that fetching
+ results, exporting CSV, and streaming-exporting all enforce the same
+ per-table dataset-match requirement.
+
:raises SupersetSecurityException: If the user cannot access the
resource
"""
- security_manager.raise_for_access(query=self)
+ security_manager.raise_for_access(query=self, force_dataset_match=True)
Review Comment:
Addressed in 6714ebfdf1: re-validation now parses `query.executed_sql` (the
fully Jinja-rendered SQL that actually ran) when set, so the table set matches
the execute-time check without persisting template_params on the Query record.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
