bito-code-review[bot] commented on code in PR #40650:
URL: https://github.com/apache/superset/pull/40650#discussion_r3338372066
##########
superset/commands/security/create.py:
##########
@@ -50,5 +51,8 @@ def validate(self) -> None:
)
if len(tables) != len(self._tables):
raise DatasourceNotFoundValidationError()
+ for table in tables:
+ if not security_manager.can_access_datasource(datasource=table):
+ raise RLSDatasourceForbiddenError()
Review Comment:
<!-- Bito Reply -->
The suggestion to extract the duplicated authorization logic into a shared
helper is valid and aligns with good software engineering practices. It
improves maintainability by reducing redundancy and centralizing logic. Since
the user has acknowledged this as out of scope for the current security fix, it
is appropriate to defer this refactor to a follow-up task. No action is
required for this thread at this time.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
