bito-code-review[bot] commented on PR #40769:
URL: https://github.com/apache/superset/pull/40769#issuecomment-4623646328
<!-- Bito Reply -->
The flagged issue is correct. The `GetDashboardPermalinkCommand.run()`
method already resolves the dashboard and performs an access check, making the
subsequent `Dashboard.get(value["dashboardId"])` and
`dashboard.raise_for_access()` calls redundant.
You can resolve this by reusing the dashboard object if the command returns
it, or by ensuring the command's result is sufficient. Since the command
already performs the necessary authorization, you can simplify the view logic
by removing the redundant database lookup and permission check.
Would you like me to check the rest of the comments on this PR for similar
issues?
**superset/views/core.py**
```
try:
value = GetDashboardPermalinkCommand(key).run()
except (DashboardPermalinkGetFailedError,
DashboardAccessDeniedError) as ex:
if not get_current_user():
return redirect_to_login()
return json_error_response(__("Error: %(msg)s", msg=ex.message),
status=404)
if not value:
if not get_current_user():
return redirect_to_login()
return json_error_response(_("permalink state not found"),
status=404)
# The command already validated access and resolved the dashboard.
# Use the dashboard ID from the command result directly.
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
