aminghadersohi commented on code in PR #40746:
URL: https://github.com/apache/superset/pull/40746#discussion_r3368411820
##########
superset/mcp_service/user/schemas.py:
##########
@@ -104,6 +104,27 @@ class UserInfo(BaseModel):
"access via get_user_info; not available in list_users because roles "
"is a relationship, not a selectable column)",
)
+
+ @field_validator("roles", mode="before")
+ @classmethod
+ def _extract_role_names(cls, v: Any) -> list[str] | None:
+ """Coerce Role ORM objects to their .name strings."""
+ if v is None:
+ return None
+ if isinstance(v, str):
+ # Preserve Pydantic's default rejection of bare strings for
list[str].
+ raise ValueError("roles must be a list, not a string")
+ result: list[str] = []
+ for item in v:
+ if isinstance(item, str):
+ result.append(item)
+ elif hasattr(item, "name"):
+ try:
+ result.append(str(item.name))
+ except DetachedInstanceError:
Review Comment:
MEDIUM — Silent suppression with no diagnostic output. When a session closes
before roles are loaded, the role is silently dropped. `roles == []` from a
user with three roles and an expired session is indistinguishable from `roles
== []` from a user with no roles. A `logger.debug(...)` before `continue` would
make session-management issues diagnosable. (Prefer debug over warning here
since the validator runs per-request.)
##########
superset/mcp_service/user/schemas.py:
##########
@@ -104,6 +104,27 @@ class UserInfo(BaseModel):
"access via get_user_info; not available in list_users because roles "
"is a relationship, not a selectable column)",
)
+
+ @field_validator("roles", mode="before")
+ @classmethod
+ def _extract_role_names(cls, v: Any) -> list[str] | None:
+ """Coerce Role ORM objects to their .name strings."""
+ if v is None:
+ return None
+ if isinstance(v, str):
+ # Preserve Pydantic's default rejection of bare strings for
list[str].
+ raise ValueError("roles must be a list, not a string")
+ result: list[str] = []
+ for item in v:
+ if isinstance(item, str):
+ result.append(item)
+ elif hasattr(item, "name"):
Review Comment:
NIT — `hasattr(item, "name")` matches any object with a `.name` attribute
(Python module, `enum` member, `namedtuple`). Low risk in practice since
`roles` is only populated from the ORM relationship, but an
`isinstance(item.name, str)` check inside the restructured `try` block (see
adjacent comment) would prevent silently coercing unexpected types.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
