rebenitez1802 commented on PR #40650: URL: https://github.com/apache/superset/pull/40650#issuecomment-4659323212
One consistency gap worth noting: this adds the datasource access check to `CreateRLSRuleCommand` and `UpdateRLSRuleCommand`, but `DeleteRLSRuleCommand.validate()` still only checks rule existence (`RLSDAO.find_by_ids`) with no datasource access enforcement. If the goal is to bring all RLS rule commands in line with the standard datasource access pattern, deleting a rule that references datasources the caller can't access is the remaining path. It's reasonable to defer this — delete is bulk and the API is admin-only by default, and the command doesn't currently load the referenced `tables` (it operates on rule IDs), so adding the check would mean iterating `rule.tables` for each model. But it'd be good to either include it here or note explicitly that delete is intentionally left out of scope. 🤖 Generated with [Claude Code](https://claude.com/claude-code) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
