rusackas opened a new pull request, #40955:
URL: https://github.com/apache/superset/pull/40955
### SUMMARY
When a chart is updated with *only* a `query_context` (the
`{query_context, query_context_generation}` payload that report and alert
workers use to refresh a chart's cached payload), `UpdateChartCommand`
intentionally skips the ownership check so those background workers can save
context without owning the chart.
This change keeps that payload internally consistent: before saving, it
validates that the submitted `query_context.datasource` still references the
chart's own persisted `datasource_id` (and type). A payload that points at a
different datasource is rejected with a 400 rather than being stored as-is.
Payloads that don't carry a parseable `datasource` are unchanged — at
execution
time they already fall back to the chart's own datasource — so there's no
behavior change for the normal save flow.
It's a small, well-scoped robustness check on the chart update path so a
chart's stored query context can't drift away from the chart's actual
datasource.
### TESTING INSTRUCTIONS
Unit tests added in `tests/unit_tests/commands/chart/update_test.py`:
- a query context targeting the chart's own datasource is accepted
- a query context referencing a different datasource id/type is rejected
(`ChartInvalidError` → 400), including the id-as-string case
- payloads with no datasource / null datasource / unparseable JSON are left
alone (no false positives)
```
pytest tests/unit_tests/commands/chart/update_test.py
```
### ADDITIONAL INFORMATION
- [ ] Has associated issue:
- [ ] Required feature flags:
- [ ] Changes UI
- [ ] Includes DB Migration (follow approval process in
[SIP-59](https://github.com/apache/superset/issues/13351))
- [ ] Migration is atomic, supports rollback & is backwards-compatible
- [ ] Confirm DB migration upgrade and downgrade tested
- [ ] Runtime estimates and downtime expectations provided
- [ ] Introduces new feature or API
- [ ] Removes existing feature or API
🤖 Generated with [Claude Code](https://claude.com/claude-code)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
