rusackas commented on code in PR #41217:
URL: https://github.com/apache/superset/pull/41217#discussion_r3440530627
##########
superset/security/api.py:
##########
@@ -74,7 +74,26 @@ def convert_enum_to_value( # pylint: disable=unused-argument
return data
-class RlsRuleSchema(PermissiveSchema):
+class RlsRuleSchema(Schema):
+ """
+ Schema for a single row-level security rule attached to a guest token.
+
+ Unlike the other guest-token schemas, this one rejects unknown fields
+ instead of silently dropping them. A rule is scoped to a dataset only when
+ it carries a valid integer ``dataset`` key; a rule with no ``dataset`` is
+ treated as global and its ``clause`` is applied to every dataset the
+ embedded resource can reach (see ``get_guest_rls_filters``). Silently
+ excluding an unexpected field -- most commonly a mistyped or legacy scope
+ key such as ``datasource`` -- would therefore turn an intended
+ dataset-scoped rule into a global one without any feedback to the caller.
+ Raising on unknown fields surfaces the mistake as an HTTP 400 before a
+ token is ever issued and keeps the accepted payload aligned with the
+ documented ``RlsRule`` contract (``dataset`` and ``clause``).
+ """
+
+ class Meta: # pylint: disable=too-few-public-methods
+ unknown = RAISE
+
dataset = fields.Integer()
Review Comment:
Good catch — same falsy-widening trap as the unknown-field case this PR
fixes. Constrained `dataset` to strict, positive integers so `0`/`false` raise
instead of silently going global. Pushed with tests.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
