sha174n opened a new pull request, #41430: URL: https://github.com/apache/superset/pull/41430
### SUMMARY Brings the per-object semantic layer endpoints in line with the list endpoint and with the semantic view endpoints for `datasource_access` handling. `SemanticLayerDAO.find_all()` (used by the list endpoint) already scopes layers to the caller's `datasource_access` grants. This change introduces `SemanticLayer.raise_for_access()`, mirroring the existing `SemanticView.raise_for_access()`, and applies it consistently on: - `GET /api/v1/semantic_layer/<uuid>` — returns 404 when the layer is not accessible to the caller - `PUT` and `DELETE /api/v1/semantic_layer/<uuid>` — return 403 when not accessible - semantic view creation — now requires access to the parent layer This keeps single-object access behavior consistent with the list endpoint and with the semantic view resource. The feature is behind the `SEMANTIC_LAYERS` flag (off by default). ### TESTING INSTRUCTIONS Unit tests added for `SemanticLayer.raise_for_access()` and for the get / update / delete / view-create command paths. Run: ``` pytest tests/unit_tests/commands/semantic_layer tests/unit_tests/semantic_layers/models_test.py ``` ### ADDITIONAL INFORMATION - [ ] Has associated issue: feature is behind the default-off `SEMANTIC_LAYERS` flag - [x] Required feature flags: `SEMANTIC_LAYERS` - [x] Changes UI - [ ] Includes DB Migration -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
