sha174n commented on code in PR #41425:
URL: https://github.com/apache/superset/pull/41425#discussion_r3478269629
##########
superset/views/core.py:
##########
@@ -505,6 +505,11 @@ def explore( # noqa: C901
datasource_id,
)
+ # Apply the same per-datasource access check the explore command
performs,
+ # so this view is consistent with it before rendering datasource
metadata.
+ if datasource:
+ security_manager.raise_for_access(datasource=datasource)
Review Comment:
Not applicable here. `SupersetSecurityException` subclasses
`SupersetErrorException`, which has a global Flask error handler registered in
`set_app_error_handlers` (`show_superset_error`). Flask dispatches exceptions
by walking the class MRO, so the subclass is caught by that handler and
returned as a structured JSON response carrying its own `status` (403), not a
generic 500. No per-method decorator or try/except is required. Verified
empirically that the response is 403.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
