bito-code-review[bot] commented on code in PR #41425:
URL: https://github.com/apache/superset/pull/41425#discussion_r3478270688
##########
superset/views/core.py:
##########
@@ -505,6 +505,11 @@ def explore( # noqa: C901
datasource_id,
)
+ # Apply the same per-datasource access check the explore command
performs,
+ # so this view is consistent with it before rendering datasource
metadata.
+ if datasource:
+ security_manager.raise_for_access(datasource=datasource)
Review Comment:
<!-- Bito Reply -->
The user's assessment is correct. Since `SupersetSecurityException` is a
subclass of `SupersetErrorException`, it is handled by the existing global
Flask error handler (`show_superset_error`), which ensures a structured 403
JSON response is returned. Therefore, the explicit try/except block suggested
in the review is not strictly required for this exception to be handled
correctly.
**superset/views/core.py**
```
511: + if datasource:
512: + try:
513: +
security_manager.raise_for_access(datasource=datasource)
514: + except SupersetSecurityException:
515: + return json_error_response(_("Forbidden"), status=403)
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
