durgaprasadml opened a new pull request, #41865:
URL: https://github.com/apache/superset/pull/41865

   ### SUMMARY
   
   This change ensures that chart data API endpoints consistently return **HTTP 
403 Forbidden** when a `SupersetSecurityException` is raised during request 
validation.
   
   Previously, these exceptions were not explicitly handled, allowing them to 
propagate as an internal server error (HTTP 500). This resulted in callers, 
including the Alerts & Reports CSV generation flow, receiving an unexpected 500 
response instead of the appropriate authorization error.
   
   This patch adds explicit handling for `SupersetSecurityException` in the 
affected chart data API endpoints by returning `response_403()`, aligning their 
behavior with other protected Superset endpoints.
   
   ### BEFORE/AFTER SCREENSHOTS OR ANIMATED GIF
   
   Not applicable.
   
   ### TESTING INSTRUCTIONS
   
   1. Trigger a chart data request that raises a `SupersetSecurityException`.
   2. Verify the API returns **HTTP 403 Forbidden** instead of **HTTP 500 
Internal Server Error**.
   3. Verify authorized requests continue to return chart data successfully.
   4. Verify existing chart data endpoints continue to behave as expected.
   
   ### ADDITIONAL INFORMATION
   
   - [x] Has associated issue: Fixes #41862
   - [ ] Required feature flags
   - [ ] Changes UI
   - [ ] Includes DB Migration
   - [ ] Introduces new feature or API
   - [ ] Removes existing feature or API


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]


---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]

Reply via email to