fix(security): enforce datasource access control in get_samples() (#36550)

Co-authored-by: Claude <noreply@anthropic.com>

superset/views/datasource/utils.py

@@ -153,6 +153,12 @@ def get_samples(  # pylint: disable=too-many-arguments
     )
 
     try:
+        # Enforce access control before fetching data.
+        # This prevents users with "can samples on Datasource" permission from
+        # reading samples from datasets they don't have access to.
+        samples_instance.raise_for_access()
+        count_star_instance.raise_for_access()
+
         count_star_data = count_star_instance.get_payload()["queries"][0]
 
         if count_star_data.get("status") == QueryStatus.FAILED: