From bdcad9bdb47e4b8ff400fa2eb9acfda498710fd8 Mon Sep 17 00:00:00 2001 From: Mehmet Salih Yavuz Date: Thu, 7 May 2026 14:08:30 +0300 Subject: [PATCH] fix(datasource): map combined_list to can_read so Gamma can list datasets The combined_list endpoint added in #37815 used the auto-derived `can_combined_list on Datasource` permission, which is not in READ_ONLY_PERMISSION and is therefore excluded from the Gamma role by _is_alpha_only. Map it to `can_read on Datasource` instead so Gamma inherits access alongside Alpha and Admin. --- superset/datasource/api.py | 4 ++++ tests/integration_tests/datasource/api_tests.py | 6 ++---- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/superset/datasource/api.py b/superset/datasource/api.py index fb3f21c6926..0bda8bf35d5 100644 --- a/superset/datasource/api.py +++ b/superset/datasource/api.py @@ -42,6 +42,10 @@ class DatasourceRestApi(BaseSupersetApi): class_permission_name = "Datasource" resource_name = "datasource" openapi_spec_tag = "Datasources" + # Map the combined list endpoint to the generic `can_read on Datasource` + # permission so it inherits the Gamma/Alpha/Admin grants instead of + # creating a method-specific permission that is Alpha-only by default. + method_permission_name = {"combined_list": "read"} @expose( "///column//values/", diff --git a/tests/integration_tests/datasource/api_tests.py b/tests/integration_tests/datasource/api_tests.py index 0dda05a41ac..cece8a3a941 100644 --- a/tests/integration_tests/datasource/api_tests.py +++ b/tests/integration_tests/datasource/api_tests.py @@ -212,10 +212,8 @@ class TestDatasourceApi(SupersetTestCase): run_mock, can_access_mock, ): - security_manager.add_permission_view_menu("can_combined_list", "Datasource") - perm = security_manager.find_permission_view_menu( - "can_combined_list", "Datasource" - ) + security_manager.add_permission_view_menu("can_read", "Datasource") + perm = security_manager.find_permission_view_menu("can_read", "Datasource") admin_role = security_manager.find_role("Admin") security_manager.add_permission_role(admin_role, perm) can_access_mock.side_effect = [True, True]