feat: return security errors in the SIP-40 format (#9796)

2026-04-21 00:54:44 +00:00 · 2020-05-13 17:10:37 -07:00
parent cf30e16550
commit d02f2d1fa7
9 changed files with 123 additions and 21 deletions
--- a/superset/security/manager.py
+++ b/superset/security/manager.py
@@ -43,6 +43,7 @@ from sqlalchemy.orm.query import Query
 from superset import sql_parse
 from superset.connectors.connector_registry import ConnectorRegistry
 from superset.constants import RouteMethod
+from superset.errors import ErrorLevel, SupersetError, SupersetErrorType
 from superset.exceptions import SupersetSecurityException
 from superset.utils.core import DatasourceName

@@ -291,6 +292,25 @@ class SupersetSecurityManager(SecurityManager):

        return conf.get("PERMISSION_INSTRUCTIONS_LINK")

+    def get_datasource_access_error_object(
+        self, datasource: "BaseDatasource"
+    ) -> SupersetError:
+        """
+        Return the error object for the denied Superset datasource.
+
+        :param datasource: The denied Superset datasource
+        :returns: The error object
+        """
+        return SupersetError(
+            error_type=SupersetErrorType.DATASOURCE_SECURITY_ACCESS_ERROR,
+            message=self.get_datasource_access_error_msg(datasource),
+            level=ErrorLevel.ERROR,
+            extra={
+                "link": self.get_datasource_access_link(datasource),
+                "datasource": datasource.name,
+            },
+        )
+
    def get_table_access_error_msg(self, tables: Set["Table"]) -> str:
        """
        Return the error message for the denied SQL tables.
@@ -303,6 +323,23 @@ class SupersetSecurityManager(SecurityManager):
        return f"""You need access to the following tables: {", ".join(quoted_tables)},
            `all_database_access` or `all_datasource_access` permission"""

+    def get_table_access_error_object(self, tables: Set["Table"]) -> SupersetError:
+        """
+        Return the error object for the denied SQL tables.
+
+        :param tables: The set of denied SQL tables
+        :returns: The error object
+        """
+        return SupersetError(
+            error_type=SupersetErrorType.TABLE_SECURITY_ACCESS_ERROR,
+            message=self.get_table_access_error_msg(tables),
+            level=ErrorLevel.ERROR,
+            extra={
+                "link": self.get_table_access_link(tables),
+                "tables": [str(table) for table in tables],
+            },
+        )
+
    def get_table_access_link(self, tables: Set["Table"]) -> Optional[str]:
        """
        Return the access link for the denied SQL tables.
@@ -828,8 +865,7 @@ class SupersetSecurityManager(SecurityManager):

        if not self.datasource_access(datasource):
            raise SupersetSecurityException(
-                self.get_datasource_access_error_msg(datasource),
-                self.get_datasource_access_link(datasource),
+                self.get_datasource_access_error_object(datasource),
            )

    def assert_query_context_permission(self, query_context: "QueryContext") -> None: