QT/superset2
1
0
Fork 0
mirror of https://github.com/apache/superset.git synced 2026-05-22 00:05:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
042db32ba4be260f0df1b68a9bb5582bfc40113b
superset2/tests/unit_tests
History
Amin Ghadersohi 042db32ba4 fix(mcp): hide write tools from users without write permissions 
Phase 1: MCPPermissionDeniedError falls through to GlobalErrorHandlerMiddleware's
generic "Internal error" branch (500-style response) because it doesn't subclass
PermissionError. Fixed by adding it to _USER_ERROR_TYPES and an explicit elif
branch in _handle_error() that converts it to a clean ToolError.

Phase 2: Add RBACToolVisibilityMiddleware that intercepts tools/list and removes
tools the calling user lacks permission to execute. Add
is_tool_visible_to_current_user() to auth.py as the single source of truth for
tool visibility, shared by both the new middleware and the existing tool-search
transform. Register the middleware inside StructuredContentStripperMiddleware so
it filters full tool objects before outputSchema stripping. Fail open: if user
resolution fails, all tools are returned (call-time RBAC still enforces).

Also update server instructions to note write tools require write permissions.
2026-05-14 23:28:09 +00:00
..
advanced_data_type
annotation_layers
async_events
charts
fix(charts): set g.form_data for metric() Jinja macro on GET chart data endpoint (#39347)
2026-04-20 19:36:03 -07:00
columns
commands
fix(dashboard): use datasetUuid instead of datasetId in display controls export/import (SC-104655) (#40008)
2026-05-14 10:18:57 -07:00
common
fix(time-comparison): use chart row_limit instead of instance config in offset queries (#39490)
2026-05-01 16:24:59 -07:00
connectors
fix(dataset): add email field to owners_data for Chart Explore path (#38836)
2026-03-27 09:44:11 -03:00
dao
refactor(core): reorganize superset-core packages into feature-based structure (#38448)
2026-03-05 17:41:15 -03:00
daos
fix(reports): escape SQL LIKE wildcards in find_by_extra_metadata (#38738)
2026-04-09 12:58:06 +03:00
dashboards
fix(dashboard): use datasetUuid instead of datasetId in display controls export/import (SC-104655) (#40008)
2026-05-14 10:18:57 -07:00
databases
feat: support creating datasets for schema-less databases (#39433)
2026-05-11 08:30:13 -04:00
datasets
test(datasets): regression coverage for #16141 (export with same table name, different schemas) (#40123)
2026-05-14 11:08:23 -07:00
datasource
feat: semantic layer extension (#37815)
2026-05-05 12:07:46 -04:00
db_engine_specs
fix(trino/presto): use equality for boolean filters to support computed columns (#39500)
2026-05-08 16:10:27 -07:00
distributed_lock
feat: add global task framework (#36368)
2026-02-09 10:45:56 -08:00
examples
test(examples): add tests for UUID threading and security bypass (#37557)
2026-02-12 14:12:12 -08:00
explore
extensions
chore(extensions): simplify backend package structure by removing superset_extensions namespace (#38476)
2026-03-06 14:49:49 -03:00
fixtures
importexport
fix(importexport): honor overwrite flag on /api/v1/assets/import (#39502)
2026-05-11 10:24:42 -07:00
key_value
feat: add option for hash algorithms (#35621)
2025-12-09 16:59:07 +00:00
mcp_service
fix(mcp): hide write tools from users without write permissions
2026-05-14 23:28:09 +00:00
migrations
refactor: Enable G logging rules and comprehensive ruff improvements (#35081)
2025-09-15 12:42:49 -07:00
models
fix(sqla): pass catalog and schema to get_sqla_engine in values_for_column (#38681)
2026-05-11 09:54:48 -07:00
pandas_postprocessing
fix(mixed-timeseries): preserve all-NaN metric columns after pivot when Jinja evaluates to NULL (#40005)
2026-05-14 07:46:34 -03:00
queries
fix: Enforce per-user caching on legacy API endpoint (#39789)
2026-04-30 18:04:33 -03:00
reports
chore: bump rison to 2.0.0 (#39529)
2026-04-24 15:52:42 -04:00
scripts
security
feat: semantic layer extension (#37815)
2026-05-05 12:07:46 -04:00
semantic_layers
feat: semantic layer extension (#37815)
2026-05-05 12:07:46 -04:00
sql
fix(spark): register Spark SQLAlchemy dialect so spark:// URIs resolve to SparkEngineSpec (#38299)
2026-05-12 12:33:17 -04:00
sql_validators
feat(sqllab): syntax validation for sqlite-based DB engine specs (#38698)
2026-04-20 18:29:51 -04:00
tables
tags
fix(tags): expire tag relationship after deleting all tagged objects (#38163)
2026-03-04 10:37:19 -03:00
tasks
fix(OAuth2): Support OAuth2 exception with legacy endpoint (#39897)
2026-05-05 21:21:48 -03:00
themes
feat(theming): add per-theme custom font URL support (#36317)
2025-12-08 16:46:01 -08:00
thumbnails
fix(thumbnails): stabilize digest by sorting datasources and charts (#38079)
2026-02-20 09:51:35 +01:00
utils
fix(markdown): Allow "target" attribute (#39868)
2026-05-04 18:27:43 -04:00
views
fix(i18n): Fix menu bar translations not updating on language change (#34565)
2026-04-24 22:49:03 -07:00
__init__.py
config_test.py
conftest.py
fix: Bump FAB to 5.X (#33055)
2025-09-12 09:21:37 +01:00
core_tests.py
dataframe_test.py
fix(api): nan is not properly handled for athena connections (#37071)
2026-01-22 18:29:09 +03:00
extension_tests.py
fix(reports): keep body sized so standalone screenshots don't time out (#39944)
2026-05-07 12:26:50 +02:00
feature_flag_test.py
initialization_test.py
chore: Support specifying app_root via superset_config.py (#38284)
2026-02-28 01:35:08 -03:00
jinja_context_test.py
fix(jinja): drill-to-detail respects remove_filter=True in Jinja templates (#39594)
2026-04-23 16:11:13 -03:00
legacy_tests.py
result_set_test.py
fix(SQL Lab): handle columns without names (#38986)
2026-04-06 10:09:16 -04:00
sql_lab_execution_context.py
sql_lab_test.py
fix(rls): prevent double-apply when converting physical dataset to virtual (#39725)
2026-05-14 18:05:48 +03:00
test_viz_cache_key.py
fix: Enforce per-user caching on legacy API endpoint (#39789)
2026-04-30 18:04:33 -03:00
test_viz_get_df_payload.py
fix(OAuth2): Support OAuth2 exception with legacy endpoint (#39897)
2026-05-05 21:21:48 -03:00