mirror of
https://github.com/apache/superset.git
synced 2026-05-22 00:05:15 +00:00
5e1ce67237
Thread 1 (app.py): Restructure the permission preamble to unambiguously separate write-access operations from SQL Lab access. Previously the preamble listed "saving SQL queries" inside the write-operations clause which could be read as including execute_sql. Now each permission type is its own bullet with explicit tool names. Thread 2 (server.py): Make _tool_allowed_for_current_user consistent with RBACToolVisibilityMiddleware: "No authenticated user found" ValueError now returns True (fail-open, show the tool) instead of False. Other ValueErrors and PermissionError remain fail-closed. Previously tool-search mode would hide all tools when no auth was configured, while tools/list showed all. Thread 3 (middleware.py): Replace _setup_user_context() with a direct call to get_user_from_request() in on_list_tools. _setup_user_context carries per-call execution overhead (retry loop, session management, error logging) that is inappropriate and noisy at list time. The middleware now controls all logging for list-time auth failures directly. Also updates all RBACToolVisibilityMiddleware tests to patch get_user_from_request instead of _setup_user_context, matching the refactored implementation.