mirror of
https://github.com/apache/superset.git
synced 2026-05-21 15:55:10 +00:00
6d691b5070
- app.py: clarify execute_sql requires SQL Lab access (not write access) in both the instructions preamble and Permission Awareness section - auth.py: add log_denial param to check_tool_permission() to suppress noisy WARNING logs during tools/list scanning; downgrade "No authenticated user found" from ERROR to DEBUG in _setup_user_context - middleware.py: fail completely closed (return []) on credential failures instead of returning tools with no class_permission_name, which could include protect=True tools requiring auth; remove _public_tools_only helper - server.py: catch PermissionError (invalid API key) in addition to ValueError in _tool_allowed_for_current_user - tests: add tests for fail-closed branches (PermissionError, bad ValueError, and no-auth-configured ValueError in RBACToolVisibilityMiddleware)