dosubot[bot] commented on issue #31944: URL: https://github.com/apache/superset/issues/31944#issuecomment-2604799996
<!-- Answer --> The issue you're encountering seems to be related to the `get_samples()` function and its interaction with access control in Superset. Specifically, it appears that users with the "can samples on Datasource" permission can read samples from a dataset they do not have full read access to, due to the behavior of the `_get_full()` function when `ChartResultType.FULL` is used. The `_get_full()` function is responsible for retrieving and preparing a comprehensive result payload for a query. However, it seems that it does not enforce access control checks when returning data samples, which might be why users can access samples even if they don't have full read permissions on the dataset <sup>[[1]](https://github.com/apache/superset/blob/master/superset/common/query_actions.py)</sup>. To address this issue, you might need to review the access control logic within the `_get_full()` function and ensure that appropriate checks are in place to prevent unauthorized data access. This could involve modifying the function to raise access control exceptions when necessary, similar to how other parts of Superset handle access control errors <sup>[[2]](https://github.com/apache/superset/blob/master/superset/security/manager.py)</sup><sup>[[3]](https://github.com/apache/superset/blob/master/superset/errors.py)</sup>. <!-- Dosu Comment Footer --> *To continue talking to [Dosu](https://dosu.dev), mention @dosu.* --- <sup>Help Dosu learn! Give it feedback: [Great Response](https://app.dosu.dev/response-feedback/6fa7d905-c99c-4543-aa27-f31ee21dfb89?feedback_type=great_response) | [Irrelevant Answer](https://app.dosu.dev/response-feedback/6fa7d905-c99c-4543-aa27-f31ee21dfb89?feedback_type=irrelevant_answer) | [Incorrect Sources](https://app.dosu.dev/response-feedback/6fa7d905-c99c-4543-aa27-f31ee21dfb89?feedback_type=incorrect_sources) | [Too Verbose](https://app.dosu.dev/response-feedback/6fa7d905-c99c-4543-aa27-f31ee21dfb89?feedback_type=too_verbose) | [Hallucination](https://app.dosu.dev/response-feedback/6fa7d905-c99c-4543-aa27-f31ee21dfb89?feedback_type=hallucination) | [Other](https://app.dosu.dev/response-feedback/6fa7d905-c99c-4543-aa27-f31ee21dfb89?feedback_type=other)</sup> -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected] --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
