Skip to content

Commit

Permalink
Merge pull request apache#5716 from lyft/DPTOOLS-976
Browse files Browse the repository at this point in the history
Return 403 on no authorization
  • Loading branch information
betodealmeida authored Aug 24, 2018
2 parents fdfa764 + c0559c1 commit bcdc198
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions superset/views/core.py
Original file line number Diff line number Diff line change
Expand Up @@ -2340,7 +2340,7 @@ def results(self, key):
query.sql, query.database, query.schema)
if rejected_tables:
return json_error_response(security_manager.get_table_access_error_msg(
'{}'.format(rejected_tables)))
'{}'.format(rejected_tables)), status=403)

return json_success(utils.zlib_decompress_to_string(blob))

Expand Down Expand Up @@ -2383,7 +2383,8 @@ def sql_json(self):
if rejected_tables:
return json_error_response(
security_manager.get_table_access_error_msg(rejected_tables),
link=security_manager.get_table_access_link(rejected_tables))
link=security_manager.get_table_access_link(rejected_tables),
status=403)
session.commit()

select_as_cta = request.form.get('select_as_cta') == 'true'
Expand Down

0 comments on commit bcdc198

Please sign in to comment.