codeant-ai-for-open-source[bot] commented on PR #38647:
URL: https://github.com/apache/superset/pull/38647#issuecomment-4102965573
## **Sequence Diagram**
This PR aligns legacy datasource endpoints with modern resource level
authorization. Read requests now enforce access checks before returning
metadata, and save requests always enforce ownership checks even when owners
are omitted from the payload.
```mermaid
sequenceDiagram
participant Client
participant LegacyDatasourceView
participant SecurityManager
participant MetadataBackend
Client->>LegacyDatasourceView: Request datasource metadata
LegacyDatasourceView->>LegacyDatasourceView: Resolve datasource or table
by name
LegacyDatasourceView->>SecurityManager: Check access for datasource or
database table
SecurityManager-->>LegacyDatasourceView: Access granted
LegacyDatasourceView->>MetadataBackend: Fetch metadata
MetadataBackend-->>LegacyDatasourceView: Metadata result
LegacyDatasourceView-->>Client: Return metadata response
Client->>LegacyDatasourceView: Submit datasource save request
LegacyDatasourceView->>SecurityManager: Verify ownership for update
SecurityManager-->>LegacyDatasourceView: Ownership granted
LegacyDatasourceView-->>Client: Save success response
```
---
*Generated by [CodeAnt AI](https://codeant.ai)*
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
