[GitHub] [superset] zephyring commented on a diff in pull request #24301: fix: Ability to share saved queries

["zephyring (via GitHub)" <gi...@apache.org>]

zephyring commented on code in PR #24301:
URL: https://github.com/apache/superset/pull/24301#discussion_r1232581425


##########
superset/queries/saved_queries/dao.py:
##########
@@ -44,3 +47,20 @@ def bulk_delete(models: Optional[list[SavedQuery]], commit: bool = True) -> None
         except SQLAlchemyError as ex:
             db.session.rollback()
             raise DAODeleteFailedError() from ex
+
+    @classmethod
+    def get_by_id(cls, _id: str) -> Optional[SavedQuery]:

Review Comment:
   I agreed with using permalink as long term solution for `copy link` or any other share with link feature as opposed to directly sharing with raw uuid. Even though uuid is impossible to guess, it's still security through obscurity(link can be leaked unintentionally).
   And we should be consistent for authorization policy on a resource regardless of the format of their IDs.
   But like @jfrag1 said this PR is to fix a breaking changes of the other PR. We will need to either revert that breaking PR or allow exception of this PR for now until formal SIP is made around how we represent/export resource application wide.



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org


---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@superset.apache.org
For additional commands, e-mail: notifications-help@superset.apache.org