get_samples() doesn't raise for access

[FraterCRC]

Bug description

1. Give user permission "can samples on Datasource".
2. Find dataset user cannot read and try to create chart
3. You will get error, but you can read samples because ChartResultType.FULL -> _get_full() doesn't raise for access.

Screenshots/recordings

No response

Superset version

master / latest-dev

Python version

3.9

Node version

16

Browser

Chrome

Additional context

No response

Checklist

• I have searched Superset docs and Slack and didn't find a solution to my problem.
• I have searched the GitHub issue tracker and didn't find a similar bug report.
• I have checked Superset's logs for errors and if I found a relevant Python stacktrace, I included it here as text in the "additional context" section.

[dosubot]

The issue you're encountering seems to be related to the get_samples() function and its interaction with access control in Superset. Specifically, it appears that users with the "can samples on Datasource" permission can read samples from a dataset they do not have full read access to, due to the behavior of the _get_full() function when ChartResultType.FULL is used.

The _get_full() function is responsible for retrieving and preparing a comprehensive result payload for a query. However, it seems that it does not enforce access control checks when returning data samples, which might be why users can access samples even if they don't have full read permissions on the dataset ^[1].

To address this issue, you might need to review the access control logic within the _get_full() function and ensure that appropriate checks are in place to prevent unauthorized data access. This could involve modifying the function to raise access control exceptions when necessary, similar to how other parts of Superset handle access control errors ^[2][3].

To continue talking to Dosu, mention @dosu.

---

^{Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Other}