You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/01/27 18:54:00 UTC

[GitHub] [airflow] jhtimmins commented on a change in pull request #13923: Don't add Website.can_read access to default roles.

jhtimmins commented on a change in pull request #13923:
URL: https://github.com/apache/airflow/pull/13923#discussion_r565554381



##########
File path: airflow/www/security.py
##########
@@ -441,14 +441,15 @@ def _merge_perm(self, permission_name, view_menu_name):
 
     def add_homepage_access_to_custom_roles(self):
         """
-        Add Website.can_read access to all roles.
+        Add Website.can_read access to all custom roles.
 
         :return: None.
         """
         website_permission = self.add_permission_view_menu(
             permissions.ACTION_CAN_READ, permissions.RESOURCE_WEBSITE
         )
-        for role in self.get_all_roles():
+        custom_roles = [role for role in self.get_all_roles() if role.name not in EXISTING_ROLES]
+        for role in custom_roles:

Review comment:
       @kaxil All roles except for Public will get `Website.can_read`. This is just only added to custom roles explicitly, since the default ones already have it. So mostly I just wanted to not give Public that access.
   
   Still think it's worth adding a test to make sure that isn't available to Public?




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org