You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by bo...@apache.org on 2016/10/09 08:14:25 UTC

incubator-airflow git commit: [AIRFLOW-518] Require DataProfilingMixin for Variables CRUD

Repository: incubator-airflow
Updated Branches:
  refs/heads/master 0fd14de41 -> 941500e14


[AIRFLOW-518] Require DataProfilingMixin for Variables CRUD

Many of us use the "Variable" model CRUD
(create/update/delete) as a k/v
store to power frameworks that read these values
to dynamically generate
pipelines.

With the basic "LoginMixin" role (lowest level of
access to Airflow)
having access to the Variable CRUD, people could
easily alter a Variable
to run arbitrary code on the platform, depending
on how variables are
use in that environment.

It's a safer bet to elevate CRUD on Variable to
DataProfilingMixin, and
make sure that the lowest level of access cannot
interfere with these
Variables.

Closes #1804 from mistercrunch/elevate_variables


Project: http://git-wip-us.apache.org/repos/asf/incubator-airflow/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-airflow/commit/941500e1
Tree: http://git-wip-us.apache.org/repos/asf/incubator-airflow/tree/941500e1
Diff: http://git-wip-us.apache.org/repos/asf/incubator-airflow/diff/941500e1

Branch: refs/heads/master
Commit: 941500e14f4e327cbae0b404515597afa04ade60
Parents: 0fd14de
Author: Maxime Beauchemin <ma...@gmail.com>
Authored: Sun Oct 9 10:12:48 2016 +0200
Committer: Bolke de Bruin <bo...@xs4all.nl>
Committed: Sun Oct 9 10:12:51 2016 +0200

----------------------------------------------------------------------
 airflow/www/views.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-airflow/blob/941500e1/airflow/www/views.py
----------------------------------------------------------------------
diff --git a/airflow/www/views.py b/airflow/www/views.py
index 3614e45..8450fd1 100644
--- a/airflow/www/views.py
+++ b/airflow/www/views.py
@@ -2102,7 +2102,7 @@ class KnowEventTypeView(wwwutils.DataProfilingMixin, AirflowModelView):
 # admin.add_view(mv)
 
 
-class VariableView(wwwutils.LoginMixin, AirflowModelView):
+class VariableView(wwwutils.DataProfilingMixin, AirflowModelView):
     verbose_name = "Variable"
     verbose_name_plural = "Variables"
     list_template = 'airflow/variable_list.html'