You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2022/08/16 09:28:41 UTC

[GitHub] [airflow] szczeles opened a new issue, #25734: Can't remove permission from a role using the API

szczeles opened a new issue, #25734:
URL: https://github.com/apache/airflow/issues/25734

   ### Apache Airflow version
   
   2.3.3
   
   ### What happened
   
   There is an API `PATCH /api/v1/roles/[role]` that is supposed to be able to update existing role. When I call it, providing list of permissions to attach in `actions` field (in JSON body), the new permissions are added to the role, but removed permissions are not removed. It is related to the fact that API implementation calls [security_manager.bulk_sync_roles](https://github.com/apache/airflow/blob/2.3.3/airflow/api_connexion/endpoints/role_and_permission_endpoint.py#L139) and the method never removes any permissions, only adds new ones by calling [self.add_permission_to_role](https://github.com/apache/airflow/blob/2.3.3/airflow/www/security.py#L243).
   
   ### What you think should happen instead
   
   API call to `PATCH /api/v1/roles/[role]` should remove the dropped permissions. UI form works that way.
   
   ### How to reproduce
   
   1. Setup a fresh airflow (webserver is enough) and login as admin to the UI
   2. Create new role with permissions: `can read on Website`, `menu access on Browse`
   3. Use `PATCH /api/v1/roles/[role]` to update permissions to `can read on Website`, `can read on DAGs`
   4. Verify in UI that role has 3 permissions ->  `menu access on Browse` is not removed
   
   ### Operating System
   
   Debian 10
   
   ### Versions of Apache Airflow Providers
   
   _No response_
   
   ### Deployment
   
   Official Apache Airflow Helm Chart
   
   ### Deployment details
   
   _No response_
   
   ### Anything else
   
   _No response_
   
   ### Are you willing to submit PR?
   
   - [X] Yes I am willing to submit a PR!
   
   ### Code of Conduct
   
   - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] boring-cyborg[bot] commented on issue #25734: Can't remove permission from a role using the API

Posted by GitBox <gi...@apache.org>.

boring-cyborg[bot] commented on issue #25734:
URL: https://github.com/apache/airflow/issues/25734#issuecomment-1216390813

   Thanks for opening your first issue here! Be sure to follow the issue template!
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] eladkal commented on issue #25734: Can't remove permission from a role using the API

Posted by GitBox <gi...@apache.org>.

eladkal commented on issue #25734:
URL: https://github.com/apache/airflow/issues/25734#issuecomment-1378383916

   @juliusdelta are you still working on this issue?


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] juliusdelta commented on issue #25734: Can't remove permission from a role using the API

Posted by GitBox <gi...@apache.org>.

juliusdelta commented on issue #25734:
URL: https://github.com/apache/airflow/issues/25734#issuecomment-1227442406

   @szczeles Are you planning to take this? I'd be willing to submit a PR if not.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] potiuk commented on issue #25734: Can't remove permission from a role using the API

Posted by GitBox <gi...@apache.org>.

potiuk commented on issue #25734:
URL: https://github.com/apache/airflow/issues/25734#issuecomment-1227604088

   I think you can start working on it @juliusdelta if there is no response soon -> @szczeles, if you have not looked at it yet you could do a review as well :) . This might be super-helpful.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

[GitHub] [airflow] szczeles commented on issue #25734: Can't remove permission from a role using the API

Posted by GitBox <gi...@apache.org>.

szczeles commented on issue #25734:
URL: https://github.com/apache/airflow/issues/25734#issuecomment-1227639844

   Hey, @juliusdelta! I didn't start working on this yet, so feel free to submit PR for this. I'm happy to review and test in my lab when it's done. Good luck!


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org