You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/06/24 15:49:31 UTC

[GitHub] [airflow] ashb commented on a change in pull request #16634: Change TaskInstances and DagRun modify permissions to require can_edit on DAG resource.

ashb commented on a change in pull request #16634:
URL: https://github.com/apache/airflow/pull/16634#discussion_r658072491



##########
File path: airflow/www/security.py
##########
@@ -520,6 +520,17 @@ def _has_perm(self, action_name, resource_name):
         self._get_and_cache_perms()
         return (action_name, resource_name) in self.perms
 
+    def has_all_dags_edit_access(self):
+        """
+        Has all the dag access in any of the 3 cases:
+        1. Role needs to be in (Admin, Viewer, User, Op).
+        2. Has can_read action on dags resource.
+        3. Has can_edit action on dags resource.
+        """
+        return self._has_role(['Admin', 'Op', 'User']) or self._has_perm(

Review comment:
       Why do we need the rule check? Don't the roles already have this permission? (And by adding the Role is "x" it means the permissions on the build in roles don't have any effect)

##########
File path: airflow/www/security.py
##########
@@ -520,6 +520,17 @@ def _has_perm(self, action_name, resource_name):
         self._get_and_cache_perms()
         return (action_name, resource_name) in self.perms
 
+    def has_all_dags_edit_access(self):
+        """
+        Has all the dag access in any of the 3 cases:
+        1. Role needs to be in (Admin, Viewer, User, Op).
+        2. Has can_read action on dags resource.
+        3. Has can_edit action on dags resource.
+        """
+        return self._has_role(['Admin', 'Op', 'User']) or self._has_perm(

Review comment:
       Why do we need the role check? Don't the roles already have this permission? (And by adding the Role is "x" it means the permissions on the build in roles don't have any effect)




-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org