You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by jh...@apache.org on 2021/11/02 16:04:58 UTC
[airflow] branch main updated: Removes unused state transitions to
handle auto-changing view permissions. (#19153)
This is an automated email from the ASF dual-hosted git repository.
jhtimmins pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 79b4bc9 Removes unused state transitions to handle auto-changing view permissions. (#19153)
79b4bc9 is described below
commit 79b4bc9f5288221837d4bebc0b6ac8a7cc85d341
Author: James Timmins <ja...@astronomer.io>
AuthorDate: Tue Nov 2 09:04:01 2021 -0700
Removes unused state transitions to handle auto-changing view permissions. (#19153)
* Remove unused FAB state transitions.
* Remove unused FAB constant.
---
airflow/www/fab_security/manager.py | 148 ------------------------------------
1 file changed, 148 deletions(-)
diff --git a/airflow/www/fab_security/manager.py b/airflow/www/fab_security/manager.py
index 1d4ef8f..460099c 100644
--- a/airflow/www/fab_security/manager.py
+++ b/airflow/www/fab_security/manager.py
@@ -39,7 +39,6 @@ from flask_appbuilder.const import (
LOGMSG_WAR_SEC_LOGIN_FAILED,
LOGMSG_WAR_SEC_NO_USER,
LOGMSG_WAR_SEC_NOLDAP_OBJ,
- PERMISSION_PREFIX,
)
from flask_appbuilder.security.api import SecurityApi
from flask_appbuilder.security.registerviews import (
@@ -1466,153 +1465,6 @@ class BaseSecurityManager:
self.remove_permission_from_role(role, permission)
self.delete_permission(permission.action.name, resource.name)
self.delete_resource(resource.name)
- self.security_converge(baseviews, menus)
-
- @staticmethod
- def _get_new_old_permissions(baseview) -> Dict:
- ret = {}
- for method_name, permission_name in baseview.method_permission_name.items():
- old_permission_name = baseview.previous_method_permission_name.get(method_name)
- # Actions do not get prefix when normally defined
- if hasattr(baseview, "actions") and baseview.actions.get(old_permission_name):
- permission_prefix = ""
- else:
- permission_prefix = PERMISSION_PREFIX
- if old_permission_name:
- if PERMISSION_PREFIX + permission_name not in ret:
- ret[PERMISSION_PREFIX + permission_name] = {permission_prefix + old_permission_name}
- else:
- ret[PERMISSION_PREFIX + permission_name].add(permission_prefix + old_permission_name)
- return ret
-
- @staticmethod
- def _add_state_transition(
- state_transition: Dict,
- old_resource_name: str,
- old_action_name: str,
- resource_name: str,
- action_name: str,
- ) -> None:
- old_perm = state_transition["add"].get((old_resource_name, old_action_name))
- if old_perm:
- state_transition["add"][(old_resource_name, old_action_name)].add((resource_name, action_name))
- else:
- state_transition["add"][(old_resource_name, old_action_name)] = {(resource_name, action_name)}
- state_transition["del_role_pvm"].add((old_resource_name, old_action_name))
- state_transition["del_views"].add(old_resource_name)
- state_transition["del_perms"].add(old_action_name)
-
- @staticmethod
- def _update_del_transitions(state_transitions: Dict, baseviews: List) -> None:
- """
- Mutates state_transitions, loop baseviews and prunes all
- views and permissions that are not to delete because references
- exist.
-
- :param baseview:
- :param state_transitions:
- :return:
- """
- for baseview in baseviews:
- state_transitions["del_views"].discard(baseview.class_permission_name)
- for permission in baseview.base_permissions:
- state_transitions["del_role_pvm"].discard((baseview.class_permission_name, permission))
- state_transitions["del_perms"].discard(permission)
-
- def create_state_transitions(self, baseviews: List, menus: List) -> Dict:
- """
- Creates a Dict with all the necessary vm/permission transitions
-
- Dict: {
- "add": {(<VM>, <PERM>): ((<VM>, PERM), ... )}
- "del_role_pvm": ((<VM>, <PERM>), ...)
- "del_views": (<VM>, ... )
- "del_perms": (<PERM>, ... )
- }
-
- :param baseviews: List with all the registered BaseView, BaseApi
- :param menus: List with all the menu entries
- :return: Dict with state transitions
- """
- state_transitions = {
- "add": {},
- "del_role_pvm": set(),
- "del_views": set(),
- "del_perms": set(),
- }
- for baseview in baseviews:
- add_all_flag = False
- new_view_name = baseview.class_permission_name
- permission_mapping = self._get_new_old_permissions(baseview)
- if baseview.previous_class_permission_name:
- old_view_name = baseview.previous_class_permission_name
- add_all_flag = True
- else:
- new_view_name = baseview.class_permission_name
- old_view_name = new_view_name
- for new_perm_name in baseview.base_permissions:
- if add_all_flag:
- old_perm_names = permission_mapping.get(new_perm_name)
- old_perm_names = old_perm_names or (new_perm_name,)
- for old_perm_name in old_perm_names:
- self._add_state_transition(
- state_transitions,
- old_view_name,
- old_perm_name,
- new_view_name,
- new_perm_name,
- )
- else:
- old_perm_names = permission_mapping.get(new_perm_name) or set()
- for old_perm_name in old_perm_names:
- self._add_state_transition(
- state_transitions,
- old_view_name,
- old_perm_name,
- new_view_name,
- new_perm_name,
- )
- self._update_del_transitions(state_transitions, baseviews)
- return state_transitions
-
- def security_converge(self, baseviews: List, menus: List, dry=False) -> Dict:
- """
- Converges overridden permissions on all registered views/api
- will compute all necessary operations from `class_permissions_name`,
- `previous_class_permission_name`, method_permission_name`,
- `previous_method_permission_name` class attributes.
-
- :param baseviews: List of registered views/apis
- :param menus: List of menu items
- :param dry: If True will not change DB
- :return: Dict with the necessary operations (state_transitions)
- """
- state_transitions = self.create_state_transitions(baseviews, menus)
- if dry:
- return state_transitions
- if not state_transitions:
- log.info("No state transitions found")
- return {}
- log.debug(f"State transitions: {state_transitions}")
- roles = self.get_all_roles()
- for role in roles:
- perms = list(role.permissions)
- for perm in perms:
- new_perm_states = state_transitions["add"].get((perm.resource.name, perm.action.name))
- if not new_perm_states:
- continue
- for new_perm_state in new_perm_states:
- new_perm = self.create_permission(new_perm_state[1], new_perm_state[0])
- self.add_permission_to_role(role, new_perm)
- if (perm.resource.name, perm.permission.name) in state_transitions["del_role_pvm"]:
- self.remove_permission_from_role(role, perm)
- for perm in state_transitions["del_role_pvm"]:
- self.delete_permission(perm[1], perm[0], cascade=False)
- for resource_name in state_transitions["del_views"]:
- self.delete_resource(resource_name)
- for action_name in state_transitions["del_perms"]:
- self.delete_action(action_name)
- return state_transitions
def find_register_user(self, registration_hash):
"""Generic function to return user registration"""