You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by jh...@apache.org on 2021/08/13 18:20:51 UTC
[airflow] 31/38: Add missing permissions to varimport (#17468)
This is an automated email from the ASF dual-hosted git repository.
jhtimmins pushed a commit to branch v2-1-test
in repository https://gitbox.apache.org/repos/asf/airflow.git
commit 65667b5c9a198c91436893e7584b8c1df0b9bb89
Author: Ash Berlin-Taylor <as...@firemirror.com>
AuthorDate: Fri Aug 6 16:22:50 2021 +0100
Add missing permissions to varimport (#17468)
(cherry picked from commit eb6af07f5bc8958efd06818e84a5273a079304e1)
---
airflow/www/views.py | 2 +-
tests/www/views/test_views_variable.py | 13 +++++++++++++
2 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/airflow/www/views.py b/airflow/www/views.py
index e519ebf..09d27e0 100644
--- a/airflow/www/views.py
+++ b/airflow/www/views.py
@@ -3276,7 +3276,6 @@ class VariableModelView(AirflowModelView):
'delete': 'delete',
'action_muldelete': 'delete',
'action_varexport': 'read',
- 'varimport': 'create',
}
base_permissions = [
permissions.ACTION_CAN_CREATE,
@@ -3339,6 +3338,7 @@ class VariableModelView(AirflowModelView):
return response
@expose('/varimport', methods=["POST"])
+ @auth.has_access([(permissions.ACTION_CAN_CREATE, permissions.RESOURCE_VARIABLE)])
@action_logging
def varimport(self):
"""Import variables"""
diff --git a/tests/www/views/test_views_variable.py b/tests/www/views/test_views_variable.py
index f9b3744..292e971 100644
--- a/tests/www/views/test_views_variable.py
+++ b/tests/www/views/test_views_variable.py
@@ -96,6 +96,19 @@ def test_import_variables_success(session, admin_client):
check_content_in_response('4 variable(s) successfully updated.', resp)
+def test_import_variables_anon(session, app):
+ assert session.query(Variable).count() == 0
+
+ content = '{"str_key": "str_value}'
+ bytes_content = io.BytesIO(bytes(content, encoding='utf-8'))
+
+ resp = app.test_client().post(
+ '/variable/varimport', data={'file': (bytes_content, 'test.json')}, follow_redirects=True
+ )
+ check_content_not_in_response('variable(s) successfully updated.', resp)
+ check_content_in_response('Sign In', resp)
+
+
def test_description_retrieval(session, admin_client):
# create valid variable
admin_client.post('/variable/add', data=VARIABLE, follow_redirects=True)