You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2021/01/27 12:11:41 UTC

[GitHub] [airflow] kaxil commented on a change in pull request #13923: Don't add Website.can_read access to default roles.

kaxil commented on a change in pull request #13923:
URL: https://github.com/apache/airflow/pull/13923#discussion_r565259174



##########
File path: airflow/www/security.py
##########
@@ -441,14 +441,15 @@ def _merge_perm(self, permission_name, view_menu_name):
 
     def add_homepage_access_to_custom_roles(self):
         """
-        Add Website.can_read access to all roles.
+        Add Website.can_read access to all custom roles.
 
         :return: None.
         """
         website_permission = self.add_permission_view_menu(
             permissions.ACTION_CAN_READ, permissions.RESOURCE_WEBSITE
         )
-        for role in self.get_all_roles():
+        custom_roles = [role for role in self.get_all_roles() if role.name not in EXISTING_ROLES]
+        for role in custom_roles:

Review comment:
       Can you add a test to prevent regression -- that checks that only custom roles have `Website.can_read`




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org