You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2022/04/28 15:59:57 UTC

[GitHub] [airflow] bbovenzi commented on a diff in pull request #23332: Don't show grid actions if server would reject with permission denied

bbovenzi commented on code in PR #23332:
URL: https://github.com/apache/airflow/pull/23332#discussion_r861065004


##########
airflow/www/templates/airflow/dag.html:
##########
@@ -82,6 +82,9 @@
   {% endif %}
   {% if external_log_name is defined %}
   <meta name="external_log_name" content="{{ external_log_name }}">
+  {% if appbuilder.sm.can_edit_dag(dag.dag_id) %}
+  <meta name="can_edit" content="{{ appbuilder.sm.can_edit_dag(dag.dag_id) }}">

Review Comment:
   Should I use that instead of the current meta `content`?
   
   Also, what I meant is that a lot of these endpoints are checking multiple permissions, not just dag.can_edit.
   
   (ie: [/clear](https://github.com/apache/airflow/blob/main/airflow/www/views.py#L2014)
   ```
   @expose('/clear', methods=['POST'])
   @auth.has_access(
       [
           (permissions.ACTION_CAN_EDIT, permissions.RESOURCE_DAG),
           (permissions.ACTION_CAN_DELETE, permissions.RESOURCE_TASK_INSTANCE),
       ]
   )



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org