You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2020/12/06 17:45:44 UTC

[GitHub] [airflow] ashb commented on a change in pull request #12846: Fix login error warning

ashb commented on a change in pull request #12846:
URL: https://github.com/apache/airflow/pull/12846#discussion_r537088763



##########
File path: airflow/www/auth.py
##########
@@ -32,9 +32,6 @@ def decorated(*args, **kwargs):
             appbuilder = current_app.appbuilder
             if appbuilder.sm.check_authorization(permissions, request.args.get('dag_id', None)):
                 return func(*args, **kwargs)
-            else:
-                access_denied = "Access is Denied"
-                flash(access_denied, "danger")

Review comment:
       So, this isn't quite right.
   
   This helps when the user isn't logged in, but if you are a non-admin user, and you, for example, try to go to `http://localhost:8080/connection/list/` then it will redirect you (in a _very_ round about way via /login -> /) to /home and show this "access is deined" flash.
   
   I think without that flash message it would be very confusing.
   
   So we probably need to do something like looking at current_user.is_anonymous (I think that's the property) -- if it's anon, don't show the flash, but if there is a user then, yes, you can't actually access this page.




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org