You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by "sreenusuuda (via GitHub)" <gi...@apache.org> on 2024/02/16 17:33:51 UTC

[I] User is able to see dag code even if user doesn't have access to view. [airflow]

sreenusuuda opened a new issue, #37489:
URL: https://github.com/apache/airflow/issues/37489

   ### Apache Airflow version
   
   2.8.1
   
   ### If "Other Airflow 2 version" selected, which one?
   
   _No response_
   
   ### What happened?
   
   User is able to see dag’s code from the task details screen(where we show details, graph, grant, code) even though he doesn’t have that permission. Code Button in the top menu is throwing access denied error
   
   ### What you think should happen instead?
   
   We should restrict user in viewing dag's code from the highlighted button.
   
   ### How to reproduce
   
   1. Do not give user DAG Code.can_read permission.
   2. Try to login with above user credentials.
   3. Click on dag and then click on task.
   4. Click on code button.
   
   ### Operating System
   
   mac os
   
   ### Versions of Apache Airflow Providers
   
   _No response_
   
   ### Deployment
   
   Docker-Compose
   
   ### Deployment details
   
   _No response_
   
   ### Anything else?
   
   _No response_
   
   ### Are you willing to submit PR?
   
   - [ ] Yes I am willing to submit a PR!
   
   ### Code of Conduct
   
   - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] User is able to see dag code even if user doesn't have access to view. [airflow]

Posted by "potiuk (via GitHub)" <gi...@apache.org>.
potiuk commented on issue #37489:
URL: https://github.com/apache/airflow/issues/37489#issuecomment-1949479357

   Can you please report it following https://github.com/apache/airflow/security/policy. Public issue is a bad idea in this case.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org

Re: [I] User is able to see dag code even if user doesn't have access to view. [airflow]

Posted by "potiuk (via GitHub)" <gi...@apache.org>.
potiuk closed issue #37489: User is able to see dag code even if user doesn't have access to view.
URL: https://github.com/apache/airflow/issues/37489


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org