You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2022/02/11 05:22:21 UTC

[GitHub] [airflow] jhtimmins commented on pull request #21483: Fix bug incorrectly removing action from role, rather than permission.

jhtimmins commented on pull request #21483:
URL: https://github.com/apache/airflow/pull/21483#issuecomment-1035892923


   To add some context about why this PR required modifying views.py:
   
   FAB maps a permission resource to a single view class. It assumes that the base actions defined on that view are the only actions allowed with that resource.
   
   The original code that I fixes (as it is broken in FAB) does cleanup by loading new permissions and then making sure that no roles contain a resource + action pair not defined in the views' base permissions.
   
   With that code working, several tests failed because in security.py we give certain resource + action pairs to roles, but two of those pairs involved actions that weren't included the the corresponding views' base actions.
   
   In order to address the previous issue, I simply added the actions as base actions to the relevant view classes. This doesn't give new access to roles, it just lets the cleanup step know that roles are allowed to have those actions.


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org

For queries about this service, please contact Infrastructure at:
users@infra.apache.org