You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@airflow.apache.org by GitBox <gi...@apache.org> on 2023/01/07 16:23:24 UTC
[GitHub] [airflow] vchiapaikeo opened a new pull request, #28781: Fix UIAlert should_show when AUTH_ROLE_PUBLIC set
vchiapaikeo opened a new pull request, #28781:
URL: https://github.com/apache/airflow/pull/28781
<!--
Thank you for contributing! Please make sure that your code changes
are covered with tests. And in case of new features or big changes
remember to adjust the documentation.
Feel free to ping committers for the review!
In case of an existing issue, reference it using one of the following:
closes: #ISSUE
related: #ISSUE
How to write a good git commit message:
http://chris.beams.io/posts/git-commit/
-->
closes: https://github.com/apache/airflow/issues/28746
If we detect that the securitymanager.current_user is None, we should not attempt to get its roles attribute.
Instead, we can check to see if the AUTH_ROLE_PUBLIC is set in webserver_config.py which will tell us if a public role is being used. If it is, we can assume that because the current_user is None, the current_user's role is the public role.
Needed to add an anonymous_client fixture to simulate AUTH_ROLE_PUBLIC being set and an anonymous user hitting home.
---
**^ Add meaningful description above**
Read the **[Pull Request Guidelines](https://github.com/apache/airflow/blob/main/CONTRIBUTING.rst#pull-request-guidelines)** for more information.
In case of fundamental code changes, an Airflow Improvement Proposal ([AIP](https://cwiki.apache.org/confluence/display/AIRFLOW/Airflow+Improvement+Proposals)) is needed.
In case of a new dependency, check compliance with the [ASF 3rd Party License Policy](https://www.apache.org/legal/resolved.html#category-x).
In case of backwards incompatible changes please leave a note in a newsfragment file, named `{pr_number}.significant.rst` or `{issue_number}.significant.rst`, in [newsfragments](https://github.com/apache/airflow/tree/main/newsfragments).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] pierrejeambrun commented on a diff in pull request #28781: Fix UIAlert should_show when AUTH_ROLE_PUBLIC set
Posted by GitBox <gi...@apache.org>.
pierrejeambrun commented on code in PR #28781:
URL: https://github.com/apache/airflow/pull/28781#discussion_r1064049902
##########
airflow/www/utils.py:
##########
@@ -821,9 +821,24 @@ def __init__(
self.message = Markup(message) if html else message
def should_show(self, securitymanager) -> bool:
- """Determine if the user should see the message based on their role membership"""
+ """
Review Comment:
Can we take the opportunity to type annotate the `securitymanager` parameter
##########
airflow/www/utils.py:
##########
@@ -821,9 +821,24 @@ def __init__(
self.message = Markup(message) if html else message
def should_show(self, securitymanager) -> bool:
- """Determine if the user should see the message based on their role membership"""
+ """
+ Determine if the user should see the message based on their role membership.
+ If the user is anonymous and AUTH_ROLE_PUBLIC is set in webserver_config.py,
+ provide that user with the AUTH_ROLE_PUBLIC role.
+ """
if self.roles:
- user_roles = {r.name for r in securitymanager.current_user.roles}
+ current_user = securitymanager.current_user
+ user_roles = set()
+
+ if current_user and hasattr(current_user, "roles") and len(current_user.roles) > 0:
Review Comment:
I think the security manager loads only `User` objects, cf `BaseSecurityManager`, so I don't think we need the extra check `hasattr(current_user, "roles")`, same for the check on the length of the roles.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] vchiapaikeo commented on a diff in pull request #28781: Fix UIAlert should_show when AUTH_ROLE_PUBLIC set
Posted by GitBox <gi...@apache.org>.
vchiapaikeo commented on code in PR #28781:
URL: https://github.com/apache/airflow/pull/28781#discussion_r1064056434
##########
airflow/www/utils.py:
##########
@@ -821,9 +821,24 @@ def __init__(
self.message = Markup(message) if html else message
def should_show(self, securitymanager) -> bool:
- """Determine if the user should see the message based on their role membership"""
+ """
Review Comment:
Do you think I should type it with SecurityManager or BaseSecurityManager? I did the former but please let me know if we should do the latter.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] eladkal merged pull request #28781: Fix UIAlert should_show when AUTH_ROLE_PUBLIC set
Posted by GitBox <gi...@apache.org>.
eladkal merged PR #28781:
URL: https://github.com/apache/airflow/pull/28781
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] uranusjr commented on a diff in pull request #28781: Fix UIAlert should_show when AUTH_ROLE_PUBLIC set
Posted by GitBox <gi...@apache.org>.
uranusjr commented on code in PR #28781:
URL: https://github.com/apache/airflow/pull/28781#discussion_r1064255376
##########
airflow/www/utils.py:
##########
@@ -820,10 +822,26 @@ def __init__(
self.html = html
self.message = Markup(message) if html else message
- def should_show(self, securitymanager) -> bool:
- """Determine if the user should see the message based on their role membership"""
+ def should_show(self, securitymanager: SecurityManager) -> bool:
+ """Determine if the user should see the message.
+
+ The decision is based on the user's role. If ``AUTH_ROLE_PUBLIC`` is
+ set in ``webserver_config.py``, An anonymous user would have the
+ ``AUTH_ROLE_PUBLIC`` role.
+ """
if self.roles:
- user_roles = {r.name for r in securitymanager.current_user.roles}
+ current_user = securitymanager.current_user
+ user_roles = set()
+
Review Comment:
```suggestion
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] uranusjr commented on a diff in pull request #28781: Fix UIAlert should_show when AUTH_ROLE_PUBLIC set
Posted by GitBox <gi...@apache.org>.
uranusjr commented on code in PR #28781:
URL: https://github.com/apache/airflow/pull/28781#discussion_r1064255188
##########
airflow/www/utils.py:
##########
@@ -820,10 +822,25 @@ def __init__(
self.html = html
self.message = Markup(message) if html else message
- def should_show(self, securitymanager) -> bool:
- """Determine if the user should see the message based on their role membership"""
+ def should_show(self, securitymanager: SecurityManager) -> bool:
+ """
+ Determine if the user should see the message based on their role membership.
+ If the user is anonymous and AUTH_ROLE_PUBLIC is set in webserver_config.py,
+ provide that user with the AUTH_ROLE_PUBLIC role.
+ """
Review Comment:
```suggestion
"""Determine if the user should see the message.
The decision is based on the user's role. If ``AUTH_ROLE_PUBLIC`` is set
in ``webserver_config.py``, An anonymous user would have the
``AUTH_ROLE_PUBLIC`` role.
"""
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] vchiapaikeo commented on pull request #28781: Fix UIAlert should_show when AUTH_ROLE_PUBLIC set
Posted by GitBox <gi...@apache.org>.
vchiapaikeo commented on PR #28781:
URL: https://github.com/apache/airflow/pull/28781#issuecomment-1375516677
Thank you for the extra commits @uranusjr 🙏 . It looks cleaner now.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] uranusjr commented on a diff in pull request #28781: Fix UIAlert should_show when AUTH_ROLE_PUBLIC set
Posted by GitBox <gi...@apache.org>.
uranusjr commented on code in PR #28781:
URL: https://github.com/apache/airflow/pull/28781#discussion_r1064255602
##########
airflow/www/utils.py:
##########
@@ -820,10 +822,24 @@ def __init__(
self.html = html
self.message = Markup(message) if html else message
- def should_show(self, securitymanager) -> bool:
- """Determine if the user should see the message based on their role membership"""
+ def should_show(self, securitymanager: SecurityManager) -> bool:
+ """Determine if the user should see the message.
+
+ The decision is based on the user's role. If ``AUTH_ROLE_PUBLIC`` is
+ set in ``webserver_config.py``, An anonymous user would have the
+ ``AUTH_ROLE_PUBLIC`` role.
+ """
if self.roles:
- user_roles = {r.name for r in securitymanager.current_user.roles}
+ current_user = securitymanager.current_user
+ if current_user:
+ user_roles = {r.name for r in securitymanager.current_user.roles}
+ elif current_user is None and "AUTH_ROLE_PUBLIC" in securitymanager.appbuilder.get_app.config:
+ # If the current_user is anonymous, assign AUTH_ROLE_PUBLIC role (if it exists) to them
+ user_roles = {securitymanager.appbuilder.get_app.config["AUTH_ROLE_PUBLIC"]}
+ else:
+ # Unable to obtain user role - default to not showing
+ return False
Review Comment:
```suggestion
if current_user is not None:
user_roles = {r.name for r in securitymanager.current_user.roles}
elif "AUTH_ROLE_PUBLIC" in securitymanager.appbuilder.get_app.config:
# If the current_user is anonymous, assign AUTH_ROLE_PUBLIC role (if it exists) to them
user_roles = {securitymanager.appbuilder.get_app.config["AUTH_ROLE_PUBLIC"]}
else:
# Unable to obtain user role - default to not showing
return False
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org
[GitHub] [airflow] uranusjr commented on a diff in pull request #28781: Fix UIAlert should_show when AUTH_ROLE_PUBLIC set
Posted by GitBox <gi...@apache.org>.
uranusjr commented on code in PR #28781:
URL: https://github.com/apache/airflow/pull/28781#discussion_r1064255188
##########
airflow/www/utils.py:
##########
@@ -820,10 +822,25 @@ def __init__(
self.html = html
self.message = Markup(message) if html else message
- def should_show(self, securitymanager) -> bool:
- """Determine if the user should see the message based on their role membership"""
+ def should_show(self, securitymanager: SecurityManager) -> bool:
+ """
+ Determine if the user should see the message based on their role membership.
+ If the user is anonymous and AUTH_ROLE_PUBLIC is set in webserver_config.py,
+ provide that user with the AUTH_ROLE_PUBLIC role.
+ """
Review Comment:
```suggestion
"""Determine if the user should see the message.
The decision is based on the user's role. If ``AUTH_ROLE_PUBLIC`` is
set in ``webserver_config.py``, An anonymous user would have the
``AUTH_ROLE_PUBLIC`` role.
"""
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscribe@airflow.apache.org
For queries about this service, please contact Infrastructure at:
users@infra.apache.org