mik-laj edited a comment on pull request #10594: URL: https://github.com/apache/airflow/pull/10594#issuecomment-692141260
If there are 2 DAGs in the database: ``DAG_A``, ``DAG_B``, and you have permission - ``[can_read, DAG_A]``, then you will send a request - `GET /api/v1/dags`, what DAGs will you get? I guess you will either get information on all DAGs, or you will not get information on any. While you should only get information about ``DAG_A``. ``DAG_B`` should be hidden Your database query should be different depending on the accessible DAGs for the user. https://github.com/apache/airflow/blob/eaa49b2257913c34b15408a14e445f6106e691ee/airflow/www/views.py#L287 https://github.com/apache/airflow/blob/eaa49b2257913c34b15408a14e445f6106e691ee/airflow/www/views.py#L305-L306 ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
