jhtimmins commented on a change in pull request #10594:
URL: https://github.com/apache/airflow/pull/10594#discussion_r490332164
##########
File path: airflow/models/dag.py
##########
@@ -1664,6 +1665,38 @@ def deactivate_stale_dags(expiration_date, session=None):
session.merge(dag)
session.commit()
+ @classmethod
+ def get_readable_dags(cls, user):
+ """Gets the DAGs readable by authenticated user."""
+ return cls.get_accessible_dags(security.CAN_READ, user)
+
+ @classmethod
+ def get_editable_dags(cls, user):
+ """Gets the DAGs editable by authenticated user."""
+ return cls.get_accessible_dags(security.CAN_EDIT, user)
+
+ @staticmethod
+ @provide_session
+ def get_accessible_dags(user_action, user, session=None):
+ """Generic function to get readable or writable DAGs for authenticated
user."""
+
+ if user.is_anonymous or 'Public' in user.roles:
+ # return an empty set if the role is public
+ return set()
+
+ resources = set()
+ for role in user.roles:
+ for permission in role.permissions:
+ resource = permission.view_menu.name
+ action = permission.permission.name
+ if action == user_action:
+ resources.add(resource)
+
+ if 'Dag' in resources:
+ return session.query(DagModel)
+
+ return session.query(DagModel).filter(DagModel.dag_id.in_(resources))
+
Review comment:
@ashb It's certainly possible. I was deciding between letting flask code
leak into Airflow core and putting core code into the security manager. I chose
the former, but I can switch back to the latter.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
