jhtimmins commented on a change in pull request #10594:
URL: https://github.com/apache/airflow/pull/10594#discussion_r490335548
##########
File path: airflow/models/dag.py
##########
@@ -1664,6 +1665,38 @@ def deactivate_stale_dags(expiration_date, session=None):
session.merge(dag)
session.commit()
+ @classmethod
+ def get_readable_dags(cls, user):
+ """Gets the DAGs readable by authenticated user."""
+ return cls.get_accessible_dags(security.CAN_READ, user)
+
+ @classmethod
+ def get_editable_dags(cls, user):
+ """Gets the DAGs editable by authenticated user."""
+ return cls.get_accessible_dags(security.CAN_EDIT, user)
+
+ @staticmethod
+ @provide_session
+ def get_accessible_dags(user_action, user, session=None):
+ """Generic function to get readable or writable DAGs for authenticated
user."""
+
+ if user.is_anonymous or 'Public' in user.roles:
+ # return an empty set if the role is public
+ return set()
+
+ resources = set()
+ for role in user.roles:
+ for permission in role.permissions:
Review comment:
This will look at that permission, but the check on 1692 will only
filter on permissions with an action (`can_read`), matching the specified
action from the function args.
However, it will grab all resources with matching actions. So it would grab
`Airflow.can_read`, if `action == 'can_read'`. I figure that was fine though,
since it isn't an issue unless users are naming dags `Airflow`, `TaskInstance`,
etc.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
