ashb commented on a change in pull request #10594:
URL: https://github.com/apache/airflow/pull/10594#discussion_r492218445
##########
File path: airflow/api_connexion/endpoints/dag_run_endpoint.py
##########
@@ -122,6 +122,7 @@ def _fetch_dag_runs(
limit,
offset,
):
+ total_entries = query.count()
Review comment:
This would filter before any date limits are applied, and thus would get
an incorrect count.
##########
File path: airflow/api_connexion/endpoints/dag_run_endpoint.py
##########
@@ -158,26 +158,29 @@ def _apply_date_filters_to_query(
return query
[email protected]_authentication
[email protected]_access([("can_read", "Dag"), ("can_read", "DagRun")])
@provide_session
def get_dag_runs_batch(session):
"""
Get list of DAG Runs
"""
body = request.get_json()
- try:
+ try: # TODO: Handle filtering.
data = dagruns_batch_form_schema.load(body)
except ValidationError as err:
raise BadRequest(detail=str(err.messages))
+ appbuilder = current_app.appbuilder
+ readable_dag_ids = appbuilder.sm.get_readable_dag_ids(g.user)
query = session.query(DagRun)
-
- if data["dag_ids"]:
- query = query.filter(DagRun.dag_id.in_(data["dag_ids"]))
+ if data.get("dag_ids"):
+ dag_ids = set(data["dag_ids"]) & set(readable_dag_ids)
+ query = query.filter(DagRun.dag_id.in_(dag_ids))
+ else:
+ query = query.filter(DagRun.dag_id.in_(readable_dag_ids))
dag_runs, total_entries = _fetch_dag_runs(
query,
- session,
Review comment:
What was the reason for removing the session here?
##########
File path: airflow/api_connexion/endpoints/xcom_endpoint.py
##########
@@ -49,22 +52,28 @@ def get_xcom_entries(
"""
query = session.query(XCom)
- if dag_id != '~':
+ if dag_id == '~':
+ appbuilder = current_app.appbuilder
+ readable_dag_ids = appbuilder.sm.get_readable_dag_ids(g.user)
+ query = query.filter(XCom.dag_id.in_(readable_dag_ids))
+ query.join(DR, and_(XCom.dag_id.in_(readable_dag_ids),
XCom.execution_date == DR.execution_date))
Review comment:
```suggestion
query.join(DR, and_(XCom.dag_id == DR.dag_id, XCom.execution_date
== DR.execution_date))
```
This is not your PR causing this -- but I also think that this is missing a
`query = ` at the start -- I don't _think_ `.join()` mutates the query, but
returns a new one. I could be wrong on this. (Separate PR to fix it if this
_doesn't_ work as is)
##########
File path: airflow/api_connexion/endpoints/xcom_endpoint.py
##########
@@ -49,22 +52,28 @@ def get_xcom_entries(
"""
query = session.query(XCom)
- if dag_id != '~':
+ if dag_id == '~':
+ appbuilder = current_app.appbuilder
+ readable_dag_ids = appbuilder.sm.get_readable_dag_ids(g.user)
+ query = query.filter(XCom.dag_id.in_(readable_dag_ids))
+ query.join(DR, and_(XCom.dag_id.in_(readable_dag_ids),
XCom.execution_date == DR.execution_date))
+ else:
query = query.filter(XCom.dag_id == dag_id)
Review comment:
When there's a single dag_id the permissions decorator will validate
access to that dag, correct?
##########
File path: airflow/api_connexion/endpoints/xcom_endpoint.py
##########
@@ -49,22 +52,28 @@ def get_xcom_entries(
"""
query = session.query(XCom)
- if dag_id != '~':
+ if dag_id == '~':
+ appbuilder = current_app.appbuilder
+ readable_dag_ids = appbuilder.sm.get_readable_dag_ids(g.user)
+ query = query.filter(XCom.dag_id.in_(readable_dag_ids))
+ query.join(DR, and_(XCom.dag_id.in_(readable_dag_ids),
XCom.execution_date == DR.execution_date))
Review comment:
```suggestion
query.join(DR, and_(XCom.dag_id == DR.dag_id, XCom.execution_date ==
DR.execution_date))
```
This is not your PR causing this -- but I also think that this is missing a
`query = ` at the start -- I don't _think_ `.join()` mutates the query, but
returns a new one. I could be wrong on this. (Separate PR to fix it if this
_doesn't_ work as is)
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
