ashb commented on a change in pull request #11189:
URL: https://github.com/apache/airflow/pull/11189#discussion_r499711621
##########
File path: airflow/www/security.py
##########
@@ -320,33 +317,75 @@ def get_accessible_dags(self, user_actions, user,
session=None):
for permission in role.permissions:
resource = permission.view_menu.name
action = permission.permission.name
- if action in user_actions:
+ if action not in user_actions:
+ continue
+
+ if resource.startswith(DAG_PREFIX):
+ resources.add(resource[len(DAG_PREFIX) :])
+ else:
resources.add(resource)
- if bool({'Dag', 'all_dags'}.intersection(resources)):
+ if 'Dag' in resources:
Review comment:
I think this is my only concern -- it's not clear from the permission
name that "can read on Dag" (as this would be shown in the FAB Permissions
screens) would be _all_ dags.
Hmmm.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
