XD-DENG commented on a change in pull request #12516:
URL: https://github.com/apache/airflow/pull/12516#discussion_r528113942
##########
File path: airflow/www/security.py
##########
@@ -520,7 +520,6 @@ def update_admin_perm_view(self):
:return: None.
"""
- all_dag_view = self.find_view_menu(permissions.RESOURCE_DAG)
dag_pvs = (
self.get_session.query(sqla_models.ViewMenu)
.filter(sqla_models.ViewMenu.name.like(f"{permissions.RESOURCE_DAG_PREFIX}%"))
Review comment:
There are 3 types of ViewMenus in this context:
- type-1: non-DAG views
- type-2: the single view corresponding to "All DAGs". This is marked as
["DAGs"](https://github.com/apache/airflow/blob/master/airflow/security/permissions.py#L23)(`permissions.RESOURCE_DAG`).
Users who has permission to this VM has access to All DAGs.
- type-3: DAG views, whose name starts with
["DAG:"](https://github.com/apache/airflow/blob/master/airflow/security/permissions.py#L24))
(`permissions.RESOURCE_DAG_PREFIX`, , for example,
"DAG:example_bash_operator", "DAG:example_python_operator", etc.
As indicated in the docstring ("_Admin should have all the permission-views,
except the dag views. because Admin already has Dags permission.
because Admin already has Dags permission_"), for `Admin`, we only need to
assign type-1 + type-2 (type-2 already covers all type-3 View Menus).
Given the different string structure of `permissions.RESOURCE_DAG` and
`permissions.RESOURCE_DAG_PREFIX` ("`DAGs`" and "`DAG:`"), if we get all
entries of type-3, then filter them out (`.filter(~...)`), we naturally get
type-1 + type-2. That's why I find the whole method can be simplified.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
