suiting-young commented on pull request #14820:
URL: https://github.com/apache/airflow/pull/14820#issuecomment-800780702
> it means that **plugins** that add custom permission (added view UI) won't
ever get synced to the DB.
Yes, and No.
- A) If someone customized their installation with an extra set of API
endpoints
(*similar to `airflow/api_connexion/endpoints` but outside of airflow code
tree*),
then **YES**, custom permission won't work.
- B) If someone forked airflow and added their APIs directly,
then **NO**, they could add their permissions to `AirflowSecurityManager`
directly (*as they already made some changes*).
- C) If someone using the official **plugin** mechanism to add API endpoints,
then _kind of_ **NO**, as I mentioned above, the issue is blocking them to
do so.
After all, I'd prefer a formal way/place to **register** permissions,
instead of current solution, which looks like a bit of hack.
So the possible solution may be let user call
`security_manager.sync_resource_permissions(custom_perms)` explicitly
like we already have in `sync_appbuilder_roles`.
- For case A) allow user to register a function in `airflow.cfg`,
which to be called during `create_app()` or some `init_???()` function
inside it.
(*may not necessary?*)
- For case C) user could do it in their overridden `AirflowPlugin.on_load()`
**if the `security_manager` passed in**.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
