ashb commented on a change in pull request #14840:
URL: https://github.com/apache/airflow/pull/14840#discussion_r598714354
##########
File path: airflow/api_connexion/endpoints/role_and_permission_endpoint.py
##########
@@ -64,3 +66,70 @@ def get_permissions(limit=None, offset=None):
query = session.query(Permission)
actions = query.offset(offset).limit(limit).all()
return action_collection_schema.dump(ActionCollection(actions=actions,
total_entries=total_entries))
+
+
[email protected]_access([(permissions.ACTION_CAN_DELETE,
permissions.RESOURCE_ROLE_MODEL_VIEW)])
+def delete_role(role_name):
+ """Delete a role"""
+ ab_security_manager = current_app.appbuilder.sm
+ role = ab_security_manager.find_role(name=role_name)
+ if not role:
+ raise NotFound(title="Role not found", detail=f"The Role with name
`{role_name}` was not found")
+ ab_security_manager.delete_role(role_name=role_name)
+ return NoContent, 204
+
+
[email protected]_access([(permissions.ACTION_CAN_EDIT,
permissions.RESOURCE_ROLE_MODEL_VIEW)])
+def patch_role(role_name, update_mask=None):
+ """Update a role"""
+ appbuilder = current_app.appbuilder
+ security_manager = appbuilder.sm
+ body = request.json
+ try:
+ data = role_schema.load(body)
+ except ValidationError as err:
+ raise BadRequest(detail=str(err.messages))
+ role = security_manager.find_role(name=role_name)
+ if not role:
+ raise NotFound(title="Role not found", detail=f"Role with name:
`{role_name} was not found")
+ if update_mask:
+ update_mask = [i.strip() for i in update_mask]
+ data_ = {}
+ for field in update_mask:
+ if field in data and not field == "permissions":
+ data_[field] = data[field]
+ elif field == "actions":
+ data_["permissions"] = data['permissions']
+ else:
+ raise BadRequest(detail=f"'{field}' in update_mask is unknown")
+ data = data_
+ perms = data.get("permissions", [])
+ if perms:
+ perms = [
+ (item['permission']['name'], item['view_menu']['name']) for item
in data['permissions'] if item
+ ]
+ security_manager.update_role(pk=role.id, name=data['name'])
+ security_manager.init_role(role_name=data['name'], perms=perms or
role.permissions)
+ return role_schema.dump(role)
+
+
[email protected]_access([(permissions.ACTION_CAN_ADD,
permissions.RESOURCE_ROLE_MODEL_VIEW)])
Review comment:
Since this is a built-in FAB view, it will likely use CAN_ADD, so we'll
need to customize that view (and create a migration) to avoid having two
permissions for the same resource)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
