jhtimmins commented on a change in pull request #14946:
URL: https://github.com/apache/airflow/pull/14946#discussion_r611729803
##########
File path: airflow/www/views.py
##########
@@ -3806,3 +3822,204 @@ def autocomplete(self, session=None):
payload = [row[0] for row in
dag_ids_query.union(owners_query).limit(10).all()]
return wwwutils.json_response(payload)
+
+
+class CustomPermissionModelView(PermissionModelView):
+ """Customize permission names for FAB's builtin PermissionModelView."""
+
+ class_permission_name = permissions.RESOURCE_PERMISSION
+ method_permission_name = {
+ 'list': 'read',
+ }
+ base_permissions = [
+ permissions.ACTION_CAN_READ,
+ ]
+
+
+class CustomPermissionViewModelView(PermissionViewModelView):
+ """Customize permission names for FAB's builtin PermissionViewModelView."""
+
+ class_permission_name = permissions.RESOURCE_PERMISSION_VIEW
+ method_permission_name = {
+ 'list': 'read',
+ }
+ base_permissions = [
+ permissions.ACTION_CAN_READ,
+ ]
+
+
+class CustomResetMyPasswordView(ResetMyPasswordView):
+ """Customize permission names for FAB's builtin ResetMyPasswordView."""
+
+ class_permission_name = permissions.RESOURCE_MY_PASSWORD
+ method_permission_name = {
+ 'this_form_get': 'read',
+ 'this_form_post': 'edit',
+ }
+ base_permissions = [permissions.ACTION_CAN_EDIT,
permissions.ACTION_CAN_READ]
+
+
+class CustomResetPasswordView(ResetPasswordView):
+ """Customize permission names for FAB's builtin ResetPasswordView."""
+
+ class_permission_name = permissions.RESOURCE_PASSWORD
+ method_permission_name = {
+ 'this_form_get': 'read',
+ 'this_form_post': 'edit',
+ }
+
+ base_permissions = [permissions.ACTION_CAN_EDIT,
permissions.ACTION_CAN_READ]
+
+
+class CustomRoleModelView(RoleModelView):
+ """Customize permission names for FAB's builtin RoleModelView."""
+
+ class_permission_name = permissions.RESOURCE_ROLE
+ method_permission_name = {
+ 'delete': 'delete',
+ 'download': 'read',
+ 'show': 'read',
+ 'list': 'read',
+ 'edit': 'edit',
+ 'add': 'create',
+ 'copy_role': 'create',
+ }
+ base_permissions = [
+ permissions.ACTION_CAN_CREATE,
+ permissions.ACTION_CAN_READ,
+ permissions.ACTION_CAN_EDIT,
+ permissions.ACTION_CAN_DELETE,
+ ]
+
+
+class CustomViewMenuModelView(ViewMenuModelView):
+ """Customize permission names for FAB's builtin ViewMenuModelView."""
+
+ class_permission_name = permissions.RESOURCE_VIEW_MENU
+ method_permission_name = {
+ 'list': 'read',
+ }
+ base_permissions = [
+ permissions.ACTION_CAN_READ,
+ ]
+
+
+class CustomUserDBModelView(UserDBModelView):
+ """Customize permission names for FAB's builtin UserDBModelView."""
+
+ _class_permission_name = permissions.RESOURCE_USER
+
+ class_permission_name_mapping = {
+ 'resetmypassword': permissions.RESOURCE_MY_PASSWORD,
+ 'resetpasswords': permissions.RESOURCE_PASSWORD,
+ 'userinfoedit': permissions.RESOURCE_MY_PROFILE,
+ 'userinfo': permissions.RESOURCE_MY_PROFILE,
+ }
+
+ method_permission_name = {
+ 'add': 'create',
+ 'userinfo': 'read',
+ 'download': 'read',
+ 'show': 'read',
+ 'list': 'read',
+ 'edit': 'edit',
+ 'resetmypassword': 'read',
+ 'resetpasswords': 'read',
+ 'userinfoedit': 'edit',
+ 'delete': 'delete',
+ }
+
+ base_permissions = [
+ permissions.ACTION_CAN_CREATE,
+ permissions.ACTION_CAN_READ,
+ permissions.ACTION_CAN_EDIT,
+ permissions.ACTION_CAN_DELETE,
+ ]
+
+ @property
+ def class_permission_name(self):
+ """Returns appropriate permission name depending on request method
name."""
+ if request:
+ action_name = request.view_args.get("name")
+ _, method_name = request.url_rule.endpoint.split(".")
+ if method_name == 'action' and action_name:
+ return self.class_permission_name_mapping.get(action_name,
self._class_permission_name)
+ if method_name:
+ return self.class_permission_name_mapping.get(method_name,
self._class_permission_name)
+
+ return self._class_permission_name
+
+ @class_permission_name.setter
+ def class_permission_name(self, name):
+ self._class_permission_name = name
+
+
+class CustomUserInfoEditView(UserInfoEditView):
+ """Customize permission names for FAB's builtin UserInfoEditView."""
+
+ class_permission_name = permissions.RESOURCE_MY_PROFILE
+ route_base = "/userinfoeditview"
+ method_permission_name = {
+ 'this_form_get': 'read',
+ 'this_form_post': 'edit',
+ }
+ base_permissions = [permissions.ACTION_CAN_EDIT,
permissions.ACTION_CAN_READ]
+
+
+class CustomUserStatsChartView(UserStatsChartView):
+ """Customize permission names for FAB's builtin UserStatsChartView."""
+
+ class_permission_name = permissions.RESOURCE_USER_STATS_CHART
+ route_base = "/userstatschartview"
+ method_permission_name = {
+ 'chart': 'read',
+ }
+ base_permissions = [permissions.ACTION_CAN_READ]
+
+
+class CustomUserLDAPModelView(UserLDAPModelView):
+ """Customize permission names for FAB's builtin UserLDAPModelView."""
+
+ class_permission_name = permissions.RESOURCE_MY_PROFILE
Review comment:
`userstatschartview` applies to all users, whereas `RESOURCE_MY_PROFILE`
only applies to the logged in user.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
