kaxil commented on a change in pull request #16077:
URL: https://github.com/apache/airflow/pull/16077#discussion_r640137723
##########
File path: airflow/www/security.py
##########
@@ -235,6 +235,71 @@ def add_permissions(self, role, perms):
perm_view = self.add_permission_view_menu(perm_name, view_name)
self.add_permission_role(role, perm_view)
+ def get_resource(self, name: str) -> ViewMenu:
+ """
+ Returns a resource record by name, if it exists.
+ :param name: Name of resource
+ :type name: str
+ :return: Resource record
+ :rtype: ViewMenu
+ """
+ return self.find_view_menu(name)
+
+ def get_all_resources(self) -> List[ViewMenu]:
+ """
+ Gets all existing resource records.
+ :return: List of all resources
Review comment:
```suggestion
Gets all existing resource records.
:return: List of all resources
```
##########
File path: airflow/www/security.py
##########
@@ -235,6 +235,71 @@ def add_permissions(self, role, perms):
perm_view = self.add_permission_view_menu(perm_name, view_name)
self.add_permission_role(role, perm_view)
+ def get_resource(self, name: str) -> ViewMenu:
+ """
+ Returns a resource record by name, if it exists.
+ :param name: Name of resource
+ :type name: str
+ :return: Resource record
+ :rtype: ViewMenu
+ """
+ return self.find_view_menu(name)
+
+ def get_all_resources(self) -> List[ViewMenu]:
+ """
+ Gets all existing resource records.
+ :return: List of all resources
+ :rtype: List[ViewMenu]
+ """
+ return self.get_all_view_menu()
+
+ def get_action(self, name: str) -> Permission:
+ """
+ Gets an existing action record.
+ :param name: name
Review comment:
```suggestion
Gets an existing action record.
:param name: name
```
##########
File path: airflow/www/security.py
##########
@@ -235,6 +235,71 @@ def add_permissions(self, role, perms):
perm_view = self.add_permission_view_menu(perm_name, view_name)
self.add_permission_role(role, perm_view)
+ def get_resource(self, name: str) -> ViewMenu:
+ """
+ Returns a resource record by name, if it exists.
+ :param name: Name of resource
Review comment:
Sphinx needs one blank line between description and params
```suggestion
Returns a resource record by name, if it exists.
:param name: Name of resource
```
##########
File path: airflow/www/security.py
##########
@@ -235,6 +235,71 @@ def add_permissions(self, role, perms):
perm_view = self.add_permission_view_menu(perm_name, view_name)
self.add_permission_role(role, perm_view)
+ def get_resource(self, name: str) -> ViewMenu:
+ """
+ Returns a resource record by name, if it exists.
+ :param name: Name of resource
+ :type name: str
+ :return: Resource record
+ :rtype: ViewMenu
+ """
+ return self.find_view_menu(name)
+
+ def get_all_resources(self) -> List[ViewMenu]:
+ """
+ Gets all existing resource records.
+ :return: List of all resources
+ :rtype: List[ViewMenu]
+ """
+ return self.get_all_view_menu()
+
+ def get_action(self, name: str) -> Permission:
+ """
+ Gets an existing action record.
+ :param name: name
+ :type name: str
+ :return: Action record, if it exists
+ :rtype: Permission
+ """
+ return self.find_permission(name)
+
+ def get_permission(self, action_name: str, resource_name: str) ->
PermissionView:
+ """
+ Gets a permission made with the given action->resource pair, if the
permission already exists.
+ :param action_name: Name of action
+ :type action_name: str
+ :param resource_name: Name of resource
+ :type resource_name: str
+ :return: The existing permission
+ :rtype: PermissionView
+ """
+ return self.find_permission_view_menu(action_name, resource_name)
+
+ def create_permission(self, action_name: str, resource_name: str) ->
PermissionView:
+ """
+ Creates a permission linking an action and resource.
+ :param action_name: Name of existing action
Review comment:
```suggestion
Creates a permission linking an action and resource.
:param action_name: Name of existing action
```
##########
File path: airflow/www/security.py
##########
@@ -235,6 +235,71 @@ def add_permissions(self, role, perms):
perm_view = self.add_permission_view_menu(perm_name, view_name)
self.add_permission_role(role, perm_view)
+ def get_resource(self, name: str) -> ViewMenu:
+ """
+ Returns a resource record by name, if it exists.
+ :param name: Name of resource
+ :type name: str
+ :return: Resource record
+ :rtype: ViewMenu
+ """
+ return self.find_view_menu(name)
+
+ def get_all_resources(self) -> List[ViewMenu]:
+ """
+ Gets all existing resource records.
+ :return: List of all resources
+ :rtype: List[ViewMenu]
+ """
+ return self.get_all_view_menu()
+
+ def get_action(self, name: str) -> Permission:
+ """
+ Gets an existing action record.
+ :param name: name
+ :type name: str
+ :return: Action record, if it exists
+ :rtype: Permission
+ """
+ return self.find_permission(name)
+
+ def get_permission(self, action_name: str, resource_name: str) ->
PermissionView:
+ """
+ Gets a permission made with the given action->resource pair, if the
permission already exists.
+ :param action_name: Name of action
+ :type action_name: str
+ :param resource_name: Name of resource
+ :type resource_name: str
+ :return: The existing permission
+ :rtype: PermissionView
+ """
+ return self.find_permission_view_menu(action_name, resource_name)
+
+ def create_permission(self, action_name: str, resource_name: str) ->
PermissionView:
+ """
+ Creates a permission linking an action and resource.
+ :param action_name: Name of existing action
+ :type action_name: str
+ :param resource_name: Name of existing resource
+ :type resource_name: str
+ :return: Resource created
+ :rtype: PermissionView
+ """
+ return self.add_permission_view_menu(action_name, resource_name)
+
+ def delete_permission(self, action_name: str, resource_name: str) -> None:
+ """
+ Deletes the permission linking an action->resource pair. Doesn't
delete the
+ underlying action or resource.
+ :param action_name: Name of existing action
+ :type action_name: str
+ :param resource_name: Name of existing resource
+ :type resource_name: str
Review comment:
```suggestion
:param resource_name: Name of existing resource
:type resource_name: str
```
##########
File path: airflow/www/security.py
##########
@@ -510,6 +589,38 @@ def add_homepage_access_to_custom_roles(self):
self.get_session.commit()
+ def add_permission_to_role(self, role: Role, permission: PermissionView)
-> None:
+ """
+ Add an existing permission pair to a role.
+ :param role: The role about to get a new permission.
Review comment:
```suggestion
Add an existing permission pair to a role.
:param role: The role about to get a new permission.
```
##########
File path: airflow/www/security.py
##########
@@ -510,6 +589,38 @@ def add_homepage_access_to_custom_roles(self):
self.get_session.commit()
+ def add_permission_to_role(self, role: Role, permission: PermissionView)
-> None:
+ """
+ Add an existing permission pair to a role.
+ :param role: The role about to get a new permission.
+ :type role: Role
+ :param permission: The permission pair to add to a role.
+ :type permission: PermissionView
+ :return: None
+ :rtype: None
+ """
+ self.add_permission_role(role, permission)
+
+ def remove_permission_from_role(self, role: Role, permission:
PermissionView) -> None:
+ """
+ Remove a permission pair from a role.
+ :param role: User role containing permissions.
Review comment:
```suggestion
Remove a permission pair from a role.
:param role: User role containing permissions.
```
##########
File path: airflow/www/security.py
##########
@@ -235,6 +235,71 @@ def add_permissions(self, role, perms):
perm_view = self.add_permission_view_menu(perm_name, view_name)
self.add_permission_role(role, perm_view)
+ def get_resource(self, name: str) -> ViewMenu:
+ """
+ Returns a resource record by name, if it exists.
+ :param name: Name of resource
+ :type name: str
+ :return: Resource record
+ :rtype: ViewMenu
+ """
+ return self.find_view_menu(name)
+
+ def get_all_resources(self) -> List[ViewMenu]:
+ """
+ Gets all existing resource records.
+ :return: List of all resources
+ :rtype: List[ViewMenu]
+ """
+ return self.get_all_view_menu()
+
+ def get_action(self, name: str) -> Permission:
+ """
+ Gets an existing action record.
+ :param name: name
+ :type name: str
+ :return: Action record, if it exists
+ :rtype: Permission
+ """
+ return self.find_permission(name)
+
+ def get_permission(self, action_name: str, resource_name: str) ->
PermissionView:
+ """
+ Gets a permission made with the given action->resource pair, if the
permission already exists.
+ :param action_name: Name of action
+ :type action_name: str
+ :param resource_name: Name of resource
+ :type resource_name: str
+ :return: The existing permission
+ :rtype: PermissionView
+ """
+ return self.find_permission_view_menu(action_name, resource_name)
+
+ def create_permission(self, action_name: str, resource_name: str) ->
PermissionView:
+ """
+ Creates a permission linking an action and resource.
+ :param action_name: Name of existing action
+ :type action_name: str
+ :param resource_name: Name of existing resource
+ :type resource_name: str
+ :return: Resource created
+ :rtype: PermissionView
+ """
+ return self.add_permission_view_menu(action_name, resource_name)
+
+ def delete_permission(self, action_name: str, resource_name: str) -> None:
+ """
+ Deletes the permission linking an action->resource pair. Doesn't
delete the
+ underlying action or resource.
+ :param action_name: Name of existing action
+ :type action_name: str
Review comment:
```suggestion
:type action_name: str
```
##########
File path: airflow/www/security.py
##########
@@ -235,6 +235,71 @@ def add_permissions(self, role, perms):
perm_view = self.add_permission_view_menu(perm_name, view_name)
self.add_permission_role(role, perm_view)
+ def get_resource(self, name: str) -> ViewMenu:
+ """
+ Returns a resource record by name, if it exists.
+ :param name: Name of resource
+ :type name: str
+ :return: Resource record
+ :rtype: ViewMenu
+ """
+ return self.find_view_menu(name)
+
+ def get_all_resources(self) -> List[ViewMenu]:
+ """
+ Gets all existing resource records.
+ :return: List of all resources
+ :rtype: List[ViewMenu]
+ """
+ return self.get_all_view_menu()
+
+ def get_action(self, name: str) -> Permission:
+ """
+ Gets an existing action record.
+ :param name: name
+ :type name: str
+ :return: Action record, if it exists
+ :rtype: Permission
+ """
+ return self.find_permission(name)
+
+ def get_permission(self, action_name: str, resource_name: str) ->
PermissionView:
+ """
+ Gets a permission made with the given action->resource pair, if the
permission already exists.
+ :param action_name: Name of action
+ :type action_name: str
+ :param resource_name: Name of resource
+ :type resource_name: str
+ :return: The existing permission
+ :rtype: PermissionView
+ """
+ return self.find_permission_view_menu(action_name, resource_name)
+
+ def create_permission(self, action_name: str, resource_name: str) ->
PermissionView:
+ """
+ Creates a permission linking an action and resource.
+ :param action_name: Name of existing action
+ :type action_name: str
+ :param resource_name: Name of existing resource
+ :type resource_name: str
+ :return: Resource created
+ :rtype: PermissionView
+ """
+ return self.add_permission_view_menu(action_name, resource_name)
+
+ def delete_permission(self, action_name: str, resource_name: str) -> None:
+ """
+ Deletes the permission linking an action->resource pair. Doesn't
delete the
+ underlying action or resource.
+ :param action_name: Name of existing action
Review comment:
```suggestion
underlying action or resource.
:param action_name: Name of existing action
```
##########
File path: airflow/www/security.py
##########
@@ -235,6 +235,71 @@ def add_permissions(self, role, perms):
perm_view = self.add_permission_view_menu(perm_name, view_name)
self.add_permission_role(role, perm_view)
+ def get_resource(self, name: str) -> ViewMenu:
+ """
+ Returns a resource record by name, if it exists.
+ :param name: Name of resource
+ :type name: str
+ :return: Resource record
+ :rtype: ViewMenu
+ """
+ return self.find_view_menu(name)
+
+ def get_all_resources(self) -> List[ViewMenu]:
+ """
+ Gets all existing resource records.
+ :return: List of all resources
+ :rtype: List[ViewMenu]
+ """
+ return self.get_all_view_menu()
+
+ def get_action(self, name: str) -> Permission:
+ """
+ Gets an existing action record.
+ :param name: name
+ :type name: str
+ :return: Action record, if it exists
+ :rtype: Permission
+ """
+ return self.find_permission(name)
+
+ def get_permission(self, action_name: str, resource_name: str) ->
PermissionView:
+ """
+ Gets a permission made with the given action->resource pair, if the
permission already exists.
+ :param action_name: Name of action
Review comment:
```suggestion
Gets a permission made with the given action->resource pair, if the
permission already exists.
:param action_name: Name of action
```
##########
File path: airflow/www/security.py
##########
@@ -510,6 +589,38 @@ def add_homepage_access_to_custom_roles(self):
self.get_session.commit()
+ def add_permission_to_role(self, role: Role, permission: PermissionView)
-> None:
+ """
+ Add an existing permission pair to a role.
+ :param role: The role about to get a new permission.
+ :type role: Role
+ :param permission: The permission pair to add to a role.
+ :type permission: PermissionView
+ :return: None
+ :rtype: None
+ """
+ self.add_permission_role(role, permission)
+
+ def remove_permission_from_role(self, role: Role, permission:
PermissionView) -> None:
+ """
+ Remove a permission pair from a role.
+ :param role: User role containing permissions.
+ :type role: Role
+ :param permission: Object representing resource-> action pair
+ :type permission: PermissionView
+ """
+ self.del_permission_role(role, permission)
+
+ def delete_action(self, name: str) -> bool:
+ """
+ Deletes a permission action.
+ :param name: Name of action to delete (e.g. can_read).
Review comment:
```suggestion
Deletes a permission action.
:param name: Name of action to delete (e.g. can_read).
```
##########
File path: airflow/www/security.py
##########
@@ -417,6 +482,20 @@ def has_access(self, permission, resource, user=None) ->
bool:
return has_access
+ def _has_access(self, user: User, action_name: str, resource_name: str) ->
bool:
+ """
+ Wraps the FAB built-in view access method. Won't work for AllDag
access.
+ :param user: user object
Review comment:
```suggestion
Wraps the FAB built-in view access method. Won't work for AllDag
access.
:param user: user object
```
##########
File path: airflow/www/security.py
##########
@@ -740,6 +870,24 @@ def check_authorization(
return True
+ def reset_all_permissions(self) -> None:
+ """
+ Deletes all permission records and removes from roles,
+ then re-syncs them.
+ :return: None
Review comment:
```suggestion
then re-syncs them.
:return: None
```
##########
File path: airflow/www/security.py
##########
@@ -647,6 +758,16 @@ def sync_perm_for_dag(self, dag_id, access_control=None):
if access_control:
self._sync_dag_view_permissions(dag_resource_name, access_control)
+ def get_resource_permissions(self, resource: ViewMenu) -> PermissionView:
+ """
+ Retrieve permission pairs associated with a specific resource object.
+ :param resource: Object representing a single resource.
Review comment:
```suggestion
Retrieve permission pairs associated with a specific resource object.
:param resource: Object representing a single resource.
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
