This is an automated email from the ASF dual-hosted git repository.
jhtimmins pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 65ee91d call resource based fab methods. (#16190)
65ee91d is described below
commit 65ee91d6e405977c497912a40ae7513b12452946
Author: James Timmins <[email protected]>
AuthorDate: Tue Jun 1 09:27:27 2021 -0700
call resource based fab methods. (#16190)
---
airflow/www/security.py | 52 ++++++++++++++++++++++++-------------------------
1 file changed, 25 insertions(+), 27 deletions(-)
diff --git a/airflow/www/security.py b/airflow/www/security.py
index e8897ec..8547c00 100644
--- a/airflow/www/security.py
+++ b/airflow/www/security.py
@@ -139,6 +139,8 @@ class AirflowSecurityManager(SecurityManager,
LoggingMixin): # pylint: disable=
(permissions.ACTION_CAN_ACCESS_MENU,
permissions.RESOURCE_TASK_RESCHEDULE),
(permissions.ACTION_CAN_READ, permissions.RESOURCE_PASSWORD),
(permissions.ACTION_CAN_EDIT, permissions.RESOURCE_PASSWORD),
+ (permissions.ACTION_CAN_READ, permissions.RESOURCE_ROLE),
+ (permissions.ACTION_CAN_EDIT, permissions.RESOURCE_ROLE),
]
# global view-menu for dag-level access
@@ -222,18 +224,16 @@ class AirflowSecurityManager(SecurityManager,
LoggingMixin): # pylint: disable=
role = existing_roles.get(role_name) or self.add_role(role_name)
for perm_name, view_name in perms:
- perm_view = pvs.get((perm_name, view_name)) or
self.add_permission_view_menu(
- perm_name, view_name
- )
+ perm_view = pvs.get((perm_name, view_name)) or
self.create_permission(perm_name, view_name)
if perm_view not in role.permissions:
- self.add_permission_role(role, perm_view)
+ self.add_permission_to_role(role, perm_view)
def add_permissions(self, role, perms):
"""Adds resource permissions to a given role."""
for perm_name, view_name in perms:
- perm_view = self.add_permission_view_menu(perm_name, view_name)
- self.add_permission_role(role, perm_view)
+ perm_view = self.create_permission(perm_name, view_name)
+ self.add_permission_to_role(role, perm_view)
def get_resource(self, name: str) -> ViewMenu:
"""
@@ -419,9 +419,9 @@ class AirflowSecurityManager(SecurityManager,
LoggingMixin): # pylint: disable=
if not user:
user = g.user
dag_resource_name = permissions.resource_name_for_dag(dag_id)
- return self._has_view_access(
+ return self._has_access(
user, permissions.ACTION_CAN_READ, permissions.RESOURCE_DAG
- ) or self._has_view_access(user, permissions.ACTION_CAN_READ,
dag_resource_name)
+ ) or self._has_access(user, permissions.ACTION_CAN_READ,
dag_resource_name)
def can_edit_dag(self, dag_id, user=None) -> bool:
"""Determines whether a user has DAG edit access."""
@@ -429,9 +429,9 @@ class AirflowSecurityManager(SecurityManager,
LoggingMixin): # pylint: disable=
user = g.user
dag_resource_name = permissions.resource_name_for_dag(dag_id)
- return self._has_view_access(
+ return self._has_access(
user, permissions.ACTION_CAN_EDIT, permissions.RESOURCE_DAG
- ) or self._has_view_access(user, permissions.ACTION_CAN_EDIT,
dag_resource_name)
+ ) or self._has_access(user, permissions.ACTION_CAN_EDIT,
dag_resource_name)
def prefixed_dag_id(self, dag_id):
"""Returns the permission name for a DAG id."""
@@ -477,7 +477,7 @@ class AirflowSecurityManager(SecurityManager,
LoggingMixin): # pylint: disable=
if user.is_anonymous:
user.roles = self.get_user_roles(user)
- has_access = self._has_view_access(user, permission, resource)
+ has_access = self._has_access(user, permission, resource)
# FAB built-in view access method. Won't work for AllDag access.
if self.is_dag_resource(resource):
@@ -569,8 +569,8 @@ class AirflowSecurityManager(SecurityManager,
LoggingMixin): # pylint: disable=
:type view_menu_name: str
:return:
"""
- permission = self.find_permission(permission_name)
- view_menu = self.find_view_menu(view_menu_name)
+ permission = self.get_action(permission_name)
+ view_menu = self.get_resource(view_menu_name)
permission_view = None
if permission and view_menu:
permission_view = (
@@ -579,7 +579,7 @@ class AirflowSecurityManager(SecurityManager,
LoggingMixin): # pylint: disable=
.first()
)
if not permission_view and permission_name and view_menu_name:
- self.add_permission_view_menu(permission_name, view_menu_name)
+ self.create_permission(permission_name, view_menu_name)
def add_homepage_access_to_custom_roles(self):
"""
@@ -587,12 +587,10 @@ class AirflowSecurityManager(SecurityManager,
LoggingMixin): # pylint: disable=
:return: None.
"""
- website_permission = self.add_permission_view_menu(
- permissions.ACTION_CAN_READ, permissions.RESOURCE_WEBSITE
- )
+ website_permission =
self.create_permission(permissions.ACTION_CAN_READ,
permissions.RESOURCE_WEBSITE)
custom_roles = [role for role in self.get_all_roles() if role.name not
in EXISTING_ROLES]
for role in custom_roles:
- self.add_permission_role(role, website_permission)
+ self.add_permission_to_role(role, website_permission)
self.get_session.commit()
@@ -745,8 +743,8 @@ class AirflowSecurityManager(SecurityManager,
LoggingMixin): # pylint: disable=
return
for action, resource in perms:
- self.add_view_menu(resource)
- self.add_permission_view_menu(action, resource)
+ self.create_resource(resource)
+ self.create_permission(action, resource)
def sync_perm_for_dag(self, dag_id, access_control=None):
"""
@@ -763,7 +761,7 @@ class AirflowSecurityManager(SecurityManager,
LoggingMixin): # pylint: disable=
"""
dag_resource_name = permissions.resource_name_for_dag(dag_id)
for dag_perm in self.DAG_PERMS:
- self.add_permission_view_menu(dag_perm, dag_resource_name)
+ self.create_permission(dag_perm, dag_resource_name)
if access_control:
self._sync_dag_view_permissions(dag_resource_name, access_control)
@@ -793,15 +791,15 @@ class AirflowSecurityManager(SecurityManager,
LoggingMixin): # pylint: disable=
dag_resource_name = permissions.resource_name_for_dag(dag_id)
def _get_or_create_dag_permission(perm_name):
- dag_perm = self.find_permission_view_menu(perm_name,
dag_resource_name)
+ dag_perm = self.get_permission(perm_name, dag_resource_name)
if not dag_perm:
self.log.info("Creating new permission '%s' on view '%s'",
perm_name, dag_resource_name)
- dag_perm = self.add_permission_view_menu(perm_name,
dag_resource_name)
+ dag_perm = self.create_permission(perm_name, dag_resource_name)
return dag_perm
def _revoke_stale_permissions(dag_view):
- existing_dag_perms = self.find_permissions_view_menu(dag_view)
+ existing_dag_perms = self.get_resource_permissions(dag_view)
for perm in existing_dag_perms:
non_admin_roles = [role for role in perm.role if role.name !=
'Admin']
for role in non_admin_roles:
@@ -813,9 +811,9 @@ class AirflowSecurityManager(SecurityManager,
LoggingMixin): # pylint: disable=
dag_resource_name,
role.name,
)
- self.del_permission_role(role, perm)
+ self.remove_permission_from_role(role, perm)
- dag_view = self.find_view_menu(dag_resource_name)
+ dag_view = self.get_resource(dag_resource_name)
if dag_view:
_revoke_stale_permissions(dag_view)
@@ -838,7 +836,7 @@ class AirflowSecurityManager(SecurityManager,
LoggingMixin): # pylint: disable=
for perm_name in perms:
dag_perm = _get_or_create_dag_permission(perm_name)
- self.add_permission_role(role, dag_perm)
+ self.add_permission_to_role(role, dag_perm)
def create_resource(self, name: str) -> ViewMenu:
"""
