kaxil commented on a change in pull request #18160:
URL: https://github.com/apache/airflow/pull/18160#discussion_r706599647
##########
File path: airflow/www/security.py
##########
@@ -485,12 +485,14 @@ def has_access(self, action_name, resource_name,
user=None) -> bool:
has_access = self._has_access(user, action_name, resource_name)
# FAB built-in view access method. Won't work for AllDag access.
-
if self.is_dag_resource(resource_name):
+ root_dag_resource_name = resource_name.split(".")[0]
Review comment:
Should this logic instead go in `can_read_dag` and `can_edit_dag`?
example:
```python
def can_read_dag(self, dag_id, user=None) -> bool:
"""Determines whether a user has DAG read access."""
if not user:
user = g.user
# To account for SubDags
root_dag_id = dag_id.split(".")[0]
dag_resource_name = permissions.resource_name_for_dag(root_dag_id)
return self._has_access(
user, permissions.ACTION_CAN_READ, permissions.RESOURCE_DAG
) or self._has_access(user, permissions.ACTION_CAN_READ,
dag_resource_name)
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
