[GitHub] [airflow] alex-astronomer opened a new issue #18813: /role PATCH endpoint bug when name gets changed to a role that already exists

[GitBox]

alex-astronomer opened a new issue #18813:
URL: https://github.com/apache/airflow/issues/18813


   ### Apache Airflow version
   
   2.2.0b2 (beta snapshot)
   
   ### Operating System
   
   macOS Big Sur 11.3.1
   
   ### Versions of Apache Airflow Providers
   
   n/a
   
   ### Deployment
   
   Virtualenv installation
   
   ### Deployment details
   
   stock airflow installation with newest main branch
   
   ### What happened
   
   When the PATCH verb is called for `/roles/{role_name}` endpoint, the body 
sent allows for a name to be changed.  For example:
   
   `PATCH http://localhost:8080/api/v1/roles/Viewer`
   
   Body:
   ```
   {
       "name": "test",
       "actions": [
           {
               "action": {
                   "name": "can_delete"
               },
               "resource": {
                   "name": "DAGs"
               }
           }
       ]
   }
   ```
   
   If the role `test` already exists in the system, no changes will be made to 
the Viewer role, but the changes in the body will be made to the role that has 
the name specified in the body.
   
   ### What you expected to happen
   
   I believe that this is a problem because when we run `PATCH /roles/Viewer` 
we expect the changes being made to be to the Viewer, and not the role with the 
name from the body.
   
   I expect that an error message would be thrown if the name from the body 
already exists as a role in the Airflow meta DB.
   
   ### How to reproduce
   
   1. Create a role called `test` with no permissions.
   2. Run `PATCH /roles/Viewer` with the body
   ```
   {
       "name": "test",
       "actions": [
           {
               "action": {
                   "name": "can_delete"
               },
               "resource": {
                   "name": "DAGs"
               }
           }
       ]
   }
   ```
   3. Refresh the Airlfow UI and notice that there were no changes to the 
Viewer, but the `test` role now has can delete on DAGs permissions.
   
   ### Anything else
   
   _No response_
   
   ### Are you willing to submit PR?
   
   - [X] Yes I am willing to submit a PR!
   
   ### Code of Conduct
   
   - [X] I agree to follow this project's [Code of 
Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org