kaxil commented on pull request #20346: URL: https://github.com/apache/airflow/pull/20346#issuecomment-997060038
> Fwiw, this isn't how permissions are documented: https://airflow.apache.org/docs/apache-airflow/stable/security/access-control.html#dag-level-permissions > > Have we tried this in an instance with a large number of DAGs? `current_app.appbuilder.sm.get_editable_dag_ids(g.user)` logically does the same thing what existed before the PR change too -- however instead of checking the permission in the view, it hands of the permissions of doing it to the Security Manager. So if you have "can_edit" permission on the "DAG" resource, a user will by default still be able to edit/pause all the dags. re: Optimization -- we have a short-circuit too, i.e. as soon as we find "can_edit" on "DAG" we return, check the following source: Source Code: https://github.com/apache/airflow/blob/fc0fb22c120a7c12426ecaf6254159e7daf2de9e/airflow/www/security.py#L288-L290 https://github.com/apache/airflow/blob/fc0fb22c120a7c12426ecaf6254159e7daf2de9e/airflow/www/security.py#L320-L322 -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
