This is an automated email from the ASF dual-hosted git repository.
eladkal pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new bf68e1060b Fix permissions on `/blocked` endpoint (#32571)
bf68e1060b is described below
commit bf68e1060b0214ee195c61f9d7be992161e25589
Author: Jed Cunningham <[email protected]>
AuthorDate: Wed Jul 12 23:49:52 2023 -0600
Fix permissions on `/blocked` endpoint (#32571)
This endpoint is used to update the UI with how many dagruns are running
out of the max active dagruns per dag. It requires no elevated perms.
This also fixes the test coverage on this endpoint.
---
airflow/www/views.py | 2 +-
tests/www/views/test_views_acl.py | 16 +++++++++-------
2 files changed, 10 insertions(+), 8 deletions(-)
diff --git a/airflow/www/views.py b/airflow/www/views.py
index a62a966eeb..db618989ff 100644
--- a/airflow/www/views.py
+++ b/airflow/www/views.py
@@ -2391,7 +2391,7 @@ class Airflow(AirflowBaseView):
@expose("/blocked", methods=["POST"])
@auth.has_access(
[
- (permissions.ACTION_CAN_EDIT, permissions.RESOURCE_DAG),
+ (permissions.ACTION_CAN_READ, permissions.RESOURCE_DAG),
(permissions.ACTION_CAN_READ, permissions.RESOURCE_DAG_RUN),
]
)
diff --git a/tests/www/views/test_views_acl.py
b/tests/www/views/test_views_acl.py
index f445d0fe83..30e2a975c4 100644
--- a/tests/www/views/test_views_acl.py
+++ b/tests/www/views/test_views_acl.py
@@ -98,6 +98,7 @@ def acl_app(app):
"all_dag_role": [
(permissions.ACTION_CAN_EDIT, permissions.RESOURCE_DAG),
(permissions.ACTION_CAN_READ, permissions.RESOURCE_DAG),
+ (permissions.ACTION_CAN_READ, permissions.RESOURCE_DAG_RUN),
(permissions.ACTION_CAN_READ, permissions.RESOURCE_TASK_INSTANCE),
(permissions.ACTION_CAN_READ, permissions.RESOURCE_WEBSITE),
],
@@ -641,16 +642,21 @@ def test_failure(dag_faker_client, url,
unexpected_content):
def test_blocked_success(client_all_dags_dagruns):
- resp = client_all_dags_dagruns.post("blocked", follow_redirects=True)
+ resp = client_all_dags_dagruns.post("blocked")
check_content_in_response("example_bash_operator", resp)
def test_blocked_success_for_all_dag_user(all_dag_user_client):
- resp = all_dag_user_client.post("blocked", follow_redirects=True)
+ resp = all_dag_user_client.post("blocked")
check_content_in_response("example_bash_operator", resp)
check_content_in_response("example_subdag_operator", resp)
+def test_blocked_viewer(viewer_client):
+ resp = viewer_client.post("blocked")
+ check_content_in_response("example_bash_operator", resp)
+
+
@pytest.mark.parametrize(
"dags_to_block, unexpected_dag_ids",
[
@@ -670,11 +676,7 @@ def test_blocked_success_when_selecting_dags(
dags_to_block,
unexpected_dag_ids,
):
- resp = admin_client.post(
- "blocked",
- data={"dag_ids": dags_to_block},
- follow_redirects=True,
- )
+ resp = admin_client.post("blocked", data={"dag_ids": dags_to_block})
assert resp.status_code == 200
for dag_id in unexpected_dag_ids:
check_content_not_in_response(dag_id, resp)
