[GitHub] [airflow] uranusjr commented on a diff in pull request #33213: Implement `is_authorized()` in auth manager

via GitHub Mon, 11 Sep 2023 18:42:43 -0700


uranusjr commented on code in PR #33213:
URL: https://github.com/apache/airflow/pull/33213#discussion_r1322265882



##########
airflow/auth/managers/fab/fab_auth_manager.py:
##########
@@ -87,35 +132,216 @@ def is_logged_in(self) -> bool:
         """Return whether the user is logged in."""
         return not self.get_user().is_anonymous
 
+    def is_authorized_configuration(self, *, method: ResourceMethod, user: 
BaseUser | None = None) -> bool:
+        return self._is_authorized(method=method, 
resource_type=RESOURCE_CONFIG, user=user)
+
+    def is_authorized_cluster_activity(self, *, method: ResourceMethod, user: 
BaseUser | None = None) -> bool:
+        return self._is_authorized(method=method, 
resource_type=RESOURCE_CLUSTER_ACTIVITY, user=user)
+
+    def is_authorized_connection(
+        self,
+        *,
+        method: ResourceMethod,
+        connection_details: ConnectionDetails | None = None,
+        user: BaseUser | None = None,
+    ) -> bool:
+        return self._is_authorized(method=method, 
resource_type=RESOURCE_CONNECTION, user=user)
+
+    def is_authorized_dag(
+        self,
+        *,
+        method: ResourceMethod,
+        dag_access_entity: DagAccessEntity | None = None,
+        dag_details: DagDetails | None = None,
+        user: BaseUser | None = None,
+    ) -> bool:
+        """
+        Return whether the user is authorized to access the dag.
+
+        There are multiple scenarios:
+
+        1. ``dag_access`` is not provided which means the user wants to access 
the DAG itself and not a sub
+        entity (e.g. DAG runs).
+        2. ``dag_access`` is provided which means the user wants to access a 
sub entity of the DAG
+        (e.g. DAG runs).
+            a. If ``method`` is GET, then check the user has READ permissions 
on the DAG and the sub entity
+            b. Else, check the user has EDIT permissions on the DAG and 
``method`` on the sub entity
+
+        :param method: The method to authorize.
+        :param dag_access_entity: The dag access entity.
+        :param dag_details: The dag details.
+        :param user: The user.
+        """
+        if not dag_access_entity:
+            # Scenario 1
+            return self._is_authorized_dag(method=method, 
dag_details=dag_details, user=user)
+        else:
+            # Scenario 2
+            resource_type = self._get_fab_resource_type(dag_access_entity)
+            dag_method: ResourceMethod = cast(ResourceMethod, "GET" if method 
== "GET" else "PUT")

Review Comment:
   What does it complain?



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org

For queries about this service, please contact Infrastructure at:
us...@infra.apache.org

[GitHub] [airflow] uranusjr commented on a diff in pull request #33213: Implement `is_authorized()` in auth manager

Reply via email to