vincbeck commented on code in PR #34317:
URL: https://github.com/apache/airflow/pull/34317#discussion_r1340515262
##########
airflow/api_connexion/endpoints/dag_endpoint.py:
##########
@@ -69,7 +69,7 @@ def get_dag_details(*, dag_id: str) -> APIResponse:
return dag_detail_schema.dump(dag)
[email protected]_access([(permissions.ACTION_CAN_READ,
permissions.RESOURCE_DAG)])
+@requires_authentication
Review Comment:
> Is this what the decorator is doing for something like get_dag(...) above?
In that case we only want one specific dag, but we're checking if the user has
access to all DAGs?
If a dag id is passed as parameter (or in the request), then the
authorization check is done only against this specific DAG. This is always the
case, for now, every-time `@security.requires_access_dag("GET")` is used, a DAG
id is provided. This tells me that we do not necessarily need to check whether
a user has access to all DAGs. Thanks, you helped me figuring it out :)
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
