This is an automated email from the ASF dual-hosted git repository.
potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 535c8be599 Redirect to index when user does not have permission to
access a page (#36623)
535c8be599 is described below
commit 535c8be599f5e1a9455b6e6ab1840aa446ce3b1e
Author: Vincent <[email protected]>
AuthorDate: Sat Jan 6 11:52:22 2024 -0500
Redirect to index when user does not have permission to access a page
(#36623)
---
airflow/www/auth.py | 6 ++++--
tests/www/test_auth.py | 18 +++++++++++++++++-
2 files changed, 21 insertions(+), 3 deletions(-)
diff --git a/airflow/www/auth.py b/airflow/www/auth.py
index 5aaf5913db..4295a40833 100644
--- a/airflow/www/auth.py
+++ b/airflow/www/auth.py
@@ -22,7 +22,7 @@ import warnings
from functools import wraps
from typing import TYPE_CHECKING, Callable, Sequence, TypeVar, cast
-from flask import flash, redirect, render_template, request
+from flask import flash, redirect, render_template, request, url_for
from flask_appbuilder._compat import as_unicode
from flask_appbuilder.const import (
FLAMSG_ERR_SEC_ACCESS_DENIED,
@@ -176,10 +176,12 @@ def _has_access(*, is_authorized: bool, func: Callable,
args, kwargs):
),
403,
)
+ elif not get_auth_manager().is_logged_in():
+ return redirect(get_auth_manager().get_url_login(next=request.url))
else:
access_denied = get_access_denied_message()
flash(access_denied, "danger")
- return redirect(get_auth_manager().get_url_login(next=request.url))
+ return redirect(url_for("Airflow.index"))
def has_access_configuration(method: ResourceMethod) -> Callable[[T], T]:
diff --git a/tests/www/test_auth.py b/tests/www/test_auth.py
index d4000b707f..79c61b2f52 100644
--- a/tests/www/test_auth.py
+++ b/tests/www/test_auth.py
@@ -222,7 +222,23 @@ class TestHasAccessDagEntities:
result = auth.has_access_dag_entities("GET",
dag_access_entity)(self.method_test)(None, items)
mock_call.assert_not_called()
- assert result.status_code == 302
+ assert result.headers["Location"] == "/home"
+
+ @pytest.mark.db_test
+ @patch("airflow.www.auth.get_auth_manager")
+ def test_has_access_dag_entities_when_logged_out(self,
mock_get_auth_manager, app, dag_access_entity):
+ auth_manager = Mock()
+ auth_manager.batch_is_authorized_dag.return_value = False
+ auth_manager.is_logged_in.return_value = False
+ auth_manager.get_url_login.return_value = "login_url"
+ mock_get_auth_manager.return_value = auth_manager
+ items = [Mock(dag_id="dag_1"), Mock(dag_id="dag_2")]
+
+ with app.test_request_context():
+ result = auth.has_access_dag_entities("GET",
dag_access_entity)(self.method_test)(None, items)
+
+ mock_call.assert_not_called()
+ assert result.headers["Location"] == "login_url"
@pytest.mark.db_test
