This is an automated email from the ASF dual-hosted git repository. ephraimanierobi pushed a commit to branch v2-8-test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit 2cb6027280bcf5e2b561f3ee7f55980f6ec4cc3a Author: Vincent <[email protected]> AuthorDate: Fri Feb 9 17:27:10 2024 -0500 Fix permission check on DAGs when `access_entity` is specified (#37290) (cherry picked from commit 2adbe882e68df0e2b1084bc869616bb01e416aa7) --- airflow/api_connexion/security.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/airflow/api_connexion/security.py b/airflow/api_connexion/security.py index 5d179d907c..17174636cd 100644 --- a/airflow/api_connexion/security.py +++ b/airflow/api_connexion/security.py @@ -145,10 +145,11 @@ def requires_access_dag( # ``access`` means here: # - if a DAG id is provided (``dag_id`` not None): is the user authorized to access this DAG # - if no DAG id is provided: is the user authorized to access all DAGs - if dag_id or access: + if dag_id or access or access_entity: return access - # No DAG id is provided and the user is not authorized to access all DAGs + # No DAG id is provided, the user is not authorized to access all DAGs and authorization is done + # on DAG level # If method is "GET", return whether the user has read access to any DAGs # If method is "PUT", return whether the user has edit access to any DAGs return (method == "GET" and any(get_auth_manager().get_permitted_dag_ids(methods=["GET"]))) or (
