dstandish commented on code in PR #42473:
URL: https://github.com/apache/airflow/pull/42473#discussion_r1775750826
##########
airflow/api_connexion/security.py:
##########
@@ -126,13 +126,14 @@ def callback():
if dag_id or access or access_entity:
return access
- # No DAG id is provided, the user is not authorized to access all
DAGs and authorization is done
+ # No DAG id is provided: the user is not authorized to access all
DAGs and authorization is done
Review Comment:
Right ok so what it means is that we do sort of a partial check. We check
that there's at least one. But then it's up to the specific endpoint function
to implement proper access controls.
> To be honest I hate that logic and I was planning to modify it at some
point
Yeah i get it, it seems pretty function for the answer of the check to be
`yes` if the user has access to just one entity out of many. susceptible to
the endpoint function not actually doing the verification that is delegated to
it.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
