This is an automated email from the ASF dual-hosted git repository.

dstandish pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new 291048aad5 Split up the return statement in _is_authorized_callback 
for clarity (#42473)
291048aad5 is described below

commit 291048aad5a313cf120cedb271fee894005bd10a
Author: Daniel Standish <[email protected]>
AuthorDate: Wed Sep 25 18:33:16 2024 -0700

    Split up the return statement in _is_authorized_callback for clarity 
(#42473)
    
    
    Co-authored-by: Vincent <[email protected]>
---
 airflow/api_connexion/security.py | 13 ++++++-------
 1 file changed, 6 insertions(+), 7 deletions(-)

diff --git a/airflow/api_connexion/security.py 
b/airflow/api_connexion/security.py
index 7b0a026e09..7da83a7616 100644
--- a/airflow/api_connexion/security.py
+++ b/airflow/api_connexion/security.py
@@ -126,13 +126,12 @@ def requires_access_dag(
             if dag_id or access or access_entity:
                 return access
 
-            # No DAG id is provided, the user is not authorized to access all 
DAGs and authorization is done
-            # on DAG level
-            # If method is "GET", return whether the user has read access to 
any DAGs
-            # If method is "PUT", return whether the user has edit access to 
any DAGs
-            return (method == "GET" and 
any(get_auth_manager().get_permitted_dag_ids(methods=["GET"]))) or (
-                method == "PUT" and 
any(get_auth_manager().get_permitted_dag_ids(methods=["PUT"]))
-            )
+            # dag_id is not provided, and the user is not authorized to access 
*all* DAGs
+            # so we check that the user can access at least *one* dag
+            # but we leave it to the endpoint function to properly restrict 
access beyond that
+            if method not in ("GET", "PUT"):
+                return False
+            return 
any(get_auth_manager().get_permitted_dag_ids(methods=[method]))
 
         return callback
 

Reply via email to