This is an automated email from the ASF dual-hosted git repository.
dstandish pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git
The following commit(s) were added to refs/heads/main by this push:
new 291048aad5 Split up the return statement in _is_authorized_callback
for clarity (#42473)
291048aad5 is described below
commit 291048aad5a313cf120cedb271fee894005bd10a
Author: Daniel Standish <[email protected]>
AuthorDate: Wed Sep 25 18:33:16 2024 -0700
Split up the return statement in _is_authorized_callback for clarity
(#42473)
Co-authored-by: Vincent <[email protected]>
---
airflow/api_connexion/security.py | 13 ++++++-------
1 file changed, 6 insertions(+), 7 deletions(-)
diff --git a/airflow/api_connexion/security.py
b/airflow/api_connexion/security.py
index 7b0a026e09..7da83a7616 100644
--- a/airflow/api_connexion/security.py
+++ b/airflow/api_connexion/security.py
@@ -126,13 +126,12 @@ def requires_access_dag(
if dag_id or access or access_entity:
return access
- # No DAG id is provided, the user is not authorized to access all
DAGs and authorization is done
- # on DAG level
- # If method is "GET", return whether the user has read access to
any DAGs
- # If method is "PUT", return whether the user has edit access to
any DAGs
- return (method == "GET" and
any(get_auth_manager().get_permitted_dag_ids(methods=["GET"]))) or (
- method == "PUT" and
any(get_auth_manager().get_permitted_dag_ids(methods=["PUT"]))
- )
+ # dag_id is not provided, and the user is not authorized to access
*all* DAGs
+ # so we check that the user can access at least *one* dag
+ # but we leave it to the endpoint function to properly restrict
access beyond that
+ if method not in ("GET", "PUT"):
+ return False
+ return
any(get_auth_manager().get_permitted_dag_ids(methods=[method]))
return callback
