Spaarsh commented on PR #45253: URL: https://github.com/apache/airflow/pull/45253#issuecomment-2564002436
The current fix is not a clean one. I did go through the code to make a cleaner fix which would involve including the "logout" in one of the functions in [base_auth_manager.py](https://github.com/apache/airflow/blob/7f2b8ef5acf95b7fb8faa38a10caf94c043f5019/airflow/auth/managers/base_auth_manager.py#L398C1-L423C1): ``` def filter_permitted_menu_items(self, menu_items: list[MenuItem]) -> list[MenuItem]: """ Filter menu items based on user permissions. :param menu_items: list of all menu items """ items = filter( lambda item: self.security_manager.has_access(ACTION_CAN_ACCESS_MENU, item.name), menu_items ) accessible_items = [] for menu_item in items: menu_item_copy = MenuItem( **{ **menu_item.__dict__, "childs": [], } ) if menu_item.childs: accessible_children = [] for child in menu_item.childs: if self.security_manager.has_access(ACTION_CAN_ACCESS_MENU, child.name): accessible_children.append(child) menu_item_copy.childs = accessible_children accessible_items.append(menu_item_copy) return accessible_items ``` The reason being that this menu list is called in the [```navbar_menu.html```](https://github.com/apache/airflow/blob/7f2b8ef5acf95b7fb8faa38a10caf94c043f5019/airflow/www/templates/appbuilder/navbar_menu.html#L36C1-L60C13) Enabling these changes further requires changes in the [security_manager.py](https://github.com/apache/airflow/blob/7f2b8ef5acf95b7fb8faa38a10caf94c043f5019/airflow/www/security_manager.py#L119C4-L140C68). Is this the correct approach? I did attempt to implement these but that just lead to the need for more changes. Also, I think that the version checking condition in the [override.py](https://github.com/apache/airflow/blob/7f2b8ef5acf95b7fb8faa38a10caf94c043f5019/providers/src/airflow/providers/fab/auth_manager/security_manager/override.py#L135C1-L140C24) can now be removed if it had been implemented solely due to the GET request at /logout endpoint. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
