vincbeck commented on code in PR #47062:
URL: https://github.com/apache/airflow/pull/47062#discussion_r1977699698
##########
airflow/api_fastapi/core_api/routes/public/dags.py:
##########
@@ -57,14 +57,15 @@
DAGResponse,
)
from airflow.api_fastapi.core_api.openapi.exceptions import
create_openapi_http_exception_doc
+from airflow.api_fastapi.core_api.security import requires_access_dag
from airflow.exceptions import AirflowException, DagNotFound
from airflow.models import DAG, DagModel
from airflow.models.dagrun import DagRun
dags_router = AirflowRouter(tags=["DAG"], prefix="/dags")
-@dags_router.get("")
+@dags_router.get("", dependencies=[Depends(requires_access_dag(method="GET"))])
Review Comment:
You need both:
- `dependencies=[Depends(requires_access_dag(method="GET"))]`
- Use `get_permitted_dag_ids`
Both serve a different purpose.
`requires_access_dag(method="GET")` checks whether a user has access to list
DAGs in general. If a user has no permissions to list DAGs, a call to
`get_dags` should return an access denied.
`get_permitted_dag_ids` returns the list DAGs the user has access to
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
