Re: [PR] AIP-84 | Add Auth for Dags [airflow]

Tue, 04 Mar 2025 00:11:10 -0800 


jason810496 commented on code in PR #47062:
URL: https://github.com/apache/airflow/pull/47062#discussion_r1978848559


##########
airflow/api_fastapi/core_api/routes/public/dags.py:
##########
@@ -57,14 +57,15 @@
     DAGResponse,
 )
 from airflow.api_fastapi.core_api.openapi.exceptions import 
create_openapi_http_exception_doc
+from airflow.api_fastapi.core_api.security import requires_access_dag
 from airflow.exceptions import AirflowException, DagNotFound
 from airflow.models import DAG, DagModel
 from airflow.models.dagrun import DagRun
 
 dags_router = AirflowRouter(tags=["DAG"], prefix="/dags")
 
 
-@dags_router.get("")
+@dags_router.get("", dependencies=[Depends(requires_access_dag(method="GET"))])

Review Comment:
   Just added `EditableDagsFilterDep` and `ReadableDagsFilterDep`. 
https://github.com/apache/airflow/pull/47062/commits/5ef80c59498be7eedca9cc1dce4300ee4aaa3242
 ( Since these filters are related to security, they should be placed in 
`airflow.api_fastapi.core_api.security` instead of 
`airflow.api_fastapi.common.parameters`.  )
   
   These dependencies align with `BaseParam`, port the `get_permitted_dag_ids` 
logic to `api_fastapi`, and can be reused across all entities.
   
   ```bash
   git grep 'get_permitted_dag_ids' v2-10-test
   ```
   ```
   v2-10-test:airflow/api_connexion/endpoints/dag_endpoint.py:    readable_dags 
= get_auth_manager().get_permitted_dag_ids(user=g.user)
   v2-10-test:airflow/api_connexion/endpoints/dag_endpoint.py:    editable_dags 
= get_auth_manager().get_permitted_dag_ids(methods=["PUT"], user=g.user)
   v2-10-test:airflow/api_connexion/endpoints/dag_run_endpoint.py:            
DagRun.dag_id.in_(get_auth_manager().get_permitted_dag_ids(methods=["GET"], 
user=g.user))
   v2-10-test:airflow/api_connexion/endpoints/dag_run_endpoint.py:    
readable_dag_ids = get_auth_manager().get_permitted_dag_ids(methods=["GET"], 
user=g.user)
   v2-10-test:airflow/api_connexion/endpoints/dag_stats_endpoint.py:    
allowed_dag_ids = get_auth_manager().get_permitted_dag_ids(methods=["GET"], 
user=g.user)
   v2-10-test:airflow/api_connexion/endpoints/dataset_endpoint.py:    
permitted_dag_ids = get_auth_manager().get_permitted_dag_ids(methods=["GET"])
   v2-10-test:airflow/api_connexion/endpoints/dataset_endpoint.py:    
permitted_dag_ids = get_auth_manager().get_permitted_dag_ids(methods=["GET"])
   v2-10-test:airflow/api_connexion/endpoints/task_instance_endpoint.py:        
dag_ids = get_auth_manager().get_permitted_dag_ids(user=g.user)
   v2-10-test:airflow/api_connexion/endpoints/xcom_endpoint.py:        
readable_dag_ids = get_auth_manager().get_permitted_dag_ids(methods=["GET"], 
user=g.user)
   ```



-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to