jason810496 commented on code in PR #47062:
URL: https://github.com/apache/airflow/pull/47062#discussion_r1980851925
##########
airflow/api_fastapi/core_api/security.py:
##########
@@ -75,23 +83,63 @@ async def get_user_with_exception_handling(request:
Request) -> BaseUser | None:
return get_user(token_str)
-def requires_access_dag(method: ResourceMethod, access_entity: DagAccessEntity
| None = None) -> Callable:
+def requires_access_dag(
+ method: ResourceMethod, access_entity: DagAccessEntity | None = None
+) -> Callable[[Request, BaseUser | None], None]:
def inner(
- dag_id: str | None = None,
+ request: Request,
user: Annotated[BaseUser | None, Depends(get_user)] = None,
) -> None:
- def callback():
- return get_auth_manager().is_authorized_dag(
- method=method, access_entity=access_entity,
details=DagDetails(id=dag_id), user=user
- )
+ dag_id: str | None = request.path_params.get("dag_id")
_requires_access(
- is_authorized_callback=callback,
+ is_authorized_callback=lambda:
get_auth_manager().is_authorized_dag(
+ method=method, access_entity=access_entity,
details=DagDetails(id=dag_id), user=user
+ )
)
return inner
+class PermittedDagFilter(BaseParam[set[str]]):
Review Comment:
Thanks, @pierrejeambrun! I agree with this approach. I’ve refactored it by
introducing `OrmFilterClause` as an additional layer focused solely on the
`to_orm` method.
( I believe there are still some subclasses inheriting from `BaseParam` but
initialized at the router layer. If I remember correctly, those could be
refactored using `OrmFilterClause` in a future PR. )
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
