ashb commented on code in PR #47885:
URL: https://github.com/apache/airflow/pull/47885#discussion_r2000960652
##########
airflow/api_fastapi/execution_api/routes/xcoms.py:
##########
@@ -20,26 +20,48 @@
import logging
from typing import Annotated
-from fastapi import Body, Depends, HTTPException, Query, Response, status
+from fastapi import Body, Depends, HTTPException, Path, Query, Request,
Response, status
from pydantic import JsonValue
from sqlalchemy import delete
from sqlalchemy.sql.selectable import Select
from airflow.api_fastapi.common.db.common import SessionDep
from airflow.api_fastapi.common.router import AirflowRouter
-from airflow.api_fastapi.execution_api import deps
-from airflow.api_fastapi.execution_api.datamodels.token import TIToken
from airflow.api_fastapi.execution_api.datamodels.xcom import XComResponse
+from airflow.api_fastapi.execution_api.deps import JWTBearerDep
from airflow.models.taskmap import TaskMap
from airflow.models.xcom import XComModel
from airflow.utils.db import get_query_count
-# TODO: Add dependency on JWT token
+
+async def has_xcom_access(
+ dag_id: str,
+ run_id: str,
+ task_id: str,
+ xcom_key: Annotated[str, Path(alias="key")],
+ request: Request,
+ token=JWTBearerDep,
+) -> bool:
+ """Check if the task has access to the XCom."""
+ # TODO: Placeholder for actual implementation
+
+ write = request.method not in {"GET", "HEAD", "OPTIONS"}
Review Comment:
DELETE counts as a write. There are more write/mutating verbs that read-only
ones. `not in` to the rescue
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
