Lee-W commented on code in PR #54043:
URL: https://github.com/apache/airflow/pull/54043#discussion_r2249530513
##########
providers/fab/src/airflow/providers/fab/auth_manager/fab_auth_manager.py:
##########
@@ -340,14 +342,30 @@ def is_authorized_dag(
method=dag_method, details=details, user=user
):
return False
-
+
+ # return all(
+ # (
+ # self._is_authorized(method=method,
resource_type=resource_type, user=user)
+ # if resource_type != RESOURCE_DAG_RUN or not
hasattr(permissions, "resource_name")
+ # else self._is_authorized_dag_run(method=method,
details=details, user=user)
+ # )
+ # for resource_type in resource_types
+ # )
+
+ # if Airflow version is less than 3.1.0 and the resource type is
RESOURCE_HITL_DETAIL, skip.
return all(
(
- self._is_authorized(method=method,
resource_type=resource_type, user=user)
- if resource_type != RESOURCE_DAG_RUN or not
hasattr(permissions, "resource_name")
- else self._is_authorized_dag_run(method=method,
details=details, user=user)
- )
- for resource_type in resource_types
+ True
+ if (
+ resource_type == RESOURCE_HITL_DETAIL
+ and
packaging.version.parse(packaging.version.parse(airflow_version).base_version)
< packaging.version.parse("3.1.0")
Review Comment:
> If the access control for this new permission is only available in 3.1.0,
should we only make the definitions of the resource type or the DAG access
entity available only in 3.1.0? Or the definitions of these can exist for all
versions, is_authorized_dag only take care of it in 3.1.0.
Both work for me.
> Probably will be helpful if I could understand more context about why this
need to be 3.1.0 only. Thanks!
This HITL feature will be added in 3.1.0.
##########
providers/fab/src/airflow/providers/fab/auth_manager/fab_auth_manager.py:
##########
@@ -340,14 +342,30 @@ def is_authorized_dag(
method=dag_method, details=details, user=user
):
return False
-
+
+ # return all(
+ # (
+ # self._is_authorized(method=method,
resource_type=resource_type, user=user)
+ # if resource_type != RESOURCE_DAG_RUN or not
hasattr(permissions, "resource_name")
+ # else self._is_authorized_dag_run(method=method,
details=details, user=user)
+ # )
+ # for resource_type in resource_types
+ # )
+
+ # if Airflow version is less than 3.1.0 and the resource type is
RESOURCE_HITL_DETAIL, skip.
return all(
(
- self._is_authorized(method=method,
resource_type=resource_type, user=user)
- if resource_type != RESOURCE_DAG_RUN or not
hasattr(permissions, "resource_name")
- else self._is_authorized_dag_run(method=method,
details=details, user=user)
- )
- for resource_type in resource_types
+ True
+ if (
+ resource_type == RESOURCE_HITL_DETAIL
+ and
packaging.version.parse(packaging.version.parse(airflow_version).base_version)
< packaging.version.parse("3.1.0")
Review Comment:
Oh... I guess I know the question. It should be 3.1.0 or higher instead of
3.1.0 only. My wording was bad 🤦♂️
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
