pierrejeambrun commented on code in PR #54528:
URL: https://github.com/apache/airflow/pull/54528#discussion_r2288162714
##########
airflow-core/src/airflow/api/common/delete_dag.py:
##########
@@ -88,4 +88,107 @@ def delete_dag(dag_id: str, keep_records_in_log: bool =
True, session: Session =
.execution_options(synchronize_session="fetch")
)
+ # Clean up DAG-specific permissions from Flask-AppBuilder tables
+ _cleanup_dag_permissions(dag_id, session)
+
return count
+
+
+def _cleanup_dag_permissions(dag_id: str, session: Session) -> None:
+ """
+ Clean up DAG-specific permissions from Flask-AppBuilder tables.
+
+ When a DAG is deleted, we need to clean up the corresponding permissions
+ to prevent orphaned entries in the ab_view_menu table.
+
+ This addresses issue #50905: Deleted DAGs not removed from ab_view_menu
table
+ and show up in permissions.
+ """
+ from airflow.configuration import conf
+
+ if "FabAuthManager" not in conf.get("core", "auth_manager"):
+ return
+
+ # Try to import FAB models with version compatibility
+ def _get_fab_models():
+ """Get FAB models with version compatibility handling."""
+ try:
+ from airflow.providers.fab.auth_manager import models as fab_models
+
+ return fab_models
+ except ImportError:
+ try:
+ # Handle Pre-airflow 2.9 case where FAB was part of the core
airflow
+ from airflow.providers.fab.auth.managers.fab import models as
fab_models
+
+ return fab_models
+ except ImportError:
+ # If FAB provider is not available, skip cleanup
Review Comment:
Maybe this should be offloaded to the providers by using a generic 'cleanup'
interface callable from core. This way we do not have provider specific code in
here and each auth manager is free to implement its own `clear_permissions(...)`
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
