aaron-wolmutt commented on PR #58292:
URL: https://github.com/apache/airflow/pull/58292#issuecomment-3571795190
> I do not think we should do that. As already mentioned by Jarek, there is
no notion of roles, permissions, active or any auth related attributes in
Airflow. Everything is delegated to the auth manager. Everytime a user performs
an action in Airflow through the API (directly or through the UI), Airflow asks
the auth manager configured in the environment: "Is this user authorized to
perform such action". But there is no way to retrieve the list of roles of
permissions because, again, these do not exist in Airflow. If you really want
such API, you should implement them as part of the auth manager. Such API in
FAB auth manager, for instance, would make more sense. But if you do that, we
should wonder what is this API for? If the intent is to use it in Airflow, then
that's wrong
@vincbeck @potiuk @jason810496
I think a better design might be
```python
class BaseUser:
"""User model interface. These attributes/methods should be implemented
in the pluggable auth manager."""
username: str
role: str | None
@abstractmethod
def get_id(self) -> str:
"""Get user ID."""
...
@abstractmethod
def get_name(self) -> str:
"""Get user name."""
...
@abstractmethod
def get_ui_attributes() -> dict[str, Any]:
"""Get user interface attributes."""
```
Leaves the base user API contract alone but adds a single getter method to
get user attributes for the private ui API. That way the implementation is left
up to each provider auth manager.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
