vincbeck commented on PR #58292:
URL: https://github.com/apache/airflow/pull/58292#issuecomment-3576522887
> > I still do not understand (sorry) how this endpoint could be used to
enable/disable buttons on the UI. Let's take an example. I am a user who has
permission to trigger only the Dag `test`. What would be the response of such
endpoint and how the front-end would handle such response to enable/disable the
button?
>
> In the current state: /ui/auth/me is a convenience endpoint to access the
user's information. It is flexible between auth managers. So if you look at the
unit tests, the /ui/auth/me response using SimpleAuthManager would be:
>
> ```python
> def test_should_response_200_with_authenticated_user(self,
test_client):
> """Test /auth/me endpoint with SimpleAuthManager authenticated
user."""
> response = test_client.get("/auth/me")
>
> assert response.status_code == 200
> assert response.json() == {
> "username": "test",
> "id": "test",
> "extras": {"sub": "test", "role": "admin"},
> }
> ```
>
> So minimally, the endpoint can be used at a convenience to display the
username and id in the UI. The role field can be accessed too (ie if the role
is present and equals viewer disable all trigger dag buttons by default).
>
> I think the granular permissions-based controls (like in FabAuthManager)
or group controls would go in a different endpoint.
>
> Here are the docs for azure web apps /auth/me usage:
https://learn.microsoft.com/en-us/azure/static-web-apps/user-information?tabs=javascript
I am okay with id and username but we should not expose information such as
role, there is no notion of role in Airflow.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
