vincbeck commented on code in PR #59564: URL: https://github.com/apache/airflow/pull/59564#discussion_r2691260604
########## airflow-core/src/airflow/api_fastapi/auth/managers/base_auth_manager.py: ########## @@ -75,7 +75,7 @@ # List of methods (or actions) a user can do against a resource ResourceMethod = Literal["GET", "POST", "PUT", "DELETE"] # Extends ``ResourceMethod`` to include "MENU". The method "MENU" is only supported with specific resources (menu items) -ExtendedResourceMethod = Literal["GET", "POST", "PUT", "DELETE", "MENU"] +ExtendedResourceMethod = Literal["GET", "POST", "PUT", "DELETE", "MENU", "PATCH"] Review Comment: I do not think we want 1:1 mapping between APIs and HTTP verbs. For example, the difference between `PUT` and `PATCH` is that `PUT` replaces an entire resource, while `PATCH` applies partial modifications to a resource. We do not make such different in our APIs, and we should not. The list of methods in our auth model must be a subset of HTTP verbs, HTTP verbs are too granular. Maybe taking HTTP terminology to specify a method/action in our auth model was not a good idea because it can create confusion but I definitely do not think we should support all HTTP verbs in our auth model. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
