Copilot commented on code in PR #62654:
URL: https://github.com/apache/airflow/pull/62654#discussion_r2868714407
##########
airflow/api_fastapi/core_api/routes/public/tasks.py:
##########
@@ -39,6 +40,7 @@
status.HTTP_404_NOT_FOUND,
]
),
+ dependencies=[Depends(requires_access_dag("GET", DagAccessEntity.TASK))],
)
Review Comment:
This endpoint now enforces DAG-level authorization via
`requires_access_dag`, but there are no new/updated tests in this PR asserting
the new 401 (unauthenticated) and 403 (authenticated but unauthorized)
behaviors. Add coverage that exercises missing/invalid auth and a user lacking
DAG-specific access for this route.
##########
airflow/api_fastapi/core_api/routes/public/tasks.py:
##########
@@ -67,6 +69,7 @@ def get_tasks(
status.HTTP_404_NOT_FOUND,
]
),
+ dependencies=[Depends(requires_access_dag("GET", DagAccessEntity.TASK))],
)
Review Comment:
This endpoint now enforces DAG-level authorization via
`requires_access_dag`, but there are no new/updated tests in this PR asserting
the new 401 (unauthenticated) and 403 (authenticated but unauthorized)
behaviors. Add coverage that exercises missing/invalid auth and a user lacking
DAG-specific access for this route.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
