ThyTran1402 commented on issue #43430:
URL: https://github.com/apache/airflow/issues/43430#issuecomment-4103613466
Hi @potiuk
I'm currently working on this issue. I'm able to find the root cause is an
architectural mismatch between what the API security layer promises and what
the FAB auth manager actually enforces.
So, the codebase has a layered authorization design where:
1. Route dependencies extract granular resource details such as connection
ID, pool name, variable key, config section
2. Security functions wrap these into *Details objects and pass them to the
auth manager
3. FAB auth manager receives these details but ignores them completely
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
