pierrejeambrun commented on code in PR #67586:
URL: https://github.com/apache/airflow/pull/67586#discussion_r3348219066
##########
providers/fab/src/airflow/providers/fab/www/security/permissions.py:
##########
@@ -35,6 +35,7 @@
RESOURCE_DAG_WARNING = "DAG Warnings"
RESOURCE_CLUSTER_ACTIVITY = "Cluster Activity"
RESOURCE_ASSET = "Assets"
+RESOURCE_DEADLINE = "Deadlines"
Review Comment:
Why?
##########
providers/fab/src/airflow/providers/fab/auth_manager/security_manager/override.py:
##########
@@ -268,6 +269,7 @@ class
FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
(permissions.ACTION_CAN_ACCESS_MENU, permissions.RESOURCE_DAG_RUN),
(permissions.ACTION_CAN_ACCESS_MENU, RESOURCE_ASSET),
(permissions.ACTION_CAN_ACCESS_MENU,
permissions.RESOURCE_CLUSTER_ACTIVITY),
+ (permissions.ACTION_CAN_ACCESS_MENU, permissions.RESOURCE_DEADLINE),
Review Comment:
?
Dealines menu item should map to dagrun. (Similarly to the API access for
listing dealines), there is no 'deadlines' auth entity.
##########
airflow-core/newsfragments/67586.significant.rst:
##########
@@ -0,0 +1,7 @@
+Add a new **Deadlines** page under the Browse menu.
+
+If you use the FAB auth manager with **custom roles**, grant the new
+``menu_access`` and ``can_read`` permissions on the ``Deadlines`` resource to
+any role that should be able to see this page. The built-in ``Viewer``,
+``User``, ``Op``, and ``Admin`` roles are updated automatically when Airflow
+starts (``[fab] UPDATE_FAB_PERMS = True``).
Review Comment:
This needs to be generalized, It's not for fab only, but any auth manager
with custom roles.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
