This is an automated email from the ASF dual-hosted git repository. kaxilnaik pushed a commit to branch v1-10-test in repository https://gitbox.apache.org/repos/asf/airflow.git
commit ccf47ae7548740a5f65443cbca85b22884548cc7 Author: Kaxil Naik <kaxiln...@gmail.com> AuthorDate: Wed Jul 1 22:13:10 2020 +0100 Restrict changing XCom values from the Webserver (#9614) (cherry-picked from 1655fa9253ba8f61ccda77780a9e94766c15f565) --- UPDATING.md | 6 ++++++ airflow/www/views.py | 2 ++ airflow/www_rbac/views.py | 4 +--- 3 files changed, 9 insertions(+), 3 deletions(-) diff --git a/UPDATING.md b/UPDATING.md index ec193f9..61734bb 100644 --- a/UPDATING.md +++ b/UPDATING.md @@ -89,6 +89,12 @@ the previous behaviour on a new install by setting this in your airflow.cfg: auth_backend = airflow.api.auth.backend.default ``` +### XCom Values can no longer be added or changed from the Webserver + +Since XCom values can contain pickled data, we would no longer allow adding or +changing XCom values from the UI. + + ## Airflow 1.10.10 ### Setting Empty string to a Airflow Variable will return an empty string diff --git a/airflow/www/views.py b/airflow/www/views.py index a3293c8..abd1b9e 100644 --- a/airflow/www/views.py +++ b/airflow/www/views.py @@ -2754,6 +2754,8 @@ class VariableView(wwwutils.DataProfilingMixin, AirflowModelView): class XComView(wwwutils.SuperUserMixin, AirflowModelView): + can_create = False + can_edit = False verbose_name = "XCom" verbose_name_plural = "XComs" diff --git a/airflow/www_rbac/views.py b/airflow/www_rbac/views.py index 67a7493..96d4079 100644 --- a/airflow/www_rbac/views.py +++ b/airflow/www_rbac/views.py @@ -2233,12 +2233,10 @@ class XComModelView(AirflowModelView): datamodel = AirflowModelView.CustomSQLAInterface(XCom) - base_permissions = ['can_add', 'can_list', 'can_edit', 'can_delete'] + base_permissions = ['can_list', 'can_delete'] search_columns = ['key', 'value', 'timestamp', 'execution_date', 'task_id', 'dag_id'] list_columns = ['key', 'value', 'timestamp', 'execution_date', 'task_id', 'dag_id'] - add_columns = ['key', 'value', 'execution_date', 'task_id', 'dag_id'] - edit_columns = ['key', 'value', 'execution_date', 'task_id', 'dag_id'] base_order = ('execution_date', 'desc') base_filters = [['dag_id', DagFilter, lambda: []]]