mik-laj commented on issue #8112:
URL: https://github.com/apache/airflow/issues/8112#issuecomment-657787665
I think it's best if we reuse the existing operation ID defined in the API
to create permission, if possible.
```
get_config
get_connections
post_connection
delete_connection
get_connection
patch_connection
get_dag_source
get_dags
get_dag
patch_dag
post_clear_task_instances
get_dag_runs
post_dag_run
delete_dag_run
get_dag_run
get_task_instances
get_task_instance
get_extra_links
get_log
get_xcom_entries
get_xcom_entry
get_dag_details
get_tasks
get_task
get_dag_runs_batch
get_task_instances_batch
get_event_logs
get_event_log
get_health
get_import_errors
get_import_error
get_pools
post_pool
delete_pool
get_pool
patch_pool
get_variables
post_variables
delete_variable
get_variable
patch_variable
get_version
```
If we want, we can combine some operations into one permission e.g.
``get_dag_runs_batch``, ``get_dag_run``, ``get_dag_run`` into ``get_dag_run``.
To emphasize that this is related to the API, we can add a common prefix -
`api_` e.g. `api_get_dag_run`.
> For example, to submit a PATCH request to
/dags/{dag_id}/dagRuns/{dag_run_id}/taskInstances{task_instance_id}, the user
will need edit access for Dags, Dag runs, and Task instances.
I don't think that editing permission for Dag, DR, TI is required in this
case. I think we can trust the administrator and only require DAG view
permissions and edit permission for TI. This is done in a similar way in Web
UI. In Web UI, we have two decorators: ``@has_dag_access``, ``@has_access`` to
handle permissions. We can apply a similar approach here.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
