[jira] [Commented] (AIRFLOW-3271) Airflow RBAC Permissions modification via UI do not persist

Wed, 14 Nov 2018 17:46:39 -0800 


    [ 
https://issues.apache.org/jira/browse/AIRFLOW-3271?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16687371#comment-16687371
 ] 

ASF GitHub Bot commented on AIRFLOW-3271:
-----------------------------------------

kaxil closed pull request #4118: [AIRFLOW-3271] Airflow RBAC Permissions 
modification via UI do not persist
URL: https://github.com/apache/incubator-airflow/pull/4118
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/airflow/www_rbac/security.py b/airflow/www_rbac/security.py
index 6bb67d4d83..8f9b6287ac 100644
--- a/airflow/www_rbac/security.py
+++ b/airflow/www_rbac/security.py
@@ -181,13 +181,17 @@ def init_role(self, role_name, role_vms, role_perms):
         if not role:
             role = self.add_role(role_name)
 
-        role_pvms = []
-        for pvm in pvms:
-            if pvm.view_menu.name in role_vms and pvm.permission.name in 
role_perms:
-                role_pvms.append(pvm)
-        role.permissions = list(set(role_pvms))
-        self.get_session.merge(role)
-        self.get_session.commit()
+        if len(role.permissions) == 0:
+            logging.info('Initializing permissions for role:%s in the 
database.', role_name)
+            role_pvms = []
+            for pvm in pvms:
+                if pvm.view_menu.name in role_vms and pvm.permission.name in 
role_perms:
+                    role_pvms.append(pvm)
+            role.permissions = list(set(role_pvms))
+            self.get_session.merge(role)
+            self.get_session.commit()
+        else:
+            logging.info('Existing permissions for the role:%s within the 
database will persist.', role_name)
 
     def get_user_roles(self, user=None):
         """
diff --git a/tests/www_rbac/test_security.py b/tests/www_rbac/test_security.py
index 6e0b572639..9b32a86c9c 100644
--- a/tests/www_rbac/test_security.py
+++ b/tests/www_rbac/test_security.py
@@ -107,6 +107,21 @@ def test_init_role_modelview(self):
         self.assertIsNotNone(role)
         self.assertEqual(len(role_perms), len(role.permissions))
 
+    def test_update_and_verify_permission_role(self):
+        role_name = 'Test_Role'
+        self.security_manager.init_role(role_name, [], [])
+        role = self.security_manager.find_role(role_name)
+
+        perm = self.security_manager.\
+            find_permission_view_menu('can_edit', 'RoleModelView')
+        self.security_manager.add_permission_role(role, perm)
+        role_perms_len = len(role.permissions)
+
+        self.security_manager.init_role(role_name, [], [])
+        new_role_perms_len = len(role.permissions)
+
+        self.assertEqual(role_perms_len, new_role_perms_len)
+
     def test_get_user_roles(self):
         user = mock.MagicMock()
         user.is_anonymous = False
diff --git a/tests/www_rbac/test_views.py b/tests/www_rbac/test_views.py
index 4b6d9d7d12..746f27abd4 100644
--- a/tests/www_rbac/test_views.py
+++ b/tests/www_rbac/test_views.py
@@ -962,6 +962,9 @@ def add_permission_for_role(self):
         all_dag_role = self.appbuilder.sm.find_role('all_dag_role')
         self.appbuilder.sm.add_permission_role(all_dag_role, perm_on_all_dag)
 
+        role_user = self.appbuilder.sm.find_role('User')
+        self.appbuilder.sm.add_permission_role(role_user, perm_on_all_dag)
+
         read_only_perm_on_dag = self.appbuilder.sm.\
             find_permission_view_menu('can_dag_read', 'example_bash_operator')
         dag_read_only_role = self.appbuilder.sm.find_role('dag_acl_read_only')


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
[email protected]


> Airflow RBAC Permissions modification via UI do not persist
> -----------------------------------------------------------
>
>                 Key: AIRFLOW-3271
>                 URL: https://issues.apache.org/jira/browse/AIRFLOW-3271
>             Project: Apache Airflow
>          Issue Type: Bug
>          Components: ui
>    Affects Versions: 1.10.0
>            Reporter: Smitha Koduri
>            Assignee: Smitha Koduri
>            Priority: Major
>             Fix For: 1.10.2
>
>
> After upgrading Airflow to 1.10, we have noticed that when attempting to add 
> a new permission-role mapping (via UI), initially it gets successfully added 
> to db. But later, the entry doesn't persist in the db. 



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to