Hi @feng-tao , I have made some changes. May you take another look and let me know if it's making sense to you and kindly give your inputs? The CI would not pass given I haven't started to work on the tests. Will do that after we confirm on the fix solution itself.
**Some elaborations**: as you mentioned, there are 5 authentication models in total, - No matter which authentication model we use, users should always be able to have permission `can_userinfo`, so that they can access the `Profile` page. - For another 4 authentication models (excluding DB authentication), users should NOT be able to edit their profile or reset password in Airflow interface (they're supposed to do that in the "main interface" of the corresponding authentication model). So, we ONLY add permissions `resetmypassword` and `userinfoedit` when view `UserDBModelView` is being used (i.e. DB authentication is being used). So eventually, users would always be able to access `Profile` page, but only able to reset password for him/herself or change profile when DB authentication is being used. [ Full content available at: https://github.com/apache/incubator-airflow/pull/3889 ] This message was relayed via gitbox.apache.org for [email protected]
