astahlman commented on a change in pull request #4973: [AIRFLOW-4155] Allow
Public role access to /home
URL: https://github.com/apache/airflow/pull/4973#discussion_r268782621
##########
File path: airflow/www/templates/airflow/dags.html
##########
@@ -28,6 +28,17 @@
{% block content %}
<h2>DAGs</h2>
+{% if not is_user_logged_in %}
+<div class="alert alert-warning" role="alert">
+ Note: Some DAGs may not be visible until you <a href="/login/">log in</a>.
Review comment:
They will be able to, actually.
FAB's BaseSecurityManager's implementation of `has_access` allows
unauthenticated users to access any views that are accessible by the public
role (see [1], which calls [2])
[1]
https://github.com/dpgaspar/Flask-AppBuilder/blob/master/flask_appbuilder/security/manager.py#L894
[2]
https://github.com/dpgaspar/Flask-AppBuilder/blob/master/flask_appbuilder/security/manager.py#L868
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
