feng-tao commented on a change in pull request #4973: [AIRFLOW-4155] Allow
Public role access to /home
URL: https://github.com/apache/airflow/pull/4973#discussion_r268852064
##########
File path: tests/www/test_security.py
##########
@@ -308,3 +308,26 @@ def test_override_role_vm(self):
test_security_manager = TestSecurityManager(appbuilder=self.appbuilder)
self.assertEqual(len(test_security_manager.VIEWER_VMS), 1)
self.assertEqual(test_security_manager.VIEWER_VMS, {'Airflow'})
+
+ def test_is_user_logged_in_returns_false_if_not_authenticated(self):
+ user = mock.MagicMock()
+ user.is_authenticated = False
+ self.assertFalse(self.security_manager.is_user_logged_in(user))
+
+ def test_is_user_logged_in_returns_true_if_authenticated(self):
+ user = mock.MagicMock()
+ user.is_authenticated = True
+ self.assertTrue(self.security_manager.is_user_logged_in(user))
+
+ def test_unauthenticated_user_is_public(self):
+ user = mock.MagicMock()
+ user.is_authenticated = False
+ self.assertTrue(self.security_manager.is_public_user(user))
Review comment:
@ashb , I don't think we want the viewer as the default role as the viewer
could view all the dags info unless we change this assumption. I think having
public role as default while enabling the role to access the default home page
seems to be better. The use case we have is that we only want certain dags
with the source code to be viewed by a certain group user as those are high
sensitive dags.
Later if users want to access certain dags, the admin could create the
respective dag role for those users.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
With regards,
Apache Git Services
