feng-tao commented on a change in pull request #4973: [AIRFLOW-4155] Allow Public role access to /home URL: https://github.com/apache/airflow/pull/4973#discussion_r268852064
########## File path: tests/www/test_security.py ########## @@ -308,3 +308,26 @@ def test_override_role_vm(self): test_security_manager = TestSecurityManager(appbuilder=self.appbuilder) self.assertEqual(len(test_security_manager.VIEWER_VMS), 1) self.assertEqual(test_security_manager.VIEWER_VMS, {'Airflow'}) + + def test_is_user_logged_in_returns_false_if_not_authenticated(self): + user = mock.MagicMock() + user.is_authenticated = False + self.assertFalse(self.security_manager.is_user_logged_in(user)) + + def test_is_user_logged_in_returns_true_if_authenticated(self): + user = mock.MagicMock() + user.is_authenticated = True + self.assertTrue(self.security_manager.is_user_logged_in(user)) + + def test_unauthenticated_user_is_public(self): + user = mock.MagicMock() + user.is_authenticated = False + self.assertTrue(self.security_manager.is_public_user(user)) Review comment: @ashb , I don't think we want the viewer as the default role as the viewer could view all the dags info unless we change this assumption. I think having public role as default while enabling the role to access the default home page seems to be better. The use case we have is that we only want certain dags with the source code to be viewed by a certain group user as those are high sensitive dags. Later if users want to access certain dags, the admin could create the respective dag role for those users. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services