ashb edited a comment on issue #3889: [AIRFLOW-3048] Add access to self-manage pages for non-Admin roles URL: https://github.com/apache/airflow/pull/3889#issuecomment-507635839 Just ran in to this issue. I think adding perms to `can_userinfo` is always useful (that or we should remove the profile button, but I think it's useful even in case of ldap/sso auth. ** View/edit Profile** So to that end I think we should add the following perms: - `can_userinfo on UserDBUserModelView` and `UserRemoteUserModelView` (there doesn't seem to be ones for the other models. Curious. Will test that) This lets us _view_ the profile page. We should probably let users edit their own profiles for these two as well (the only fields that are editable are first and last name) so: - `userinfoedit on UserDBModelView` and `can this form get on UserInfoEditView` (this shows the edit button) - `can this form post on UserInfoEditView` (needed to submit the form) I will double check, but I think since the perm is `userinfoedit on UserDBModelView` that this will leave other auth mechanisms un-affected. **Password changing:** - `resetmypassword on UserDBModelView` (this shows the reset my password button - which is actually change, not reset/forgotten) (there is no matching permission for the other user models, so this only affects DB-backed users) - `can this form get on ResetMyPasswordView` (render the password change page) - `can this form post on ResetMyPasswordView` (submit the form) Will update once I've tested with another auth mechanism
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org With regards, Apache Git Services
