vchiapaikeo opened a new issue, #28746: URL: https://github.com/apache/airflow/issues/28746
### Apache Airflow version 2.5.0 ### What happened When adding a [role-based UIAlert following these docs](https://airflow.apache.org/docs/apache-airflow/stable/howto/customize-ui.html#add-custom-alert-messages-on-the-dashboard), I received the below stacktrace: ``` Traceback (most recent call last): File "/home/airflow/.local/lib/python3.9/site-packages/flask/app.py", line 2525, in wsgi_app response = self.full_dispatch_request() File "/home/airflow/.local/lib/python3.9/site-packages/flask/app.py", line 1822, in full_dispatch_request rv = self.handle_user_exception(e) File "/home/airflow/.local/lib/python3.9/site-packages/flask/app.py", line 1820, in full_dispatch_request rv = self.dispatch_request() File "/home/airflow/.local/lib/python3.9/site-packages/flask/app.py", line 1796, in dispatch_request return self.ensure_sync(self.view_functions[rule.endpoint])(**view_args) File "/home/airflow/.local/lib/python3.9/site-packages/airflow/www/auth.py", line 47, in decorated return func(*args, **kwargs) File "/home/airflow/.local/lib/python3.9/site-packages/airflow/www/views.py", line 780, in index dashboard_alerts = [ File "/home/airflow/.local/lib/python3.9/site-packages/airflow/www/views.py", line 781, in <listcomp> fm for fm in settings.DASHBOARD_UIALERTS if fm.should_show(get_airflow_app().appbuilder.sm) File "/home/airflow/.local/lib/python3.9/site-packages/airflow/www/utils.py", line 820, in should_show user_roles = {r.name for r in securitymanager.current_user.roles} AttributeError: 'NoneType' object has no attribute 'roles' ``` On further inspection, I realized this is happening because my webserver_config.py has this specification: ```py # Uncomment and set to desired role to enable access without authentication AUTH_ROLE_PUBLIC = 'Viewer' ``` When we set AUTH_ROLE_PUBLIC to a role like Viewer, [this line](https://github.com/apache/airflow/blob/ad7f8e09f8e6e87df2665abdedb22b3e8a469b49/airflow/www/utils.py#L828) returns an exception because `securitymanager.current_user` is None. Relevant code snippet: ```py def should_show(self, securitymanager) -> bool:Open an interactive python shell in this frame """Determine if the user should see the message based on their role membership""" if self.roles: user_roles = {r.name for r in securitymanager.current_user.roles} if not user_roles.intersection(set(self.roles)): return False return True ``` ### What you think should happen instead If we detect that the securitymanager.current_user is None, we should not attempt to get its `roles` attribute. Instead, we can check to see if the AUTH_ROLE_PUBLIC is set in webserver_config.py which will tell us if a public role is being used. If it is, we can assume that because the current_user is None, the current_user's role is the public role. In code, this might look like this: ```py def should_show(self, securitymanager) -> bool: """Determine if the user should see the message based on their role membership""" if self.roles: user_roles = set() if hasattr(securitymanager.current_user, "roles"): user_roles = {r.name for r in securitymanager.current_user.roles} elif "AUTH_ROLE_PUBLIC" in securitymanager.appbuilder.get_app.config: # Give anonymous user public role user_roles = set([securitymanager.appbuilder.get_app.config["AUTH_ROLE_PUBLIC"]]) if not user_roles.intersection(set(self.roles)): return False return True ``` Expected result on the webpage: <img width="1440" alt="image" src="https://user-images.githubusercontent.com/9200263/210823778-4c619b75-40a3-4caa-9a2c-073651da7f0d.png"> ### How to reproduce Start breeze: ``` breeze --python 3.7 --backend postgres start-airflow ``` After the webserver, triggerer, and scheduler are started, modify webserver_config.py to uncomment AUTH_ROLE_PUBLIC and add airflow_local_settings.py: ```bash cd $AIRFLOW_HOME # Uncomment AUTH_ROLE_PUBLIC vi webserver_config.py mkdir -p config # Add sample airflow_local_settings.py below vi config/airflow_local_settings.py ``` ```py from airflow.www.utils import UIAlert DASHBOARD_UIALERTS = [ UIAlert("Role based alert", category="warning", roles=["Viewer"]), ] ``` Restart the webserver and navigate to airflow. You should see this page: <img width="1440" alt="image" src="https://user-images.githubusercontent.com/9200263/210820838-e74ffc23-7b6b-42dc-85f1-29ab8b0ee3d5.png"> ### Operating System Debian 11 ### Versions of Apache Airflow Providers 2.5.0 ### Deployment Official Apache Airflow Helm Chart ### Deployment details Locally ### Anything else This problem only occurs if you add a role based UIAlert and are using AUTH_ROLE_PUBLIC ### Are you willing to submit PR? - [X] Yes I am willing to submit a PR! ### Code of Conduct - [X] I agree to follow this project's [Code of Conduct](https://github.com/apache/airflow/blob/main/CODE_OF_CONDUCT.md) -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org