vincbeck commented on code in PR #34317: URL: https://github.com/apache/airflow/pull/34317#discussion_r1355567508
########## airflow/api_connexion/endpoints/task_endpoint.py: ########## @@ -22,21 +22,16 @@ from airflow.api_connexion import security from airflow.api_connexion.exceptions import BadRequest, NotFound from airflow.api_connexion.schemas.task_schema import TaskCollection, task_collection_schema, task_schema +from airflow.auth.managers.models.resource_details import DagAccessEntity from airflow.exceptions import TaskNotFound -from airflow.security import permissions from airflow.utils.airflow_flask_app import get_airflow_app if TYPE_CHECKING: from airflow import DAG from airflow.api_connexion.types import APIResponse -@security.requires_access( - [ - (permissions.ACTION_CAN_READ, permissions.RESOURCE_DAG), - (permissions.ACTION_CAN_READ, permissions.RESOURCE_TASK_INSTANCE), - ], -) +@security.requires_access_dag("GET", DagAccessEntity.TASK_INSTANCE) Review Comment: Ah I see! Yes I dont check for DAG run permissions for task instance endpoints now because I thought it was not necessary. But it seems it is necessary. Let me add that back -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org