vincbeck commented on PR #54197: URL: https://github.com/apache/airflow/pull/54197#issuecomment-3168362679
My concern with this approach is each auth manager needs to implement their own logic: "is the user is authorized to access at least one DAG?". Depending on the auth manager underlying service/tool it is using, it can be complex to check that. Very often, I think, it will end up using `get_authorized_dag_ids` like `FabAuthManager` is doing today. The solution you are proposing is a valid solution but only for `FabAuthManager`, ideally I would like to solve this issue across all auth managers. Another possible solution is to add a new method `LIST` as part of `ResourceMethod = Literal["GET", "POST", "PUT", "DELETE"]`. This way, will be super simple to check whether the user has permissions to list resources: `auth_manager.is_authorized_dag(method="LIST")`. Then each auth manager needs to handle this new method. On `FabAuthManager` side, we could use the technique you described. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
