gschuurman commented on code in PR #59564:
URL: https://github.com/apache/airflow/pull/59564#discussion_r2695596456
##########
airflow-core/src/airflow/api_fastapi/auth/managers/base_auth_manager.py:
##########
@@ -75,7 +75,7 @@
# List of methods (or actions) a user can do against a resource
ResourceMethod = Literal["GET", "POST", "PUT", "DELETE"]
# Extends ``ResourceMethod`` to include "MENU". The method "MENU" is only
supported with specific resources (menu items)
-ExtendedResourceMethod = Literal["GET", "POST", "PUT", "DELETE", "MENU"]
+ExtendedResourceMethod = Literal["GET", "POST", "PUT", "DELETE", "MENU",
"PATCH"]
Review Comment:
I completely agree, PUT and PATCH are identical regarding the required
permissions. This makes me question If the required in the acctual endpoint
should have been PUT instead of PATCH. That would be an easier fix, with less
impact to the rest of the airflow codebase and any custom authentication
manager.
As for me, I made a temorary overloaded method in my own AuthManager to keep
the api endpoint working:
``` python
def is_authorized_custom_view(
self, *, method: ResourceMethod | str, resource_name: str, user:
User
) -> bool:
if method == "PATCH":
method = "PUT"
return super().is_authorized_custom_view(
method=method,
resource_name=resource_name,
user=user
)
```
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
