pierrejeambrun commented on code in PR #59564: URL: https://github.com/apache/airflow/pull/59564#discussion_r2698135819
########## airflow-core/src/airflow/api_fastapi/auth/managers/base_auth_manager.py: ########## @@ -75,7 +75,7 @@ # List of methods (or actions) a user can do against a resource ResourceMethod = Literal["GET", "POST", "PUT", "DELETE"] # Extends ``ResourceMethod`` to include "MENU". The method "MENU" is only supported with specific resources (menu items) -ExtendedResourceMethod = Literal["GET", "POST", "PUT", "DELETE", "MENU"] +ExtendedResourceMethod = Literal["GET", "POST", "PUT", "DELETE", "MENU", "PATCH"] Review Comment: >I do not think we want 1:1 mapping between APIs and HTTP verbs. For example, the difference between PUT and PATCH is that PUT replaces an entire resource, while PATCH applies partial modifications to a resource. We do not make such difference in our APIs and auth model, and we should not. The list of methods in our auth model must be a subset of HTTP verbs, HTTP verbs are too granular. > Maybe taking HTTP terminology to specify a method/action in our auth model was not a good idea because it can create confusion but I definitely do not think we should support all HTTP verbs in our auth model. Makes sense to me to see it that way. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
