Lee-W commented on code in PR #66923:
URL: https://github.com/apache/airflow/pull/66923#discussion_r3240895662
##########
airflow-core/src/airflow/api_fastapi/core_api/routes/public/import_error.py:
##########
@@ -98,11 +98,13 @@ def get_import_error(
# No Dags matched for this file -- either the file genuinely contains
# no Dags (parse failed before any Dag was defined), or the name keys
- # did not resolve. Redact the stacktrace rather than returning the raw
- # error, so the response stays on the deny-by-default side of the
- # authorization check.
+ # did not resolve. There is no per-Dag content to gate on, so trust
+ # callers with unscoped Dag read access (admin-like roles) and only
+ # redact for per-Dag-scoped readers, which we cannot validate without
+ # a Dag anchor.
if not file_dag_ids:
- error.stacktrace = REDACTED_STACKTRACE
+ if not auth_manager.is_authorized_dag(method="GET", user=user):
Review Comment:
wrong fix. took a deeper look. It seems there's no easy fix based on the
current design. I'll change it to a message changing only
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
