Lee-W commented on code in PR #68702:
URL: https://github.com/apache/airflow/pull/68702#discussion_r3453729374
##########
airflow-core/src/airflow/api_fastapi/core_api/security.py:
##########
@@ -823,6 +823,15 @@ def inner(
continue
entity_methods.append((entity_dag_id, "PUT"))
+ partition_selectors_present = (
+ body.partition_key is not None
+ or body.partition_date_start is not None
+ or body.partition_date_end is not None
+ )
+ if not body.dag_runs and partition_selectors_present:
+ if dag_id and dag_id != "~":
+ entity_methods.append((dag_id, "PUT"))
+
Review Comment:
Removing it breaks `test_partition_selector_unauthorized_returns_403`. In
partition mode `dag_runs` is empty, so the `for run in body.dag_runs` loop adds
nothing — this append is the only entry in `entity_methods`. Drop it and
`batch_is_authorized_dag(requests=[])` short-circuits to `all([]) == True`, so
authz passes for everyone.
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
