amoghrajesh commented on code in PR #69471:
URL: https://github.com/apache/airflow/pull/69471#discussion_r3593902019
##########
airflow-core/src/airflow/api_fastapi/core_api/security.py:
##########
@@ -198,6 +199,51 @@ def inner(
return inner
+def requires_access_dag_from_file_token(
+ method: ResourceMethod,
+) -> Callable[[str, Request, BaseUser, Session], None]:
+ """
+ Authorize the caller against the Dags a signed ``file_token`` resolves to.
+
+ For endpoints keyed on a ``file_token`` rather than a ``dag_id`` (e.g.
reparse). The token
+ is decoded to the file it points at, and the caller is authorized against
exactly the Dags
+ defined in that file — never against a request parameter.
+ """
Review Comment:
```suggestion
"""
Authorize the caller against the DAGs referenced by a signed
``file_token``.
For ``file_token`` based endpoints (such as ``reparse``), the token is
resolved to its referenced file, and authorization is performed against exactly
the DAGs defined in that file, never against a request parameter.
"""
```
nit
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]