[airflow] branch main updated: Use requires_access to check read permission on dag instead of checking it explicitly (#34940)

Mon, 16 Oct 2023 08:35:11 -0700 

This is an automated email from the ASF dual-hosted git repository.

potiuk pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new 9b06798a28 Use requires_access to check read permission on dag instead 
of checking it explicitly (#34940)
9b06798a28 is described below

commit 9b06798a28bbdc5fbd00716f9a1b8bd3b94eebb2
Author: Hussein Awala <huss...@awala.fr>
AuthorDate: Mon Oct 16 17:34:57 2023 +0200

    Use requires_access to check read permission on dag instead of checking it 
explicitly (#34940)
---
 airflow/api_connexion/endpoints/dag_warning_endpoint.py | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/airflow/api_connexion/endpoints/dag_warning_endpoint.py 
b/airflow/api_connexion/endpoints/dag_warning_endpoint.py
index 367b0ae104..c9d8207b0f 100644
--- a/airflow/api_connexion/endpoints/dag_warning_endpoint.py
+++ b/airflow/api_connexion/endpoints/dag_warning_endpoint.py
@@ -22,7 +22,6 @@ from flask import g
 from sqlalchemy import select
 
 from airflow.api_connexion import security
-from airflow.api_connexion.exceptions import PermissionDenied
 from airflow.api_connexion.parameters import apply_sorting, check_limit, 
format_parameters
 from airflow.api_connexion.schemas.dag_warning_schema import (
     DagWarningCollection,
@@ -40,7 +39,12 @@ if TYPE_CHECKING:
     from airflow.api_connexion.types import APIResponse
 
 
-@security.requires_access([(permissions.ACTION_CAN_READ, 
permissions.RESOURCE_DAG_WARNING)])
+@security.requires_access(
+    [
+        (permissions.ACTION_CAN_READ, permissions.RESOURCE_DAG),
+        (permissions.ACTION_CAN_READ, permissions.RESOURCE_DAG_WARNING),
+    ]
+)
 @format_parameters({"limit": check_limit})
 @provide_session
 def get_dag_warnings(
@@ -60,8 +64,6 @@ def get_dag_warnings(
     allowed_filter_attrs = ["dag_id", "warning_type", "message", "timestamp"]
     query = select(DagWarningModel)
     if dag_id:
-        if not get_airflow_app().appbuilder.sm.can_read_dag(dag_id, g.user):
-            raise PermissionDenied(detail=f"User not allowed to access this 
DAG: {dag_id}")
         query = query.where(DagWarningModel.dag_id == dag_id)
     else:
         readable_dags = 
get_airflow_app().appbuilder.sm.get_accessible_dag_ids(g.user)

Reply via email to