Skip to content

Commit

Permalink
Use requires_access to check read permission on dag instead of checki…
Browse files Browse the repository at this point in the history 
…ng it explicitly (#34940)
  • Loading branch information
@hussein-awala
hussein-awala committed Oct 16, 2023
1 parent 84d9940 commit 9b06798
Showing 1 changed file with 6 additions and 4 deletions.
10 changes: 6 additions & 4 deletions airflow/api_connexion/endpoints/dag_warning_endpoint.py
View file
Expand Up @@ -22,7 +22,6 @@
from sqlalchemy import select

from airflow.api_connexion import security
from airflow.api_connexion.exceptions import PermissionDenied
from airflow.api_connexion.parameters import apply_sorting, check_limit, format_parameters
from airflow.api_connexion.schemas.dag_warning_schema import (
DagWarningCollection,
Expand All @@ -40,7 +39,12 @@
from airflow.api_connexion.types import APIResponse


@security.requires_access([(permissions.ACTION_CAN_READ, permissions.RESOURCE_DAG_WARNING)])
@security.requires_access(
[
(permissions.ACTION_CAN_READ, permissions.RESOURCE_DAG),
(permissions.ACTION_CAN_READ, permissions.RESOURCE_DAG_WARNING),
]
)
@format_parameters({"limit": check_limit})
@provide_session
def get_dag_warnings(
Expand All @@ -60,8 +64,6 @@ def get_dag_warnings(
allowed_filter_attrs = ["dag_id", "warning_type", "message", "timestamp"]
query = select(DagWarningModel)
if dag_id:
if not get_airflow_app().appbuilder.sm.can_read_dag(dag_id, g.user):
raise PermissionDenied(detail=f"User not allowed to access this DAG: {dag_id}")
query = query.where(DagWarningModel.dag_id == dag_id)
else:
readable_dags = get_airflow_app().appbuilder.sm.get_accessible_dag_ids(g.user)
Expand Down

0 comments on commit 9b06798

Please sign in to comment.