Skip to content

Commit

Permalink
Fix permission check on DAGs when access_entity is specified (#37290)
Browse files Browse the repository at this point in the history 
(cherry picked from commit 2adbe88)
  • Loading branch information
@vincbeck @ephraimbuddy
vincbeck authored and ephraimbuddy committed Feb 20, 2024
1 parent 99fcdb8 commit a7fa258
Showing 1 changed file with 3 additions and 2 deletions.
5 changes: 3 additions & 2 deletions airflow/api_connexion/security.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -145,10 +145,11 @@ def callback():
# ``access`` means here:
# - if a DAG id is provided (``dag_id`` not None): is the user authorized to access this DAG
# - if no DAG id is provided: is the user authorized to access all DAGs
if dag_id or access:
if dag_id or access or access_entity:
return access

# No DAG id is provided and the user is not authorized to access all DAGs
# No DAG id is provided, the user is not authorized to access all DAGs and authorization is done
# on DAG level
# If method is "GET", return whether the user has read access to any DAGs
# If method is "PUT", return whether the user has edit access to any DAGs
return (method == "GET" and any(get_auth_manager().get_permitted_dag_ids(methods=["GET"]))) or (
Expand Down

0 comments on commit a7fa258

Please sign in to comment.