(airflow) branch main updated: Add read access to pools for viewer role (#35352)

Tue, 05 Dec 2023 07:52:50 -0800 

This is an automated email from the ASF dual-hosted git repository.

eladkal pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/airflow.git


The following commit(s) were added to refs/heads/main by this push:
     new 8ae67a04e9 Add read access to pools for viewer role (#35352)
8ae67a04e9 is described below

commit 8ae67a04e9a5982b30e46f9ffd3ec3b895bccd79
Author: Marek Hanuš <[email protected]>
AuthorDate: Tue Dec 5 16:52:29 2023 +0100

    Add read access to pools for viewer role (#35352)
    
    Cluster Activity UI shows `FAILED TO FETCH DATA` error in pools section. 
Users with Viewer role do not have permission to read pools.
---
 airflow/auth/managers/fab/security_manager/override.py | 2 +-
 tests/www/test_security.py                             | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/airflow/auth/managers/fab/security_manager/override.py 
b/airflow/auth/managers/fab/security_manager/override.py
index 60de860091..a78ab76ecd 100644
--- a/airflow/auth/managers/fab/security_manager/override.py
+++ b/airflow/auth/managers/fab/security_manager/override.py
@@ -209,6 +209,7 @@ class 
FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
         (permissions.ACTION_CAN_READ, permissions.RESOURCE_DAG_RUN),
         (permissions.ACTION_CAN_READ, permissions.RESOURCE_DATASET),
         (permissions.ACTION_CAN_READ, permissions.RESOURCE_CLUSTER_ACTIVITY),
+        (permissions.ACTION_CAN_READ, permissions.RESOURCE_POOL),
         (permissions.ACTION_CAN_READ, permissions.RESOURCE_IMPORT_ERROR),
         (permissions.ACTION_CAN_READ, permissions.RESOURCE_DAG_WARNING),
         (permissions.ACTION_CAN_READ, permissions.RESOURCE_JOB),
@@ -266,7 +267,6 @@ class 
FabAirflowSecurityManagerOverride(AirflowSecurityManagerV2):
         (permissions.ACTION_CAN_EDIT, permissions.RESOURCE_CONNECTION),
         (permissions.ACTION_CAN_DELETE, permissions.RESOURCE_CONNECTION),
         (permissions.ACTION_CAN_CREATE, permissions.RESOURCE_POOL),
-        (permissions.ACTION_CAN_READ, permissions.RESOURCE_POOL),
         (permissions.ACTION_CAN_EDIT, permissions.RESOURCE_POOL),
         (permissions.ACTION_CAN_DELETE, permissions.RESOURCE_POOL),
         (permissions.ACTION_CAN_READ, permissions.RESOURCE_PROVIDER),
diff --git a/tests/www/test_security.py b/tests/www/test_security.py
index d7aaa0d29e..0d97ce6ff2 100644
--- a/tests/www/test_security.py
+++ b/tests/www/test_security.py
@@ -429,6 +429,7 @@ def test_get_user_roles_for_anonymous_user(app, 
security_manager):
         (permissions.ACTION_CAN_READ, permissions.RESOURCE_DAG_WARNING),
         (permissions.ACTION_CAN_READ, permissions.RESOURCE_JOB),
         (permissions.ACTION_CAN_READ, permissions.RESOURCE_PLUGIN),
+        (permissions.ACTION_CAN_READ, permissions.RESOURCE_POOL),
         (permissions.ACTION_CAN_READ, permissions.RESOURCE_SLA_MISS),
         (permissions.ACTION_CAN_READ, permissions.RESOURCE_TASK_INSTANCE),
         (permissions.ACTION_CAN_READ, permissions.RESOURCE_TASK_LOG),

Reply via email to