vincbeck commented on code in PR #42473:
URL: https://github.com/apache/airflow/pull/42473#discussion_r1775759483
##########
airflow/api_connexion/security.py:
##########
@@ -126,13 +126,14 @@ def callback():
if dag_id or access or access_entity:
return access
- # No DAG id is provided, the user is not authorized to access all
DAGs and authorization is done
+ # No DAG id is provided: the user is not authorized to access all
DAGs and authorization is done
Review Comment:
Well there is 2 things I think. The first check checking that the user has
access to list these given resources, if not, they get an access denied. Then
after, yes the endpoint is responsible of returning only resources that the
user has access to. We could remove the first one but as a consequence, the
user will get an empty list when trying to lsit something that they do not have
access. I am not sure this is a good user experience
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: commits-unsubscr...@airflow.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
