Skip to content

Commit

Permalink
[AIRFLOW-4020] Remove viewer DAG edit permissions (#4845)
Browse files Browse the repository at this point in the history 
(cherry picked from commit dda309e)
  • Loading branch information
@kaxil
Tao Feng authored and kaxil committed Dec 17, 2019
1 parent 38a46e8 commit c3474b8
Show file tree
Hide file tree
Showing 2 changed files with 17 additions and 4 deletions.
11 changes: 8 additions & 3 deletions airflow/www_rbac/security.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -129,19 +129,24 @@
'all_dags'
}

DAG_PERMS = {
'can_dag_read',
WRITE_DAG_PERMS = {
'can_dag_edit',
}

READ_DAG_PERMS = {
'can_dag_read',
}

DAG_PERMS = WRITE_DAG_PERMS | READ_DAG_PERMS

###########################################################################
# DEFAULT ROLE CONFIGURATIONS
###########################################################################

ROLE_CONFIGS = [
{
'role': 'Viewer',
'perms': VIEWER_PERMS,
'perms': VIEWER_PERMS | READ_DAG_PERMS,
'vms': VIEWER_VMS | DAG_VMS,
},
{
Expand Down
10 changes: 9 additions & 1 deletion tests/www_rbac/test_views.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1255,7 +1255,7 @@ def login(self, username=None, password=None):
role=role_user,
password='test_user')

role_viewer = self.appbuilder.sm.find_role('User')
role_viewer = self.appbuilder.sm.find_role('Viewer')
test_viewer = self.appbuilder.sm.find_user(username='test_viewer')
if not test_viewer:
self.appbuilder.sm.add_user(
Expand Down Expand Up @@ -1803,6 +1803,14 @@ def test_tree_view_for_viewer(self):
resp = self.client.get(url, follow_redirects=True)
self.check_content_in_response('runme_1', resp)

def test_refresh_failure_for_viewer(self):
# viewer role can't refresh
self.logout()
self.login(username='test_viewer',
password='test_viewer')
resp = self.client.get('refresh?dag_id=example_bash_operator')
self.check_content_in_response('Redirecting', resp, resp_code=302)


class TestTaskInstanceView(TestBase):
TI_ENDPOINT = '/taskinstance/list/?_flt_0_execution_date={}'
Expand Down

0 comments on commit c3474b8

Please sign in to comment.