airflow 0078_2_0_1_remove_can_read_permission_on_config_ 源码

  • 2022-10-20
  • 浏览 (512)

airflow 0078_2_0_1_remove_can_read_permission_onconfig 代码

文件路径:/airflow/migrations/versions/0078_2_0_1_remove_can_read_permission_onconfig.py

#
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements.  See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership.  The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License.  You may obtain a copy of the License at
#
#   http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied.  See the License for the
# specific language governing permissions and limitations
# under the License.
"""Remove ``can_read`` permission on config resource for ``User`` and ``Viewer`` role

Revision ID: 82b7c48c147f
Revises: e959f08ac86c
Create Date: 2021-02-04 12:45:58.138224

"""
from __future__ import annotations

import logging

from airflow.security import permissions
from airflow.www.app import cached_app

# revision identifiers, used by Alembic.
revision = '82b7c48c147f'
down_revision = 'e959f08ac86c'
branch_labels = None
depends_on = None
airflow_version = '2.0.1'


def upgrade():
    """Remove can_read action from config resource for User and Viewer role"""
    log = logging.getLogger()
    handlers = log.handlers[:]

    appbuilder = cached_app(config={'FAB_UPDATE_PERMS': False}).appbuilder
    roles_to_modify = [role for role in appbuilder.sm.get_all_roles() if role.name in ["User", "Viewer"]]
    can_read_on_config_perm = appbuilder.sm.get_permission(
        permissions.ACTION_CAN_READ, permissions.RESOURCE_CONFIG
    )

    for role in roles_to_modify:
        if appbuilder.sm.permission_exists_in_one_or_more_roles(
            permissions.RESOURCE_CONFIG, permissions.ACTION_CAN_READ, [role.id]
        ):
            appbuilder.sm.remove_permission_from_role(role, can_read_on_config_perm)

    log.handlers = handlers


def downgrade():
    """Add can_read action on config resource for User and Viewer role"""
    appbuilder = cached_app(config={'FAB_UPDATE_PERMS': False}).appbuilder
    roles_to_modify = [role for role in appbuilder.sm.get_all_roles() if role.name in ["User", "Viewer"]]
    can_read_on_config_perm = appbuilder.sm.get_permission(
        permissions.ACTION_CAN_READ, permissions.RESOURCE_CONFIG
    )

    for role in roles_to_modify:
        if not appbuilder.sm.permission_exists_in_one_or_more_roles(
            permissions.RESOURCE_CONFIG, permissions.ACTION_CAN_READ, [role.id]
        ):
            appbuilder.sm.add_permission_to_role(role, can_read_on_config_perm)

相关信息

airflow 源码目录

相关文章

airflow 0001_1_5_0_current_schema 源码

airflow 0002_1_5_0_create_is_encrypted 源码

airflow 0003_1_5_0_for_compatibility 源码

airflow 0004_1_5_0_more_logging_into_task_isntance 源码

airflow 0005_1_5_2_job_id_indices 源码

airflow 0006_1_6_0_adding_extra_to_log 源码

airflow 0007_1_6_0_add_dagrun 源码

airflow 0008_1_6_0_task_duration 源码

airflow 0009_1_6_0_dagrun_config 源码

airflow 0010_1_6_2_add_password_column_to_user 源码

0  赞