airflow-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From GitBox <...@apache.org>
Subject [GitHub] smithakoduri closed pull request #4118: [AIRFLOW-3271] Airflow RBAC Permissions modification via UI do not persist
Date Tue, 13 Nov 2018 19:12:56 GMT
smithakoduri closed pull request #4118: [AIRFLOW-3271] Airflow RBAC Permissions modification
via UI do not persist
URL: https://github.com/apache/incubator-airflow/pull/4118
 
 
   

This is a PR merged from a forked repository.
As GitHub hides the original diff on merge, it is displayed below for
the sake of provenance:

As this is a foreign pull request (from a fork), the diff is supplied
below (as it won't show otherwise due to GitHub magic):

diff --git a/airflow/www_rbac/security.py b/airflow/www_rbac/security.py
index 6bb67d4d83..8f9b6287ac 100644
--- a/airflow/www_rbac/security.py
+++ b/airflow/www_rbac/security.py
@@ -181,13 +181,17 @@ def init_role(self, role_name, role_vms, role_perms):
         if not role:
             role = self.add_role(role_name)
 
-        role_pvms = []
-        for pvm in pvms:
-            if pvm.view_menu.name in role_vms and pvm.permission.name in role_perms:
-                role_pvms.append(pvm)
-        role.permissions = list(set(role_pvms))
-        self.get_session.merge(role)
-        self.get_session.commit()
+        if len(role.permissions) == 0:
+            logging.info('Initializing permissions for role:%s in the database.', role_name)
+            role_pvms = []
+            for pvm in pvms:
+                if pvm.view_menu.name in role_vms and pvm.permission.name in role_perms:
+                    role_pvms.append(pvm)
+            role.permissions = list(set(role_pvms))
+            self.get_session.merge(role)
+            self.get_session.commit()
+        else:
+            logging.info('Existing permissions for the role:%s within the database will persist.',
role_name)
 
     def get_user_roles(self, user=None):
         """
diff --git a/tests/www_rbac/test_security.py b/tests/www_rbac/test_security.py
index 6e0b572639..9b32a86c9c 100644
--- a/tests/www_rbac/test_security.py
+++ b/tests/www_rbac/test_security.py
@@ -107,6 +107,21 @@ def test_init_role_modelview(self):
         self.assertIsNotNone(role)
         self.assertEqual(len(role_perms), len(role.permissions))
 
+    def test_update_and_verify_permission_role(self):
+        role_name = 'Test_Role'
+        self.security_manager.init_role(role_name, [], [])
+        role = self.security_manager.find_role(role_name)
+
+        perm = self.security_manager.\
+            find_permission_view_menu('can_edit', 'RoleModelView')
+        self.security_manager.add_permission_role(role, perm)
+        role_perms_len = len(role.permissions)
+
+        self.security_manager.init_role(role_name, [], [])
+        new_role_perms_len = len(role.permissions)
+
+        self.assertEqual(role_perms_len, new_role_perms_len)
+
     def test_get_user_roles(self):
         user = mock.MagicMock()
         user.is_anonymous = False
diff --git a/tests/www_rbac/test_views.py b/tests/www_rbac/test_views.py
index 4b6d9d7d12..746f27abd4 100644
--- a/tests/www_rbac/test_views.py
+++ b/tests/www_rbac/test_views.py
@@ -962,6 +962,9 @@ def add_permission_for_role(self):
         all_dag_role = self.appbuilder.sm.find_role('all_dag_role')
         self.appbuilder.sm.add_permission_role(all_dag_role, perm_on_all_dag)
 
+        role_user = self.appbuilder.sm.find_role('User')
+        self.appbuilder.sm.add_permission_role(role_user, perm_on_all_dag)
+
         read_only_perm_on_dag = self.appbuilder.sm.\
             find_permission_view_menu('can_dag_read', 'example_bash_operator')
         dag_read_only_role = self.appbuilder.sm.find_role('dag_acl_read_only')


 

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services

Mime
View raw message