airflow-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Sid Anand <san...@apache.org>
Subject Re: How to handle Group filtering in RBAC?
Date Wed, 01 Aug 2018 01:14:24 GMT
This looks like a great feature.

Another piece of functionality that would be nice on the UI is to filter
dags by owner, not just by the person logged in. So, if I wanted to see
Bob's or Bill's DAGs in the main landing page, by typing in Bob or Bill's
user names, the DAG view would filters DAGs shown.

On Tue, Jul 31, 2018 at 3:18 AM Luangsay Sourygna <luangsay@gmail.com>
wrote:

> Hi all,
>
>
> I've just tested the last version of Aiflow with the new RBAC feature. It
> looks great.
>
> However, I miss the possibility to do "Group filtering".
>
> That is: I only want users to be able to auto register if they belong to a
> specific (ldap) group.
>
>
> I have been able to add this feature by modifying a bit the code:
>
>
> [root@18bc31801cc3 airflow]# diff
>
> /usr/lib/python2.7/site-packages/Flask_AppBuilder-1.11.1-py2.7.egg/flask_appbuilder/security/manager.py
> /tmp/manager.py
>
> 290,297d289
>
> <     def auth_ldap_group_field(self):
>
> <         return self.appbuilder.get_app.config['AUTH_LDAP_GROUP_FIELD']
>
> <
>
> <     @property
>
> <     def auth_ldap_allowed_group_auto_registration_field(self):
>
> <         return
> self.appbuilder.get_app.config['AUTH_LDAP_ALLOWED_GROUP_AUTO_REGISTRATION']
>
> <
>
> <     @property
>
> 610d601
>
> <                              self.auth_ldap_group_field,
>
> 706,708d697
>
> <                         if not
> self.auth_ldap_allowed_group_auto_registration_field in
> ldap_user_info[self.auth_ldap_group_field]:
>
> <                             log.warning(username + " cannot auto register
> because it does not belong to the group " +
> self.auth_ldap_allowed_group_auto_registration_field)
>
> <                             return None
>
>
>
>
> However, before proposing to push this upstream, I would like to know if
> some of you have some better ideas about how to handle this group problem?
>
> What is more, in my changes I modify Flask and not Airflow, so maybe I
> should look at another way to solve my requirement.
>
>
> Regards,
>
>
> Sourygna
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message