def check_authorization( permissions: Optional[Sequence[Tuple[str, str]]] = None, dag_id: Optional[int] = None ) -> None: """Checks that the logged in user has the specified permissions.""" if not permissions: return appbuilder = current_app.appbuilder for permission in permissions: if permission in (('can_read', 'Dag'), ('can_edit', 'Dag')): can_access_all_dags = appbuilder.sm.has_access(*permission) if can_access_all_dags: continue action = permission[0] if can_access_any_dags(action, dag_id): continue raise PermissionDenied() elif not appbuilder.sm.has_access(*permission): raise PermissionDenied()
def get_config() -> Response: """Get current configuration.""" serializer = { 'text/plain': _config_to_text, 'application/json': _config_to_json, } return_type = request.accept_mimetypes.best_match(serializer.keys()) if return_type not in serializer: return Response(status=406) elif conf.getboolean("webserver", "expose_config"): conf_dict = conf.as_dict(display_source=False, display_sensitive=True) config = _conf_dict_to_config(conf_dict) config_text = serializer[return_type](config) return Response(config_text, headers={'Content-Type': return_type}) else: raise PermissionDenied(detail=( 'Your Airflow administrator chose not to expose the configuration, most likely for security' ' reasons.'))
def decorated(*args, **kwargs): check_authentication() if appbuilder.sm.check_authorization(permissions, kwargs.get('dag_id')): return func(*args, **kwargs) raise PermissionDenied()