def check_authorization(
permissions: Optional[Sequence[Tuple[str, str]]] = None, dag_id: Optional[int] = None
) -> None:
"""Checks that the logged in user has the specified permissions."""
if not permissions:
return
appbuilder = current_app.appbuilder
for permission in permissions:
if permission in (('can_read', 'Dag'), ('can_edit', 'Dag')):
can_access_all_dags = appbuilder.sm.has_access(*permission)
if can_access_all_dags:
continue
action = permission[0]
if can_access_any_dags(action, dag_id):
continue
raise PermissionDenied()
elif not appbuilder.sm.has_access(*permission):
raise PermissionDenied()
def get_config() -> Response:
"""Get current configuration."""
serializer = {
'text/plain': _config_to_text,
'application/json': _config_to_json,
}
return_type = request.accept_mimetypes.best_match(serializer.keys())
if return_type not in serializer:
return Response(status=406)
elif conf.getboolean("webserver", "expose_config"):
conf_dict = conf.as_dict(display_source=False, display_sensitive=True)
config = _conf_dict_to_config(conf_dict)
config_text = serializer[return_type](config)
return Response(config_text, headers={'Content-Type': return_type})
else:
raise PermissionDenied(detail=(
'Your Airflow administrator chose not to expose the configuration, most likely for security'
' reasons.'))
def decorated(*args, **kwargs):
check_authentication()
if appbuilder.sm.check_authorization(permissions,
kwargs.get('dag_id')):
return func(*args, **kwargs)
raise PermissionDenied()