Fix task group view with Dag-specific read access#67823
Conversation
pierrejeambrun
left a comment
There was a problem hiding this comment.
LGTM, just one question / adjustment to make regarding the TI permission check.
3f74800 to
07282cf
Compare
07282cf to
678502b
Compare
|
Rebased onto current main — the earlier merge conflict is resolved (kept the new 400-on-malformed-asset-expression response from #67489 and scoped the access check so DAG-specific read users can load the task-group view per #62532). 29 structure tests pass; ruff, mypy-airflow-core, and the full pre-commit stage are green. Ready for review. Drafted-by: Claude Code (Opus 4.8); reviewed by @Vamsi-klu before posting |
There was a problem hiding this comment.
This PR doesn't seem to fix what it claims it is:
closes: #62532
Which is about task groups, while this PR targets structure endpoint.
Closing for now unless you can provide more context, fix the description and title. ("Fix task group view", this PR isn't about task group view, but graph view, this is too confusing and looks like unchecked AI generated stuff)
Task group UI structure data now checks normal Dag read access for the requested Dag, and only asks for dependency access when external dependency data is requested.
This lets users who have read access to a specific Dag open the task group view without requiring global Dag read or unrelated task instance permissions. Access to other Dags remains denied, and external dependency data still requires dependency access.
closes: #62532
Tests:
uv run --project airflow-core pytest airflow-core/tests/unit/api_fastapi/core_api/routes/ui/test_structure.py -xvs --with-db-initprek run --from-ref upstream/main --stage manualbreeze ci selective-check --commit-ref 3f748005faprek run --from-ref upstream/main --stage pre-commitpassed all reached hooks exceptgenerate-openapi-spec, which is blocked locally because Breeze needs the Docker CLI to build/use the CI image and this machine has nodockerbinary.Was generative AI tooling used to co-author this PR?
Generated-by: Codex (GPT-5) following the guidelines