Skip to content

Fix task group view with Dag-specific read access#67823

Closed
Vamsi-klu wants to merge 1 commit into
apache:mainfrom
Vamsi-klu:codex/62532-task-group-dag-perms
Closed

Fix task group view with Dag-specific read access#67823
Vamsi-klu wants to merge 1 commit into
apache:mainfrom
Vamsi-klu:codex/62532-task-group-dag-perms

Conversation

@Vamsi-klu

Copy link
Copy Markdown
Contributor

Task group UI structure data now checks normal Dag read access for the requested Dag, and only asks for dependency access when external dependency data is requested.

This lets users who have read access to a specific Dag open the task group view without requiring global Dag read or unrelated task instance permissions. Access to other Dags remains denied, and external dependency data still requires dependency access.

closes: #62532

Tests:

  • uv run --project airflow-core pytest airflow-core/tests/unit/api_fastapi/core_api/routes/ui/test_structure.py -xvs --with-db-init
  • prek run --from-ref upstream/main --stage manual
  • breeze ci selective-check --commit-ref 3f748005fa
  • prek run --from-ref upstream/main --stage pre-commit passed all reached hooks except generate-openapi-spec, which is blocked locally because Breeze needs the Docker CLI to build/use the CI image and this machine has no docker binary.

Was generative AI tooling used to co-author this PR?
  • Yes — Codex (GPT-5)

Generated-by: Codex (GPT-5) following the guidelines

@boring-cyborg boring-cyborg Bot added the area:API Airflow's REST/HTTP API label Jun 1, 2026
@Vamsi-klu Vamsi-klu marked this pull request as ready for review June 1, 2026 01:16
@potiuk potiuk added the ready for maintainer review Set after triaging when all criteria pass. label Jun 3, 2026

@pierrejeambrun pierrejeambrun left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, just one question / adjustment to make regarding the TI permission check.

@Vamsi-klu Vamsi-klu force-pushed the codex/62532-task-group-dag-perms branch from 3f74800 to 07282cf Compare June 20, 2026 16:32
@Vamsi-klu Vamsi-klu force-pushed the codex/62532-task-group-dag-perms branch from 07282cf to 678502b Compare June 20, 2026 19:49
@Vamsi-klu

Copy link
Copy Markdown
Contributor Author

Rebased onto current main — the earlier merge conflict is resolved (kept the new 400-on-malformed-asset-expression response from #67489 and scoped the access check so DAG-specific read users can load the task-group view per #62532). 29 structure tests pass; ruff, mypy-airflow-core, and the full pre-commit stage are green. Ready for review.


Drafted-by: Claude Code (Opus 4.8); reviewed by @Vamsi-klu before posting

@pierrejeambrun pierrejeambrun left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This PR doesn't seem to fix what it claims it is:

closes: #62532

Which is about task groups, while this PR targets structure endpoint.

Closing for now unless you can provide more context, fix the description and title. ("Fix task group view", this PR isn't about task group view, but graph view, this is too confusing and looks like unchecked AI generated stuff)

pierrejeambrun
pierrejeambrun previously approved these changes Jun 23, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

area:API Airflow's REST/HTTP API ready for maintainer review Set after triaging when all criteria pass.

Projects

None yet

Development

Successfully merging this pull request may close these issues.

DAG-specific permissions (DAG:*) not respected for task group view endpoints

3 participants