Split up the return statement in _is_authorized_callback for clarity (a…

…pache#42473) Co-authored-by: Vincent <[email protected]>
aws-mwaa · Sep 26, 2024 · 291048a · 291048a
1 parent 2beb6a7
commit 291048a
Showing 1 changed file with 6 additions and 7 deletions.
diff --git a/airflow/api_connexion/security.py b/airflow/api_connexion/security.py
@@ -126,13 +126,12 @@ def callback():
             if dag_id or access or access_entity:
                 return access
 
-            # No DAG id is provided, the user is not authorized to access all DAGs and authorization is done
-            # on DAG level
-            # If method is "GET", return whether the user has read access to any DAGs
-            # If method is "PUT", return whether the user has edit access to any DAGs
-            return (method == "GET" and any(get_auth_manager().get_permitted_dag_ids(methods=["GET"]))) or (
-                method == "PUT" and any(get_auth_manager().get_permitted_dag_ids(methods=["PUT"]))
-            )
+            # dag_id is not provided, and the user is not authorized to access *all* DAGs
+            # so we check that the user can access at least *one* dag
+            # but we leave it to the endpoint function to properly restrict access beyond that
+            if method not in ("GET", "PUT"):
+                return False
+            return any(get_auth_manager().get_permitted_dag_ids(methods=[method]))
 
         return callback