Tessl Tile for pypi/apache-airflow-providers-common-compat@1.7.0

or run

npx @tessl/cli init

Version

Tile

Overview

Evals

Files

docs

asset-management.md index.md lineage-entities.md notifier-compatibility.md openlineage-integration.md provider-verification.md security-permissions.md standard-components.md version-compatibility.md

security-permissions.mddocs/

0
# Security Permissions
1

2
Security resource constants for assets, backfills, and DAG versions that maintain compatibility across Airflow security model changes. These constants provide consistent resource identifiers for permission management across different Airflow versions.
3

4
## Capabilities
5

6
### Asset Resources
7

8
Resource constants for asset-related permissions.
9

10
```python { .api }
11
RESOURCE_ASSET: str
12
    """
13
    Asset resource permission constant.
14
    
15
    Used for permissions related to asset/dataset management.
16
    Value: "Assets" or "Datasets" depending on Airflow version
17
    """
18

19
RESOURCE_ASSET_ALIAS: str
20
    """
21
    Asset alias resource permission constant.
22
    
23
    Used for permissions related to asset alias management.
24
    Value: "Asset Aliases" or "Dataset Aliases" depending on Airflow version
25
    """
26
```
27

28
### Workflow Resources
29

30
Resource constants for workflow execution permissions.
31

32
```python { .api }
33
RESOURCE_BACKFILL: str
34
    """
35
    Backfill resource permission constant.
36
    
37
    Used for permissions related to backfill operations.
38
    Value: "Backfills"
39
    """
40

41
RESOURCE_DAG_VERSION: str
42
    """
43
    DAG version resource permission constant.
44
    
45
    Used for permissions related to DAG version management.
46
    Value: "DAG Versions"
47
    """
48
```
49

50
## Usage Examples
51

52
```python
53
from airflow.providers.common.compat.security.permissions import (
54
    RESOURCE_ASSET,
55
    RESOURCE_ASSET_ALIAS,
56
    RESOURCE_BACKFILL,
57
    RESOURCE_DAG_VERSION
58
)
59

60
# Use in security decorators
61
from airflow.security import permissions
62
from airflow.www.auth import has_access
63

64
# Asset permissions
65
@has_access(
66
    permissions=[
67
        (permissions.ACTION_CAN_READ, RESOURCE_ASSET),
68
        (permissions.ACTION_CAN_EDIT, RESOURCE_ASSET)
69
    ]
70
)
71
def manage_assets():
72
    """Function that requires asset read/edit permissions."""
73
    pass
74

75
# Asset alias permissions
76
@has_access(
77
    permissions=[
78
        (permissions.ACTION_CAN_CREATE, RESOURCE_ASSET_ALIAS),
79
        (permissions.ACTION_CAN_DELETE, RESOURCE_ASSET_ALIAS)
80
    ]
81
)
82
def manage_asset_aliases():
83
    """Function that requires asset alias create/delete permissions."""
84
    pass
85

86
# Backfill permissions
87
@has_access(
88
    permissions=[
89
        (permissions.ACTION_CAN_CREATE, RESOURCE_BACKFILL),
90
        (permissions.ACTION_CAN_READ, RESOURCE_BACKFILL)
91
    ]
92
)
93
def create_backfill():
94
    """Function that requires backfill permissions."""
95
    pass
96

97
# DAG version permissions
98
@has_access(
99
    permissions=[
100
        (permissions.ACTION_CAN_READ, RESOURCE_DAG_VERSION)
101
    ]
102
)
103
def view_dag_versions():
104
    """Function that requires DAG version read permissions."""
105
    pass
106

107
# Custom permission checking
108
def check_user_permissions(user, action, resource_type):
109
    """
110
    Check if user has permission for specific action on resource.
111
    
112
    Args:
113
        user: User object
114
        action: Action to check (e.g., permissions.ACTION_CAN_READ)
115
        resource_type: Resource type (use constants from this module)
116
    
117
    Returns:
118
        bool: True if user has permission, False otherwise
119
    """
120
    if resource_type == RESOURCE_ASSET:
121
        # Check asset permissions
122
        return user.has_permission(action, RESOURCE_ASSET)
123
    elif resource_type == RESOURCE_BACKFILL:
124
        # Check backfill permissions
125
        return user.has_permission(action, RESOURCE_BACKFILL)
126
    # ... etc
127
    
128
    return False
129

130
# Use in role definitions
131
ASSET_MANAGER_PERMISSIONS = [
132
    (permissions.ACTION_CAN_READ, RESOURCE_ASSET),
133
    (permissions.ACTION_CAN_EDIT, RESOURCE_ASSET),
134
    (permissions.ACTION_CAN_CREATE, RESOURCE_ASSET),
135
    (permissions.ACTION_CAN_DELETE, RESOURCE_ASSET),
136
    (permissions.ACTION_CAN_READ, RESOURCE_ASSET_ALIAS),
137
    (permissions.ACTION_CAN_EDIT, RESOURCE_ASSET_ALIAS),
138
]
139

140
WORKFLOW_MANAGER_PERMISSIONS = [
141
    (permissions.ACTION_CAN_READ, RESOURCE_BACKFILL),
142
    (permissions.ACTION_CAN_CREATE, RESOURCE_BACKFILL),
143
    (permissions.ACTION_CAN_READ, RESOURCE_DAG_VERSION),
144
]
145

146
# Use in Flask-AppBuilder views
147
from flask_appbuilder import BaseView, expose
148
from flask_appbuilder.security.decorators import has_access
149

150
class AssetView(BaseView):
151
    @expose('/list/')
152
    @has_access(
153
        permissions=[
154
            (permissions.ACTION_CAN_READ, RESOURCE_ASSET)
155
        ]
156
    )
157
    def list_assets(self):
158
        """List all assets - requires read permission."""
159
        return self.render_template('assets/list.html')
160
    
161
    @expose('/create/')
162
    @has_access(
163
        permissions=[
164
            (permissions.ACTION_CAN_CREATE, RESOURCE_ASSET)
165
        ]
166
    )
167
    def create_asset(self):
168
        """Create new asset - requires create permission."""
169
        return self.render_template('assets/create.html')
170
```

Version

Tile

Files

security-permissions.md.css-3qkkll{font-size:var(--chakra-font-sizes-sm);font-weight:var(--chakra-font-weights-normal);color:var(--chakra-colors-gray-300);}docs/

security-permissions.mddocs/