Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow PATCH role endpoint to remove permissions not included in PATCH call #29132

Closed
wants to merge 1 commit into from

Conversation

tseruga
Copy link

@tseruga tseruga commented Jan 24, 2023

closes: #25734

Rationale:
PATCH /api/v1/roles/[role] previously would only ever append permissions to a role, never removing permissions that were omitted from the PATCH call. This makes it impossible to programmatically remove permissions from a role via the API.

Change:
This change changes the behavior of the PATCH api for roles to allow for both adding and removing permissions based on which permissions are passed via the PATCH call.

Permissions omitted from the API call are removed from the role. Permissions passed via the API call are added to the role.

Notes:
This technically could be considered a breaking change. The way the PATCH endpoint is currently implemented is not how it should work (based on how PATCH endpoints generally work) but users could have built their systems using this awkward behavior.

@boring-cyborg boring-cyborg bot added area:API Airflow's REST/HTTP API area:webserver Webserver related Issues labels Jan 24, 2023
@boring-cyborg
Copy link

boring-cyborg bot commented Jan 24, 2023

Congratulations on your first Pull Request and welcome to the Apache Airflow community! If you have any issues or are unsure about any anything please check our Contribution Guide (https://github.com/apache/airflow/blob/main/CONTRIBUTING.rst)
Here are some useful points:

  • Pay attention to the quality of your code (ruff, mypy and type annotations). Our pre-commits will help you with that.
  • In case of a new feature add useful documentation (in docstrings or in docs/ directory). Adding a new operator? Check this short guide Consider adding an example DAG that shows how users should use it.
  • Consider using Breeze environment for testing locally, it's a heavy docker but it ships with a working Airflow and a lot of integrations.
  • Be patient and persistent. It might take some time to get a review or get the final approval from Committers.
  • Please follow ASF Code of Conduct for all communication including (but not limited to) comments on Pull Requests, Mailing list and Slack.
  • Be sure to read the Airflow Coding style.
    Apache Airflow is a community-driven project and together we are making it better 🚀.
    In case of doubts contact the developers at:
    Mailing List: [email protected]
    Slack: https://s.apache.org/airflow-slack

Copy link
Member

@potiuk potiuk left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for long no response.

I think this is not the right approach I believe. What currently the PR implements is really "PUT" semantics, not "PATCH". What PATCH should do is to be able to specifically say "ADD" / "DELETE" instead of replacing the whole content. So there should be (ideally backwards compatible) way of applying PATCH.

I think a good way explaining it, and possible approach is here (with explanation why the approach is PUT disguised in PATCH:

https://medium.com/@isuru89/a-better-way-to-implement-http-patch-operation-in-rest-apis-721396ac82bf

@github-actions
Copy link

github-actions bot commented Apr 6, 2023

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed in 5 days if no further activity occurs. Thank you for your contributions.

@github-actions github-actions bot added the stale Stale PRs per the .github/workflows/stale.yml policy file label Apr 6, 2023
@github-actions github-actions bot closed this Apr 11, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area:API Airflow's REST/HTTP API area:webserver Webserver related Issues stale Stale PRs per the .github/workflows/stale.yml policy file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Can't remove permission from a role using the API
2 participants