Skip to content

fix(UI): show 403 error when unauthorized user reparses DAG#61560

Merged
pierrejeambrun merged 3 commits intoapache:mainfrom
liamkernan:fix-reparse-dag-403-error
Mar 11, 2026
Merged

fix(UI): show 403 error when unauthorized user reparses DAG#61560
pierrejeambrun merged 3 commits intoapache:mainfrom
liamkernan:fix-reparse-dag-403-error

Conversation

@liamkernan
Copy link
Contributor

@liamkernan liamkernan commented Feb 6, 2026

When a Viewer/Author tries to reparse a DAG, the API correctly returns 403 but the UI shows a misleading generic error ("Dag parsing request failed"). This checks the error status code and shows an "Access Denied" toast for 403 responses instead.

Closes #61459

Made with Cursor

@boring-cyborg boring-cyborg bot added area:translations area:UI Related to UI/UX. For Frontend Developers. translation:default labels Feb 6, 2026
@liamkernan liamkernan mentioned this pull request Feb 6, 2026
Closed
2 tasks
@bbovenzi
Copy link
Contributor

bbovenzi commented Feb 11, 2026

Can we check the actual API error response to see if we're just presenting the wrong message? It would be better to send and display the correct errors from the API instead of manually creating error messages in the UI

pierrejeambrun
pierrejeambrun approved these changes Feb 12, 2026
View reviewed changes
Copy link
Member

@pierrejeambrun pierrejeambrun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM and working as expected, thanks.

Just one nit.

@pierrejeambrun pierrejeambrun added the backport-to-v3-1-test Mark PR with this label to backport to v3-1-test branch label Feb 12, 2026
@pierrejeambrun pierrejeambrun added this to the Airflow 3.1.8 milestone Feb 12, 2026
@pierrejeambrun
Copy link
Member

pierrejeambrun commented Feb 12, 2026
edited
Loading

Can we check the actual API error response to see if we're just presenting the wrong message? It would be better to send and display the correct errors from the API instead of manually creating error messages in the UI

API just returns {detail: "Forbidden"} on 403. Which is correct, but displaying that raw isn't great for users. (We do that at other places).

We can globally remap the 403 with 'details: Forbidden' to a generic message. "You do not have permission to perform this action". Which will prevent the need from doing a mapping between the front-end while still displaying something a little bit more explicit.

@bbovenzi
Copy link
Contributor

bbovenzi commented Feb 12, 2026

Yes lets make a single generic 403 message to use across the UI

@pierrejeambrun pierrejeambrun mentioned this pull request Feb 12, 2026
Open
pierrejeambrun
pierrejeambrun reviewed Feb 12, 2026
View reviewed changes
Copy link
Member

@pierrejeambrun pierrejeambrun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Update: I chatted with Brent, we believe a generic handler is better

@eladkal
Copy link
Contributor

eladkal commented Mar 3, 2026

@liamkernan can you handle the open comments?

@liamkernan
Copy link
Contributor Author

liamkernan commented Mar 3, 2026

Finished; let me know if there's anything else I can tweak or improve.

@eladkal eladkal modified the milestones: Airflow 3.1.9, Airflow 3.1.8 Mar 3, 2026
@ephraimbuddy
Copy link
Contributor

ephraimbuddy commented Mar 4, 2026

Moved to 3.1.9 as the PR is not ready yet cc @pierrejeambrun

liamkernan and others added 2 commits March 10, 2026 12:27
@liamkernan @cursoragent @pierrejeambrun
fix(UI): show permission error when unauthorized user tries to repars…
5e200c7 
…e DAG

When a Viewer or Author without edit permission tries to reparse a DAG,
the API returns 403 but the UI shows a generic "Dag parsing request
failed" message. This checks the error status and shows an appropriate
"Access Denied" toast instead.

Closes apache#61459

Co-authored-by: Cursor <cursoragent@cursor.com>
@liamkernan @pierrejeambrun
Generalize 403 permission toast handling in UI
7ec8e9c 
Move the forbidden toast copy to common translations and route DAG reparse mutation errors through a shared error toaster helper so 403 responses consistently show a reusable access-denied message.

Made-with: Cursor
pierrejeambrun
pierrejeambrun reviewed Mar 10, 2026
View reviewed changes
Copy link
Member

@pierrejeambrun pierrejeambrun left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looking good, just one nit.

@pierrejeambrun pierrejeambrun force-pushed the fix-reparse-dag-403-error branch from 72f0bdd to f9a0aa4 Compare March 10, 2026 11:42
@pierrejeambrun
Copy link
Member

pierrejeambrun commented Mar 11, 2026

I just pushed the small adjustment, ready to merge :)

@pierrejeambrun pierrejeambrun merged commit f01c69a into apache:main Mar 11, 2026
79 checks passed
@boring-cyborg
Copy link

boring-cyborg bot commented Mar 11, 2026

Awesome work, congrats on your first merged pull request! You are invited to check our Issue Tracker for additional contributions.

github-actions bot pushed a commit that referenced this pull request Mar 11, 2026
@liamkernan @cursoragent @pierrejeambrun
[v3-1-test] fix(UI): show 403 error when unauthorized user reparses D…
a49f013 
…AG (#61560)

* fix(UI): show permission error when unauthorized user tries to reparse DAG

When a Viewer or Author without edit permission tries to reparse a DAG,
the API returns 403 but the UI shows a generic "Dag parsing request
failed" message. This checks the error status and shows an appropriate
"Access Denied" toast instead.

Closes #61459

Co-authored-by: Cursor <cursoragent@cursor.com>

* Generalize 403 permission toast handling in UI

Move the forbidden toast copy to common translations and route DAG reparse mutation errors through a shared error toaster helper so 403 responses consistently show a reusable access-denied message.

Made-with: Cursor

* Small adjustments

---------
(cherry picked from commit f01c69a)

Co-authored-by: Liam <liamkernan0@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: pierrejeambrun <pierrejbrun@gmail.com>
@github-actions
Copy link

github-actions bot commented Mar 11, 2026

Backport successfully created: v3-1-test

Note: As of Merging PRs targeted for Airflow 3.X
the committer who merges the PR is responsible for backporting the PRs that are bug fixes (generally speaking) to the maintenance branches.

In matter of doubt please ask in #release-management Slack channel.

Status Branch Result
v3-1-test PR Link

pierrejeambrun added a commit that referenced this pull request Mar 11, 2026
@github-actions @liamkernan
@cursoragent @pierrejeambrun
[v3-1-test] fix(UI): show 403 error when unauthorized user reparses D…
e1f2b15 
…AG (#61560) (#63339)

* fix(UI): show permission error when unauthorized user tries to reparse DAG

When a Viewer or Author without edit permission tries to reparse a DAG,
the API returns 403 but the UI shows a generic "Dag parsing request
failed" message. This checks the error status and shows an appropriate
"Access Denied" toast instead.

Closes #61459



* Generalize 403 permission toast handling in UI

Move the forbidden toast copy to common translations and route DAG reparse mutation errors through a shared error toaster helper so 403 responses consistently show a reusable access-denied message.

Made-with: Cursor

* Small adjustments

---------
(cherry picked from commit f01c69a)

Co-authored-by: Liam <liamkernan0@gmail.com>
Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: pierrejeambrun <pierrejbrun@gmail.com>
dominikhei pushed a commit to dominikhei/airflow that referenced this pull request Mar 11, 2026
@liamkernan @cursoragent
@pierrejeambrun @dominikhei
fix(UI): show 403 error when unauthorized user reparses DAG (apache#6…
1897e97 
…1560)

* fix(UI): show permission error when unauthorized user tries to reparse DAG

When a Viewer or Author without edit permission tries to reparse a DAG,
the API returns 403 but the UI shows a generic "Dag parsing request
failed" message. This checks the error status and shows an appropriate
"Access Denied" toast instead.

Closes apache#61459

Co-authored-by: Cursor <cursoragent@cursor.com>

* Generalize 403 permission toast handling in UI

Move the forbidden toast copy to common translations and route DAG reparse mutation errors through a shared error toaster helper so 403 responses consistently show a reusable access-denied message.

Made-with: Cursor

* Small adjustments

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: pierrejeambrun <pierrejbrun@gmail.com>
Pyasma pushed a commit to Pyasma/airflow that referenced this pull request Mar 13, 2026
@liamkernan @cursoragent
@pierrejeambrun @Pyasma
fix(UI): show 403 error when unauthorized user reparses DAG (apache#6…
18a18a4 
…1560)

* fix(UI): show permission error when unauthorized user tries to reparse DAG

When a Viewer or Author without edit permission tries to reparse a DAG,
the API returns 403 but the UI shows a generic "Dag parsing request
failed" message. This checks the error status and shows an appropriate
"Access Denied" toast instead.

Closes apache#61459

Co-authored-by: Cursor <cursoragent@cursor.com>

* Generalize 403 permission toast handling in UI

Move the forbidden toast copy to common translations and route DAG reparse mutation errors through a shared error toaster helper so 403 responses consistently show a reusable access-denied message.

Made-with: Cursor

* Small adjustments

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: pierrejeambrun <pierrejbrun@gmail.com>
Abhishekmishra2808 pushed a commit to Abhishekmishra2808/airflow that referenced this pull request Mar 15, 2026
@liamkernan @cursoragent
@pierrejeambrun @Abhishekmishra2808
fix(UI): show 403 error when unauthorized user reparses DAG (apache#6…
8ecbc97 
…1560)

* fix(UI): show permission error when unauthorized user tries to reparse DAG

When a Viewer or Author without edit permission tries to reparse a DAG,
the API returns 403 but the UI shows a generic "Dag parsing request
failed" message. This checks the error status and shows an appropriate
"Access Denied" toast instead.

Closes apache#61459

Co-authored-by: Cursor <cursoragent@cursor.com>

* Generalize 403 permission toast handling in UI

Move the forbidden toast copy to common translations and route DAG reparse mutation errors through a shared error toaster helper so 403 responses consistently show a reusable access-denied message.

Made-with: Cursor

* Small adjustments

---------

Co-authored-by: Cursor <cursoragent@cursor.com>
Co-authored-by: pierrejeambrun <pierrejbrun@gmail.com>
(cherry picked from commit f01c69a)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@pierrejeambrun pierrejeambrun pierrejeambrun approved these changes

@choo121600 choo121600 choo121600 approved these changes

@bbovenzi bbovenzi Awaiting requested review from bbovenzi bbovenzi is a code owner

@ryanahamilton ryanahamilton Awaiting requested review from ryanahamilton ryanahamilton is a code owner

@shubhamraj-git shubhamraj-git Awaiting requested review from shubhamraj-git shubhamraj-git is a code owner

@guan404ming guan404ming Awaiting requested review from guan404ming guan404ming is a code owner

@vatsrahul1001 vatsrahul1001 Awaiting requested review from vatsrahul1001 vatsrahul1001 is a code owner

Assignees

No one assigned

Labels

area:translations area:UI Related to UI/UX. For Frontend Developers. backport-to-v3-1-test Mark PR with this label to backport to v3-1-test branch translation:default

Projects

None yet

Milestone

Airflow 3.1.9

Development

Successfully merging this pull request may close these issues.

When a Viewer/Author tries to reparse a DAG, the UI shows generic failed to reparse error

7 participants

@liamkernan @bbovenzi @pierrejeambrun @eladkal @ephraimbuddy @choo121600 @vatsrahul1001