Remove authorization check for events (#4699) (#4710)

* Events are cluster scoped resources. Users are only granted access to specific namespaces though. * So we can't do a subject access review check for events.
kubeflow · Jan 31, 2020 · c80316d · c80316d
1 parent 28fe3b2
commit c80316d
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/components/jupyter-web-app/backend/kubeflow_jupyter/common/api.py b/components/jupyter-web-app/backend/kubeflow_jupyter/common/api.py
@@ -98,7 +98,10 @@ def list_notebooks(namespace):
     )
 
 
-@auth.needs_authorization("list", "", "v1", "events")
+# We don't do a subject access review on notebook events because
+# notebook events are cluster scoped resources. Users however are only
+# granted access to particular namespacs. We rely on the notebook webserver
+# to filter out information a user shouldn't see.
 def list_notebook_events(namespace, nb_name):
     '''
     V1EventList with events whose source the Notebook with 'nb_name' from namespace 'namespace'