wangchunlin
/
cvat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Updated rego rules, job assignee can resolve an issue (#5167)

Browse Source
main
Boris Sekachev 3 years ago committed by GitHub
parent 80c72340f8
commit 43e22c2cce
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 5750 additions and 5741 deletions
Show Stats Download Patch File Download Diff File

1
CHANGELOG.md
Unescape Escape View File

@ -61,6 +61,7 @@ non-ascii paths while adding files from "Connected file share" (issue #4428)
- Skeleton points exported out of order in the COCO Keypoints format
(<https://github.com/opencv/cvat/issues/5048>)
- Changing an object causes current z layer to be set to the maximum (<https://github.com/opencv/cvat/pull/5145>)
- Job assignee can not resolve an issue (<https://github.com/opencv/cvat/pull/5167>)
- Create manifest with cvat/server docker container command (<https://github.com/opencv/cvat/pull/5172>)
### Security

4
cvat/apps/iam/rules/issues.csv
Unescape Escape View File

@ -10,9 +10,9 @@ view,Issue,Sandbox,"Project:owner, Project:assignee, Task:owner, Task:assignee,
view,Issue,Organization,N/A,,GET,/issues/{id},User,Maintainer
view,Issue,Organization,"Project:owner, Project:assignee, Task:owner, Task:assignee, Job:assignee, Owner, Assignee",,GET,/issues/{id},None,Worker
update,Issue,Sandbox,N/A,,PATCH,/issues/{id},Admin,N/A
update,Issue,Sandbox,"Project:owner, Project:assignee, Task:owner, Task:assignee, Owner",,PATCH,/issues/{id},Worker,N/A
update,Issue,Sandbox,"Project:owner, Project:assignee, Task:owner, Task:assignee, Job:assignee, Owner, Assignee",,PATCH,/issues/{id},Worker,N/A
update,Issue,Organization,N/A,,PATCH,/issues/{id},User,Maintainer
update,Issue,Organization,"Project:owner, Project:assignee, Task:owner, Task:assignee, Owner",,PATCH,/issues/{id},Worker,Worker
update,Issue,Organization,"Project:owner, Project:assignee, Task:owner, Task:assignee, Job:assignee, Owner, Assignee",,PATCH,/issues/{id},Worker,Worker
delete,Issue,Sandbox,N/A,,DELETE,/issues/{id},Admin,N/A
delete,Issue,Sandbox,"Project:owner, Project:assignee, Task:owner, Task:assignee, Owner",,DELETE,/issues/{id},Worker,N/A
delete,Issue,Organization,N/A,,DELETE,/issues/{id},User,Maintainer

1 Scope Resource Context Ownership Limit Method URL Privilege Membership
10 view Issue Organization N/A GET /issues/{id} User Maintainer
11 view Issue Organization Project:owner, Project:assignee, Task:owner, Task:assignee, Job:assignee, Owner, Assignee GET /issues/{id} None Worker
12 update Issue Sandbox N/A PATCH /issues/{id} Admin N/A
13 update Issue Sandbox Project:owner, Project:assignee, Task:owner, Task:assignee, Owner Project:owner, Project:assignee, Task:owner, Task:assignee, Job:assignee, Owner, Assignee PATCH /issues/{id} Worker N/A
14 update Issue Organization N/A PATCH /issues/{id} User Maintainer
15 update Issue Organization Project:owner, Project:assignee, Task:owner, Task:assignee, Owner Project:owner, Project:assignee, Task:owner, Task:assignee, Job:assignee, Owner, Assignee PATCH /issues/{id} Worker Worker
16 delete Issue Sandbox N/A DELETE /issues/{id} Admin N/A
17 delete Issue Sandbox Project:owner, Project:assignee, Task:owner, Task:assignee, Owner DELETE /issues/{id} Worker N/A
18 delete Issue Organization N/A DELETE /issues/{id} User Maintainer

27
cvat/apps/iam/rules/issues.rego
Unescape Escape View File

@ -222,23 +222,38 @@ allow {
}
allow {
{ utils.UPDATE, utils.DELETE }[input.scope]
input.scope == utils.UPDATE
utils.is_sandbox
utils.has_perm(utils.WORKER)
is_issue_admin
is_issue_staff
}
allow {
{ utils.UPDATE, utils.DELETE }[input.scope]
input.scope == utils.UPDATE
input.auth.organization.id == input.resource.organization.id
utils.has_perm(utils.USER)
organizations.has_perm(organizations.MAINTAINER)
utils.has_perm(utils.WORKER)
organizations.is_member
is_issue_staff
}
allow {
{ utils.UPDATE, utils.DELETE }[input.scope]
input.scope == utils.DELETE
utils.is_sandbox
utils.has_perm(utils.WORKER)
is_issue_admin
}
allow {
input.scope == utils.DELETE
input.auth.organization.id == input.resource.organization.id
utils.has_perm(utils.WORKER)
organizations.is_member
is_issue_admin
}
allow {
{ utils.UPDATE, utils.DELETE }[input.scope]
input.auth.organization.id == input.resource.organization.id
utils.has_perm(utils.USER)
organizations.has_perm(organizations.MAINTAINER)
}

11455
cvat/apps/iam/rules/issues_test.gen.rego
View File

File diff suppressed because it is too large Load Diff

4
tests/python/rest_api/test_issues.py
Unescape Escape View File

@ -169,7 +169,7 @@ class TestPatchIssues:
("user", True, None, True),
("user", False, None, False),
("worker", False, True, True),
("worker", True, False, False),
("worker", True, False, True),
("worker", False, False, False),
],
)
@ -203,7 +203,7 @@ class TestPatchIssues:
("owner", True, None, True),
("owner", False, None, True),
("worker", False, True, True),
("worker", True, False, False),
("worker", True, False, True),
("worker", False, False, False),
],
)

Write Preview
Loading…
Cancel
Save