added settings to reduce access to analytics component (#1592)

* added settings to reduce access to analytics component * updated CHANGELOG * fixed typo
6 years ago · 6fd810e8a9
parent 7c800f7f7d
commit 6fd810e8a9
3 changed files with 22 additions and 7 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Ability to configure user agreements for the user registration form (https://github.com/opencv/cvat/pull/1464)
 - Added cuboid interpolation and cuboid drawing from rectangles (<https://github.com/opencv/cvat/pull/1560>)
 - Ability to configure custom pageViewHit, which can be useful for web analytics integration (https://github.com/opencv/cvat/pull/1566)
+- Ability to configure access to the analytics page based on roles (https://github.com/opencv/cvat/pull/1592)

 ### Changed
 - Downloaded file name in annotations export became more informative (https://github.com/opencv/cvat/pull/1352)
--- a/cvat/apps/log_viewer/views.py
+++ b/cvat/apps/log_viewer/views.py
@ -1,10 +1,16 @@
 import os
+
 from revproxy.views import ProxyView
-from cvat.apps.authentication.decorators import login_required
 from django.utils.decorators import method_decorator
+from django.conf import settings
+from rules.contrib.views import PermissionRequiredMixin
+
+from cvat.apps.authentication.decorators import login_required

@method_decorator(login_required, name='dispatch')
-class LogViewerProxy(ProxyView):
+class LogViewerProxy(PermissionRequiredMixin, ProxyView):
+    permission_required = settings.RESTRICTIONS['analytics_access']
+
    upstream = 'http://{}:{}'.format(os.getenv('DJANGO_LOG_VIEWER_HOST'),
        os.getenv('DJANGO_LOG_VIEWER_PORT'))
    add_remote_user = True
--- a/cvat/settings/base.py
+++ b/cvat/settings/base.py
@ -409,11 +409,19 @@ DATUMARO_PATH = os.path.join(BASE_DIR, 'datumaro')
 sys.path.append(DATUMARO_PATH)

 RESTRICTIONS = {
-    "user_agreements": [],
+    'user_agreements': [],

    # this setting limits the number of tasks for the user
-    "task_limit": None,
-
-    # this settings reduse task visibility to owner and assignee only
-    "reduce_task_visibility": False,
+    'task_limit': None,
+
+    # this setting reduse task visibility to owner and assignee only
+    'reduce_task_visibility': False,
+
+    # allow access to analytics component to users with the following roles
+    'analytics_access': (
+        'engine.role.observer',
+        'engine.role.annotator',
+        'engine.role.user',
+        'engine.role.admin',
+        ),
 }