From 6fd810e8a9bc824c40aa16bfd6770bc0837806b1 Mon Sep 17 00:00:00 2001
From: Andrey Zhavoronkov <41117609+azhavoro@users.noreply.github.com>
Date: Tue, 26 May 2020 21:14:59 +0300
Subject: [PATCH] added settings to reduce access to analytics component
 (#1592)

* added settings to reduce access to analytics component

* updated CHANGELOG

* fixed typo
---
 CHANGELOG.md                  |  1 +
 cvat/apps/log_viewer/views.py | 10 ++++++++--
 cvat/settings/base.py         | 18 +++++++++++++-----
 3 files changed, 22 insertions(+), 7 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7252638e..3945039c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Ability to configure user agreements for the user registration form (https://github.com/opencv/cvat/pull/1464)
 - Added cuboid interpolation and cuboid drawing from rectangles (<https://github.com/opencv/cvat/pull/1560>)
 - Ability to configure custom pageViewHit, which can be useful for web analytics integration (https://github.com/opencv/cvat/pull/1566)
+- Ability to configure access to the analytics page based on roles (https://github.com/opencv/cvat/pull/1592)
 
 ### Changed
 - Downloaded file name in annotations export became more informative (https://github.com/opencv/cvat/pull/1352)
diff --git a/cvat/apps/log_viewer/views.py b/cvat/apps/log_viewer/views.py
index 63d27fb4..9d1d2a0c 100644
--- a/cvat/apps/log_viewer/views.py
+++ b/cvat/apps/log_viewer/views.py
@@ -1,10 +1,16 @@
 import os
+
 from revproxy.views import ProxyView
-from cvat.apps.authentication.decorators import login_required
 from django.utils.decorators import method_decorator
+from django.conf import settings
+from rules.contrib.views import PermissionRequiredMixin
+
+from cvat.apps.authentication.decorators import login_required
 
 @method_decorator(login_required, name='dispatch')
-class LogViewerProxy(ProxyView):
+class LogViewerProxy(PermissionRequiredMixin, ProxyView):
+    permission_required = settings.RESTRICTIONS['analytics_access']
+
     upstream = 'http://{}:{}'.format(os.getenv('DJANGO_LOG_VIEWER_HOST'),
         os.getenv('DJANGO_LOG_VIEWER_PORT'))
     add_remote_user = True
diff --git a/cvat/settings/base.py b/cvat/settings/base.py
index 53f854bf..29c6fe85 100644
--- a/cvat/settings/base.py
+++ b/cvat/settings/base.py
@@ -409,11 +409,19 @@ DATUMARO_PATH = os.path.join(BASE_DIR, 'datumaro')
 sys.path.append(DATUMARO_PATH)
 
 RESTRICTIONS = {
-    "user_agreements": [],
+    'user_agreements': [],
 
     # this setting limits the number of tasks for the user
-    "task_limit": None,
-
-    # this settings reduse task visibility to owner and assignee only
-    "reduce_task_visibility": False,
+    'task_limit': None,
+
+    # this setting reduse task visibility to owner and assignee only
+    'reduce_task_visibility': False,
+
+    # allow access to analytics component to users with the following roles
+    'analytics_access': (
+        'engine.role.observer',
+        'engine.role.annotator',
+        'engine.role.user',
+        'engine.role.admin',
+        ),
 }