fix analytics permissions (#1608)

CHANGELOG.md

@@ -57,6 +57,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - A problem with mask to polygons conversion when polygons are too small (<https://github.com/opencv/cvat/pull/1581>)
 - Unable to upload video with uneven size (<https://github.com/opencv/cvat/pull/1594>)
 - Fixed an issue with `z_order` having no effect on segmentations (<https://github.com/opencv/cvat/pull/1589>)
+- Permission group whitelist check for analytics view (<https://github.com/opencv/cvat/pull/1608>)
 
 ### Security
 -

cvat/apps/log_viewer/admin.py

@@ -1,3 +0,0 @@
-from django.contrib import admin
-
-# Register your models here.

cvat/apps/log_viewer/models.py

@@ -1,3 +0,0 @@
-from django.db import models
-
-# Create your models here.

cvat/apps/log_viewer/tests.py

@@ -1,3 +0,0 @@
-from django.test import TestCase
-
-# Create your tests here.

cvat/apps/log_viewer/urls.py

@@ -1,5 +1,5 @@
 
-# Copyright (C) 2018 Intel Corporation
+# Copyright (C) 2018-2020 Intel Corporation
 #
 # SPDX-License-Identifier: MIT
 
@@ -9,4 +9,3 @@ from . import views
 urlpatterns = [
     path('<path:path>', views.LogViewerProxy.as_view())
 ]
-

cvat/apps/log_viewer/views.py

@@ -1,3 +1,7 @@
+# Copyright (C) 2018-2020 Intel Corporation
+#
+# SPDX-License-Identifier: MIT
+
 import os
 
 from revproxy.views import ProxyView
@@ -20,3 +24,8 @@ class LogViewerProxy(PermissionRequiredMixin, ProxyView):
         headers['X-Forwarded-User'] = headers['REMOTE_USER']
 
         return headers
+
+    # Returns True if the user has any of the specified permissions
+    def has_permission(self):
+        perms = self.get_permission_required()
+        return any(self.request.user.has_perm(perm) for perm in perms)