rego test

cvat-ai · Oct 4, 2024 · 31ef9e4 · 31ef9e4
1 parent 461c9ea
commit 31ef9e4
Show file tree

Hide file tree

Showing 2 changed files with 20 additions and 13 deletions.
diff --git a/cvat/apps/log_viewer/rules/tests/configs/analytics.csv b/cvat/apps/log_viewer/rules/tests/configs/analytics.csv
@@ -1,3 +1,4 @@
-Scope,Resource,Context,Ownership,Limit,Method,URL,Privilege,Membership
-view,Analytics,N/A,N/A,resource['visibility']=='public',GET,"/analytics",business,N/A
-view,Analytics,N/A,N/A,,GET,"/analytics",admin,N/A
+Scope,Resource,Context,Ownership,Limit,Method,URL,Privilege,Membership,HasAnalyticsAccess
+view,Analytics,N/A,N/A,resource['visibility']=='public',GET,"/analytics",business,N/A,N/A
+view,Analytics,N/A,N/A,,GET,"/analytics",admin,N/A,N/A
+view,Analytics,N/A,N/A,,GET,"/analytics",none,N/A,true
diff --git a/cvat/apps/log_viewer/rules/tests/generators/analytics_test.gen.rego.py b/cvat/apps/log_viewer/rules/tests/generators/analytics_test.gen.rego.py
@@ -43,6 +43,7 @@ def read_rules(name):
 OWNERSHIPS = ["none"]
 GROUPS = ["admin", "business", "user", "worker", "none"]
 ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None]
+HAS_ANALYTICS_ACCESS = [True, False]
 
 
 def RESOURCES(scope):
@@ -55,7 +56,7 @@ def RESOURCES(scope):
     return [None]
 
 
-def eval_rule(scope, context, ownership, privilege, membership, data):
+def eval_rule(scope, context, ownership, privilege, membership, data, has_analytics_access):
     if privilege == "admin":
         return True
 
@@ -70,17 +71,22 @@ def eval_rule(scope, context, ownership, privilege, membership, data):
         )
     )
     rules = list(filter(lambda r: GROUPS.index(privilege) <= GROUPS.index(r["privilege"]), rules))
+    rules = list(filter(lambda r: r["hasanalyticsaccess"] in ("na", str(has_analytics_access).lower()), rules))
     resource = data["resource"]
-    rules = list(filter(lambda r: eval(r["limit"], {"resource": resource}), rules))
+    rules = list(filter(lambda r: not r["limit"] or eval(r["limit"], {"resource": resource}), rules))
 
     return bool(rules)
 
 
-def get_data(scope, context, ownership, privilege, membership, resource):
+def get_data(scope, context, ownership, privilege, membership, resource, has_analytics_access):
     data = {
         "scope": scope,
         "auth": {
-            "user": {"id": random.randrange(0, 100), "privilege": privilege},
+            "user": {
+                "id": random.randrange(0, 100),
+                "privilege": privilege,
+                "has_analytics_access": has_analytics_access,
+            },
             "organization": {
                 "id": random.randrange(100, 200),
                 "owner": {"id": random.randrange(200, 300)},
@@ -123,7 +129,7 @@ def _get_name(prefix, **kwargs):
     return name
 
 
-def get_name(scope, context, ownership, privilege, membership, resource):
+def get_name(scope, context, ownership, privilege, membership, resource, has_analytics_access):
     return _get_name("test", **locals())
 
 
@@ -139,16 +145,16 @@ def is_valid(scope, context, ownership, privilege, membership, resource):
 def gen_test_rego(name):
     with open(f"{name}_test.gen.rego", "wt") as f:
         f.write(f"package {name}\nimport rego.v1\n\n")
-        for scope, context, ownership, privilege, membership in product(
-            SCOPES, CONTEXTS, OWNERSHIPS, GROUPS, ORG_ROLES
+        for scope, context, ownership, privilege, membership, has_analytics_access in product(
+            SCOPES, CONTEXTS, OWNERSHIPS, GROUPS, ORG_ROLES, HAS_ANALYTICS_ACCESS
         ):
             for resource in RESOURCES(scope):
                 if not is_valid(scope, context, ownership, privilege, membership, resource):
                     continue
 
-                data = get_data(scope, context, ownership, privilege, membership, resource)
-                test_name = get_name(scope, context, ownership, privilege, membership, resource)
-                result = eval_rule(scope, context, ownership, privilege, membership, data)
+                data = get_data(scope, context, ownership, privilege, membership, resource, has_analytics_access)
+                test_name = get_name(scope, context, ownership, privilege, membership, resource, has_analytics_access)
+                result = eval_rule(scope, context, ownership, privilege, membership, data, has_analytics_access)
                 f.write(
                     "{test_name} if {{\n    {allow} with input as {data}\n}}\n\n".format(
                         test_name=test_name,