fixed: Permission error occured when accessing the JobCommits #4434

cvat-ai · Mar 9, 2022 · bdeb8ab · bdeb8ab
1 parent b0e6074
commit bdeb8ab
Show file tree

Hide file tree

Showing 6 changed files with 6,947 additions and 5,614 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -19,7 +19,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - TDB
 
 ### Fixed
-- TDB
+- Permission error occured when accessing the JobCommits (<https://github.com/openvinotoolkit/cvat/issues/4434>)
 
 ### Security
 - TDB

diff --git a/cvat/apps/iam/permissions.py b/cvat/apps/iam/permissions.py
@@ -790,6 +790,7 @@ def get_scopes(request, view, obj):
             ('annotations', 'PUT'): 'update:annotations',
             ('data', 'GET'): 'view:data',
             ('issues', 'GET'): 'view',
+            ('commits', 'GET'): 'view:commits'
         }.get((view.action, request.method))
 
         scopes = []

diff --git a/cvat/apps/iam/rules/jobs.csv b/cvat/apps/iam/rules/jobs.csv
@@ -33,6 +33,10 @@ view:data,Job,Sandbox,None,,GET,/jobs/{id}/data,Admin,N/A
 view:data,Job,Sandbox,"Project:owner, Project:assignee, Task:owner, Task:assignee, Assignee",,GET,/jobs/{id}/data,None,N/A
 view:data,Job,Organization,None,,GET,/jobs/{id}/data,User,Maintainer
 view:data,Job,Organization,"Project:owner, Project:assignee, Task:owner, Task:assignee, Assignee",,GET,/jobs/{id}/data,None,Worker
+view:commits,Job,Sandbox,None,,GET,/jobs/{id}/commits,Admin,N/A
+view:commits,Job,Sandbox,"Project:owner, Project:assignee, Task:owner, Task:assignee, Assignee",,GET,/jobs/{id}/commits,None,N/A
+view:commits,Job,Organization,None,,GET,/jobs/{id}/commits,User,Maintainer
+view:commits,Job,Organization,"Project:owner, Project:assignee, Task:owner, Task:assignee, Assignee",,GET,/jobs/{id}/commits,None,Worker
 import:annotations,Job,Sandbox,None,,PUT,/jobs/{id}/annotations?format=,Admin,N/A
 import:annotations,Job,Sandbox,"Project:owner, Project:assignee, Task:owner, Task:assignee, Assignee",,PUT,/jobs/{id}/annotations?format=,Worker,N/A
 import:annotations,Job,Organization,None,,PUT,/jobs/{id}/annotations?format=,User,Maintainer

diff --git a/cvat/apps/iam/rules/jobs.rego b/cvat/apps/iam/rules/jobs.rego
@@ -139,20 +139,20 @@ filter = [] { # Django Q object to filter list of entries
 }
 
 allow {
-    { utils.VIEW, utils.VIEW_ANNOTATIONS, utils.VIEW_DATA }[input.scope]
+    { utils.VIEW, utils.VIEW_ANNOTATIONS, utils.VIEW_DATA, utils.VIEW_COMMITS }[input.scope]
     utils.is_sandbox
     is_job_staff
 }
 
 allow {
-    { utils.VIEW, utils.VIEW_ANNOTATIONS, utils.VIEW_DATA }[input.scope]
+    { utils.VIEW, utils.VIEW_ANNOTATIONS, utils.VIEW_DATA, utils.VIEW_COMMITS }[input.scope]
     input.auth.organization.id == input.resource.organization.id
     utils.has_perm(utils.USER)
     organizations.has_perm(organizations.MAINTAINER)
 }
 
 allow {
-    { utils.VIEW, utils.VIEW_ANNOTATIONS, utils.VIEW_DATA }[input.scope]
+    { utils.VIEW, utils.VIEW_ANNOTATIONS, utils.VIEW_DATA, utils.VIEW_COMMITS }[input.scope]
     input.auth.organization.id == input.resource.organization.id
     organizations.has_perm(organizations.WORKER)
     is_job_staff