removing business group (#8607)

It is not used for anything

changelog.d/20241029_120317_dmitrii.lavrukhin_remove_business.md

@@ -0,0 +1,4 @@
+### Removed
+
+- Removed unused business group
+  (<https://github.com/cvat-ai/cvat/pull/8607>)

cvat-core/src/server-response-types.ts

@@ -47,7 +47,7 @@ export interface SerializedUser {
     first_name: string;
     last_name: string;
     email?: string;
-    groups?: ('user' | 'business' | 'admin')[];
+    groups?: ('user' | 'admin')[];
     is_staff?: boolean;
     is_superuser?: boolean;
     is_active?: boolean;

cvat-core/src/user.ts

@@ -11,7 +11,7 @@ export default class User {
     public readonly email: string;
     public readonly firstName: string;
     public readonly lastName: string;
-    public readonly groups: ('user' | 'business' | 'admin')[];
+    public readonly groups: ('user' | 'admin')[];
     public readonly lastLogin: string;
     public readonly dateJoined: string;
     public readonly isStaff: boolean;

cvat/apps/analytics_report/rules/analytics_reports.rego

@@ -10,7 +10,7 @@ import data.organizations
 #     "auth": {
 #         "user": {
 #             "id": <num>,
-#             "privilege": <"admin"|"business"|"user"|"worker"> or null
+#             "privilege": <"admin"|"user"|"worker"> or null
 #         },
 #         "organization": {
 #             "id": <num>,

cvat/apps/dataset_manager/tests/test_rest_api_formats.py

@@ -141,7 +141,7 @@ def setUpTestData(cls):
     @classmethod
     def create_db_users(cls):
         (group_admin, _) = Group.objects.get_or_create(name="admin")
-        (group_user, _) = Group.objects.get_or_create(name="business")
+        (group_user, _) = Group.objects.get_or_create(name="user")
 
         user_admin = User.objects.create_superuser(username="admin", email="",
             password="admin")

cvat/apps/engine/rules/annotationguides.rego

@@ -10,7 +10,7 @@ import data.organizations
 #     "auth": {
 #         "user": {
 #             "id": <num>,
-#             "privilege": <"admin"|"business"|"user"|"worker"> or null
+#             "privilege": <"admin"|"user"|"worker"> or null
 #         },
 #         "organization": {
 #             "id": <num>,

cvat/apps/engine/rules/cloudstorages.rego

@@ -10,7 +10,7 @@ import data.organizations
 #     "auth": {
 #         "user": {
 #             "id": <num>,
-#             "privilege": <"admin"|"business"|"user"|"worker"> or null
+#             "privilege": <"admin"|"user"|"worker"> or null
 #         },
 #         "organization": {
 #             "id": <num>,

cvat/apps/engine/rules/comments.rego

@@ -10,7 +10,7 @@ import data.organizations
 #     "auth": {
 #         "user": {
 #             "id": <num>,
-#             "privilege": <"admin"|"business"|"user"|"worker"> or null
+#             "privilege": <"admin"|"user"|"worker"> or null
 #         },
 #         "organization": {
 #             "id": <num>,

cvat/apps/engine/rules/issues.rego

@@ -10,7 +10,7 @@ import data.organizations
 #     "auth": {
 #         "user": {
 #             "id": <num>,
-#             "privilege": <"admin"|"business"|"user"|"worker"> or null
+#             "privilege": <"admin"|"user"|"worker"> or null
 #         },
 #         "organization": {
 #             "id": <num>,

cvat/apps/engine/rules/jobs.rego

@@ -12,7 +12,7 @@ import data.organizations
 #     "auth": {
 #         "user": {
 #             "id": <num>,
-#             "privilege": <"admin"|"business"|"user"|"worker"> or null
+#             "privilege": <"admin"|"user"|"worker"> or null
 #         },
 #         "organization": {
 #             "id": <num>,

cvat/apps/engine/rules/labels.rego

@@ -10,7 +10,7 @@ import data.organizations
 #     "auth": {
 #         "user": {
 #             "id": <num>,
-#             "privilege": <"admin"|"business"|"user"|"worker"> or null
+#             "privilege": <"admin"|"user"|"worker"> or null
 #         },
 #         "organization": {
 #             "id": <num>,

cvat/apps/engine/rules/projects.rego

@@ -12,7 +12,7 @@ import data.organizations
 #     "auth": {
 #         "user": {
 #             "id": <num>,
-#             "privilege": <"admin"|"business"|"user"|"worker"> or null
+#             "privilege": <"admin"|"user"|"worker"> or null
 #         },
 #         "organization": {
 #             "id": <num>,
@@ -59,19 +59,6 @@ allow if {
     organizations.has_perm(organizations.SUPERVISOR)
 }
 
-allow if {
-    input.scope in {utils.CREATE, utils.IMPORT_BACKUP}
-    utils.is_sandbox
-    utils.has_perm(utils.BUSINESS)
-}
-
-allow if {
-    input.scope in {utils.CREATE, utils.IMPORT_BACKUP}
-    input.auth.organization.id == input.resource.organization.id
-    utils.has_perm(utils.BUSINESS)
-    organizations.has_perm(organizations.SUPERVISOR)
-}
-
 allow if {
     input.scope == utils.LIST
     utils.is_sandbox

cvat/apps/engine/rules/server.rego

@@ -9,7 +9,7 @@ import data.utils
 #     "auth": {
 #         "user": {
 #             "id": <num>,
-#             "privilege": <"admin"|"business"|"user"|"worker"> or null
+#             "privilege": <"admin"|"user"|"worker"> or null
 #         },
 #         "organization": {
 #             "id": <num>,

cvat/apps/engine/rules/tasks.rego

@@ -13,7 +13,7 @@ import data.organizations
 #     "auth": {
 #         "user": {
 #             "id": <num>,
-#             "privilege": <"admin"|"business"|"user"|"worker"> or null
+#             "privilege": <"admin"|"user"|"worker"> or null
 #         },
 #         "organization": {
 #             "id": <num>,
@@ -93,19 +93,6 @@ allow if {
     organizations.has_perm(organizations.SUPERVISOR)
 }
 
-allow if {
-    input.scope in {utils.CREATE, utils.IMPORT_BACKUP}
-    utils.is_sandbox
-    utils.has_perm(utils.BUSINESS)
-}
-
-allow if {
-    input.scope in {utils.CREATE, utils.IMPORT_BACKUP}
-    input.auth.organization.id == input.resource.organization.id
-    utils.has_perm(utils.BUSINESS)
-    organizations.has_perm(organizations.SUPERVISOR)
-}
-
 allow if {
     input.scope == utils.CREATE_IN_PROJECT
     utils.is_sandbox
@@ -128,20 +115,6 @@ allow if {
     is_project_staff
 }
 
-allow if {
-    input.scope == utils.CREATE_IN_PROJECT
-    utils.is_sandbox
-    utils.has_perm(utils.BUSINESS)
-    is_project_staff
-}
-
-allow if {
-    input.scope == utils.CREATE_IN_PROJECT
-    input.auth.organization.id == input.resource.organization.id
-    utils.has_perm(utils.BUSINESS)
-    organizations.has_perm(organizations.SUPERVISOR)
-}
-
 allow if {
     input.scope == utils.LIST
     utils.is_sandbox

cvat/apps/engine/rules/tests/generators/annotationguides_test.gen.rego.py

@@ -46,7 +46,7 @@ def read_rules(name):
     "job:assignee",
     "none",
 ]
-GROUPS = ["admin", "business", "user", "worker"]
+GROUPS = ["admin", "user", "worker"]
 ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None]
 SAME_ORG = [True, False]
 

cvat/apps/engine/rules/tests/generators/cloudstorages_test.gen.rego.py

@@ -41,7 +41,7 @@ def read_rules(name):
 SCOPES = {rule["scope"] for rule in simple_rules}
 CONTEXTS = ["sandbox", "organization"]
 OWNERSHIPS = ["owner", "none"]
-GROUPS = ["admin", "business", "user", "worker", "none"]
+GROUPS = ["admin", "user", "worker", "none"]
 ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None]
 SAME_ORG = [False, True]
 

cvat/apps/engine/rules/tests/generators/comments_test.gen.rego.py

@@ -51,7 +51,7 @@ def read_rules(name):
     "owner",
     "none",
 ]
-GROUPS = ["admin", "business", "user", "worker", "none"]
+GROUPS = ["admin", "user", "worker", "none"]
 ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None]
 SAME_ORG = [True, False]
 HAS_PROJ = [True, False]

cvat/apps/engine/rules/tests/generators/issues_test.gen.rego.py

@@ -50,7 +50,7 @@ def read_rules(name):
     "assignee",
     "none",
 ]
-GROUPS = ["admin", "business", "user", "worker", "none"]
+GROUPS = ["admin", "user", "worker", "none"]
 ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None]
 SAME_ORG = [True, False]
 HAS_PROJ = [True, False]

cvat/apps/engine/rules/tests/generators/jobs_test.gen.rego.py

@@ -50,7 +50,7 @@ def read_rules(name):
     "assignee",
     "none",
 ]
-GROUPS = ["admin", "business", "user", "worker", "none"]
+GROUPS = ["admin", "user", "worker", "none"]
 ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None]
 SAME_ORG = [True, False]
 

cvat/apps/engine/rules/tests/generators/projects_test.gen.rego.py

@@ -41,7 +41,7 @@ def read_rules(name):
 SCOPES = {rule["scope"] for rule in simple_rules}
 CONTEXTS = ["sandbox", "organization"]
 OWNERSHIPS = ["owner", "assignee", "none"]
-GROUPS = ["admin", "business", "user", "worker", "none"]
+GROUPS = ["admin", "user", "worker", "none"]
 ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None]
 SAME_ORG = [False, True]
 

cvat/apps/engine/rules/tests/generators/server_test.gen.rego.py

@@ -41,7 +41,7 @@ def read_rules(name):
 SCOPES = {rule["scope"] for rule in simple_rules}
 CONTEXTS = ["sandbox", "organization"]
 OWNERSHIPS = ["none"]
-GROUPS = ["admin", "business", "user", "worker", "none"]
+GROUPS = ["admin", "user", "worker", "none"]
 ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None]
 
 

cvat/apps/engine/rules/tests/generators/tasks_test.gen.rego.py

@@ -43,7 +43,7 @@ def read_rules(name):
 SCOPES = list({rule["scope"] for rule in simple_rules})
 CONTEXTS = ["sandbox", "organization"]
 OWNERSHIPS = ["project:owner", "project:assignee", "owner", "assignee", "none"]
-GROUPS = ["admin", "business", "user", "worker", "none"]
+GROUPS = ["admin", "user", "worker", "none"]
 ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None]
 SAME_ORG = [True, False]
 

cvat/apps/engine/rules/tests/generators/users_test.gen.rego.py

@@ -41,7 +41,7 @@ def read_rules(name):
 SCOPES = {rule["scope"] for rule in simple_rules}
 CONTEXTS = ["sandbox", "organization"]
 OWNERSHIPS = ["self", "none"]
-GROUPS = ["admin", "business", "user", "worker", "none"]
+GROUPS = ["admin", "user", "worker", "none"]
 ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None]
 
 

cvat/apps/engine/rules/users.rego

@@ -10,7 +10,7 @@ import data.organizations
 #     "auth": {
 #         "user": {
 #             "id": <num>,
-#             "privilege": <"admin"|"business"|"user"|"worker"> or null
+#             "privilege": <"admin"|"user"|"worker"> or null
 #         },
 #         "organization": {
 #             "id": <num>,

cvat/apps/engine/tests/test_rest_api.py

@@ -54,7 +54,6 @@
 
 def create_db_users(cls):
     (group_admin, _) = Group.objects.get_or_create(name="admin")
-    (group_business, _) = Group.objects.get_or_create(name="business")
     (group_user, _) = Group.objects.get_or_create(name="user")
     (group_annotator, _) = Group.objects.get_or_create(name="worker")
     (group_somebody, _) = Group.objects.get_or_create(name="somebody")
@@ -63,7 +62,7 @@ def create_db_users(cls):
         password="admin")
     user_admin.groups.add(group_admin)
     user_owner = User.objects.create_user(username="user1", password="user1")
-    user_owner.groups.add(group_business)
+    user_owner.groups.add(group_user)
     user_assignee = User.objects.create_user(username="user2", password="user2")
     user_assignee.groups.add(group_annotator)
     user_annotator = User.objects.create_user(username="user3", password="user3")

cvat/apps/events/rules/events.rego

@@ -10,7 +10,7 @@ import data.organizations
 #     "auth": {
 #         "user": {
 #             "id": <num>,
-#             "privilege": <"admin"|"business"|"user"|"worker"> or null
+#             "privilege": <"admin"|"user"|"worker"> or null
 #         },
 #         "organization": {
 #             "id": <num>,

cvat/apps/events/rules/tests/generators/events_test.gen.rego.py

@@ -42,7 +42,7 @@ def read_rules(name):
 SCOPES = list({rule["scope"] for rule in simple_rules})
 CONTEXTS = ["sandbox", "organization"]
 OWNERSHIPS = ["none"]
-GROUPS = ["admin", "business", "user", "worker", "none"]
+GROUPS = ["admin", "user", "worker", "none"]
 ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None]
 SAME_ORG = [True, False]
 

cvat/apps/iam/migrations/0001_remove_business_group.py

@@ -0,0 +1,31 @@
+# Generated by Django 4.2.16 on 2024-10-30 12:03
+from django.conf import settings
+from django.db import migrations
+
+
+BUSINESS_GROUP_NAME = "business"
+USER_GROUP_NAME = "user"
+
+
+def delete_business_group(apps, schema_editor):
+    Group = apps.get_model('auth', 'Group')
+    User = apps.get_model(settings.AUTH_USER_MODEL)
+
+    if user_group := Group.objects.filter(name=USER_GROUP_NAME).first():
+        user_group.user_set.add(*User.objects.filter(groups__name=BUSINESS_GROUP_NAME))
+
+    Group.objects.filter(name=BUSINESS_GROUP_NAME).delete()
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+    ]
+
+    operations = [
+        migrations.RunPython(
+            delete_business_group,
+            reverse_code=migrations.RunPython.noop,
+        ),
+    ]

cvat/apps/iam/migrations/__init__.py

@@ -0,0 +1,3 @@
+# Copyright (C) 2024 CVAT.ai Corporation
+#
+# SPDX-License-Identifier: MIT

cvat/apps/iam/rules/utils.rego

@@ -4,7 +4,6 @@ import rego.v1
 
 # Groups
 ADMIN := "admin"
-BUSINESS := "business"
 USER := "user"
 WORKER := "worker"
 
@@ -65,7 +64,6 @@ UPDATE_VALIDATION_LAYOUT := "update:validation_layout"
 
 get_priority(privilege) := {
     ADMIN: 0,
-    BUSINESS: 50,
     USER: 75,
     WORKER: 100,
     null: 1000
@@ -79,10 +77,6 @@ is_admin if {
     input.auth.user.privilege == ADMIN
 }
 
-is_business if {
-    input.auth.user.privilege == BUSINESS
-}
-
 is_user if {
     input.auth.user.privilege == USER
 }

cvat/apps/lambda_manager/rules/lambda.rego

@@ -10,7 +10,7 @@ import data.organizations
 #     "auth": {
 #         "user": {
 #             "id": <num>,
-#             "privilege": <"admin"|"business"|"user"|"worker"> or null
+#             "privilege": <"admin"|"user"|"worker"> or null
 #         },
 #         "organization": {
 #             "id": <num>,

cvat/apps/lambda_manager/rules/tests/generators/lambda_test.gen.rego.py

@@ -41,7 +41,7 @@ def read_rules(name):
 SCOPES = list({rule["scope"] for rule in simple_rules})
 CONTEXTS = ["sandbox", "organization"]
 OWNERSHIPS = ["none"]
-GROUPS = ["admin", "business", "user", "worker", "none"]
+GROUPS = ["admin", "user", "worker", "none"]
 ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None]
 
 

cvat/apps/lambda_manager/tests/test_lambda.py

@@ -133,7 +133,7 @@ def _invoke_function(self, func, payload):
     @classmethod
     def _create_db_users(cls):
         (group_admin, _) = Group.objects.get_or_create(name="admin")
-        (group_user, _) = Group.objects.get_or_create(name="business")
+        (group_user, _) = Group.objects.get_or_create(name="user")
 
         user_admin = User.objects.create_superuser(username="admin", email="",
             password="admin")