Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IAM: Open Policy Agent integration #3788

Merged
merged 308 commits into from
Dec 23, 2021
Merged
Changes from 1 commit
Commits
Show all changes
308 commits
Select commit Hold shift + click to select a range
acbbe2d
Merge branch 'nm/opa_integration' into bs/organizations
bsekachev Oct 7, 2021
2883dc6
Minor design fixes
bsekachev Oct 7, 2021
6a13af0
Added activate/deactivate
bsekachev Oct 7, 2021
0522383
Refactored permissions system and rego rules
Oct 7, 2021
98634a7
Merge branch 'nm/opa_integration' of github.com:openvinotoolkit/cvat …
bsekachev Oct 8, 2021
15b7eb4
Refactoring and fixes for Organization, Membership, Invitation (in
Oct 8, 2021
53783fe
Add role 'Owner' for the organization.
Oct 8, 2021
55e1bd5
Add tests for organizations.rego
Oct 8, 2021
485a2d2
Updated rego files, upgrade django, django-rest, drf, use JSONField for
Oct 9, 2021
efbcda5
Use "worker" instead of "W" for roles in DB to simplify usage in REST
Oct 9, 2021
943799d
Merge branch 'nm/opa_integration' into bs/organizations
bsekachev Oct 11, 2021
7fd9c43
Removed 'results' from server response
bsekachev Oct 11, 2021
229a069
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Oct 11, 2021
857fe3e
Don't add default groups for superuser
Oct 11, 2021
7dbc141
Don't assign default groups if a user is updated. Corectly handle users
Oct 11, 2021
730f555
Added a couple of modals
bsekachev Oct 11, 2021
ccfeecf
Merge branch 'nm/opa_integration' into bs/organizations
bsekachev Oct 11, 2021
8a7234c
Return Organization.owner with nickname and other fields in case of
Oct 11, 2021
a05fe98
Added organization removing, minor fixes
bsekachev Oct 11, 2021
c2299ec
Added Read/Write serializers for Invitation and Membership.
Oct 11, 2021
c0c1c79
Documentation for permissions in invitations, memberships and
Oct 11, 2021
54275c8
Invitation form and some fixes
bsekachev Oct 11, 2021
5a9aa5d
Removed temporary files.
Oct 11, 2021
b159b81
Updated changelog
Oct 11, 2021
125d98b
Rego refactoring, added basic documentation for IAM permissions
Oct 11, 2021
9daae23
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Oct 12, 2021
4e35c9c
Invitation by an email address
Oct 12, 2021
e5e8c6e
Add information about invitation into membership REST API call.
Oct 12, 2021
bcad955
By security reasons decided to return only primary key for invitation
Oct 12, 2021
e0c7f06
Merge branch 'nm/opa_integration' of github.com:openvinotoolkit/cvat …
bsekachev Oct 12, 2021
bf8bd06
Removed workarounds
bsekachev Oct 12, 2021
17159ba
Added tests for invitations.rego
Oct 13, 2021
341f7d5
Filtration for organization inside invitations.rego
Oct 13, 2021
d6f3561
Generated OPA tests for organizations
Oct 13, 2021
3f7a336
Moved csv with permissions to apps/iam
Oct 13, 2021
4ff9705
Merge branch 'develop' into bs/organizations
bsekachev Oct 14, 2021
f95f7c0
Merge branch 'nm/opa_integration' into bs/organizations
bsekachev Oct 14, 2021
7350017
Improved ownership rego rules
Oct 14, 2021
c284527
Invite/kick/change role/leave
bsekachev Oct 14, 2021
2bd8900
Merge branch 'nm/opa_integration' into bs/organizations
bsekachev Oct 14, 2021
2e46290
Fixed a couple of issues
bsekachev Oct 14, 2021
7ea6724
Added filterset class
bsekachev Oct 14, 2021
91a559e
Merge branch 'develop' into bs/organizations
bsekachev Oct 14, 2021
b1b05a4
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Oct 14, 2021
a3c5afc
Return "read" representation for Organiztion, Membership, Invitation
Oct 14, 2021
4706b7c
Fix type: don't call check_permission for detailed object
Oct 14, 2021
e292676
Reverted previous changes and fix memberships.rego file.
Oct 14, 2021
10141f3
Added tests for memberships
Oct 14, 2021
8fa7a4a
Fix a problem with organizations.rego
Oct 14, 2021
78509e8
Merge branch 'nm/opa_integration' into bs/organizations
bsekachev Oct 15, 2021
5a5f799
Added organization patch; added user first name, second name; added i…
bsekachev Oct 15, 2021
9ad6ae7
A user can leave an organization (delete own membership)
Oct 15, 2021
3044e76
Removed Invitation.accepted, list only active mermberships, fix a bug in
Oct 15, 2021
c01a9c2
Fix organizations rego tests
Oct 15, 2021
0d2fa75
Added tests for users.rego
Oct 15, 2021
7132efd
Added org,org_id as filter paraters for Swagger. Initial version of
Oct 16, 2021
d633e7d
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Oct 16, 2021
4d91cc5
Added rego rules and rego tests for cloudstorages
Oct 17, 2021
f2e8bfe
Added rego rules and tests for server
Oct 17, 2021
68842e6
Added rego rules and tests for projects
Oct 18, 2021
a8d1adb
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Oct 20, 2021
f5b7f73
Merge remote-tracking branch 'origin/bs/organizations' into nm/opa_in…
Oct 20, 2021
2b78cb7
Fix problems
Oct 20, 2021
9c56c90
Filter organization in IAM app by default, fixed
Oct 21, 2021
9fe8b56
Fixed selector for owner role, fixed organization title when not sele…
bsekachev Oct 21, 2021
8e81c12
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Oct 21, 2021
020ed96
Fixed redundant message
bsekachev Oct 21, 2021
30bbb90
Merge branch 'nm/opa_integration' of github.com:openvinotoolkit/cvat …
bsekachev Oct 21, 2021
e39f341
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Oct 21, 2021
43afc1d
Merge branch 'nm/opa_integration' of github.com:openvinotoolkit/cvat …
Oct 21, 2021
0d1c90a
Verified Organization implementation.
Oct 21, 2021
06f0072
Verified and tested Invitation
Oct 24, 2021
fcba9b7
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Oct 24, 2021
66dc077
Tested Membership
Oct 25, 2021
756e7d4
Check cloudstorages permission.
Oct 25, 2021
e097ff9
Add project permissions
Oct 26, 2021
4f4a5d9
Enable organization when getting cloud storage preview, data chunks
bsekachev Oct 26, 2021
f54a208
Getting specific task/project via dedicated rest api
bsekachev Oct 26, 2021
6415527
Merge branch 'nm/opa_integration' of github.com:openvinotoolkit/cvat …
bsekachev Oct 26, 2021
fd44d99
Fixed issue with project retrieving
bsekachev Oct 26, 2021
eac6ea9
Add IsMemberInOrganization permission as default.
Oct 26, 2021
5a9f668
Add User permissions.
Oct 27, 2021
77fb2ba
Implement server permissions (fixed cloudstorages)
Oct 27, 2021
02b0573
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Oct 28, 2021
627552f
Task permissions: csv, rego, test.gen.rego
Oct 28, 2021
6f96d8d
Task permissions (model, serializer, view, permissions, manual testing)
Oct 29, 2021
9e5abc8
Explicitly checked that assignee, owner, project are changed to apply
Oct 29, 2021
3336df0
Fix list permissions for Task
Oct 29, 2021
69ae09c
Fixed typos
Oct 29, 2021
456000b
Deactivate organization on logout, fixed error: constructor of null
bsekachev Nov 2, 2021
679e514
Merged develop
bsekachev Nov 2, 2021
f12f7a6
Fixed infinite loop when opening a task without access
bsekachev Nov 2, 2021
c7da1ce
Add Job permissions
Nov 2, 2021
923e15f
Merge branch 'nm/opa_integration' of github.com:openvinotoolkit/cvat …
Nov 2, 2021
0804269
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Nov 3, 2021
6117500
Add Lambda permissions
Nov 3, 2021
50a6ce2
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Nov 3, 2021
6fcc7ce
Workaround for 'reviewer' in UI
Nov 3, 2021
2559869
Dropped review object
bsekachev Nov 7, 2021
7964fac
Merge branch 'nm/opa_integration' of github.com:openvinotoolkit/cvat …
bsekachev Nov 7, 2021
2e52409
Added reload on submit review
bsekachev Nov 7, 2021
b702515
Merged conflicting migrations, added migration
bsekachev Nov 7, 2021
f707700
Using state, stage instead of status
bsekachev Nov 7, 2021
ba70bbe
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Nov 10, 2021
340017a
Fix migrations for engine app.
Nov 10, 2021
3ce6c65
Redesign Issue and Comment models, serializers, views
Nov 12, 2021
cf54fb4
Add rego rules for issues
Nov 13, 2021
dfaf0d3
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Nov 13, 2021
92e38f5
Initial version of permisssions for Issue
Nov 14, 2021
3beef39
Fix a couple of bugs with IssuePermission
Nov 14, 2021
52645f9
Add CommentPermission
Nov 14, 2021
f252cb4
Updated OPA till 0.34.2
Nov 15, 2021
87c40be
Redesigned header
bsekachev Nov 18, 2021
a695f03
Fix filter for jobs.rego
Nov 18, 2021
8a08b8e
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Nov 18, 2021
d27043a
Resolved conflicts with migrations
Nov 18, 2021
4a07a0c
Added contact on client
bsekachev Nov 19, 2021
e9de4aa
Merge branch 'nm/opa_integration' of github.com:openvinotoolkit/cvat …
bsekachev Nov 19, 2021
a126031
Reworked organization switcher
bsekachev Nov 23, 2021
06188cb
Added modal to switch if more than 5 organizations
bsekachev Nov 23, 2021
98b8471
tmp
bsekachev Nov 23, 2021
9f37c77
Adjust UI to new Issue/Comment API
bsekachev Nov 23, 2021
db08940
Incremental project patch
bsekachev Nov 23, 2021
1c16d44
reworked update trigger
bsekachev Nov 23, 2021
8b6ca3e
Added personal workspace to selector
bsekachev Nov 23, 2021
21afef9
Updated versions
bsekachev Nov 23, 2021
22f8666
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Nov 23, 2021
61cb501
Add opa tests into workflow
Nov 24, 2021
6bec225
Fix linter issues in ts files
Nov 24, 2021
caed535
Return 403 in case of a user doesn't have permission to access an
Nov 24, 2021
704160c
Fixed several tasks for REST API
Nov 24, 2021
15faf32
Fix several project tests
Nov 24, 2021
110b915
Fixed more REST API tests
Nov 25, 2021
1d552eb
Fixed more REST API tests
Nov 25, 2021
89c20f5
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Nov 25, 2021
10fbc33
Pass rate is 94 tests from 150+
Nov 25, 2021
85a5d87
Pass rate 102 tests from 150+
Nov 25, 2021
498214a
Pass rate is 129 from 150+
Nov 25, 2021
1d04afc
Pass rate is 146 tests for REST API from 150+
Nov 25, 2021
c4d90f1
Fix REST API tests
Nov 25, 2021
f02a0cb
Fixed job assignee
bsekachev Nov 29, 2021
cab3540
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Nov 29, 2021
06e4443
Renamed migrations
Nov 29, 2021
8ab56e1
Fix tests from dataset_manager
Nov 29, 2021
801b3cc
Fix lambda manager tests
Nov 29, 2021
123ca08
Fix most of all unit tests for UI
Nov 30, 2021
ef22316
Fix project UI unit tests
Nov 30, 2021
f4f039c
Fix UI unit tests
Nov 30, 2021
cddf357
Resolved one conflict issue
bsekachev Nov 30, 2021
1136906
Fix selector for user menu in tests
Nov 30, 2021
10c7b2e
Fixed some members pagination issues
bsekachev Nov 30, 2021
e79b4d2
Merge branch 'nm/opa_integration' of github.com:openvinotoolkit/cvat …
bsekachev Nov 30, 2021
3e1d2f4
Fixed initial values for contacts
bsekachev Nov 30, 2021
5cf75f1
Fixed styles a bit
bsekachev Nov 30, 2021
d098abe
Fix several UI E2E tests
Nov 30, 2021
58a1eed
Fix a problem with creating a task inside a project if both are in the
Nov 30, 2021
1da81a0
Fix project permissions
Dec 1, 2021
9e7634d
Added more fields to JobReadSerializer (project_id, labels, bug_tracker,
Dec 1, 2021
ae4db74
Fix get_labels for a task with a project
Dec 1, 2021
cff7bf2
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Dec 1, 2021
3dbdba7
Merged develop
bsekachev Dec 2, 2021
3ec13b1
Pulled origin
bsekachev Dec 2, 2021
813c440
Redesigned client to be able to work with job without task instance
bsekachev Dec 2, 2021
cc8f510
Multiple fixes
bsekachev Dec 2, 2021
61c73b4
Add JobViewSet:data action
Dec 2, 2021
040408c
Merge branch 'nm/opa_integration' of github.com:openvinotoolkit/cvat …
Dec 2, 2021
6892835
Getting image data via jobs
bsekachev Dec 3, 2021
a347dd1
Fixed jest tests
bsekachev Dec 3, 2021
962dfd3
Fixed serializer for the project (for tasks without a project).
Dec 3, 2021
6d9d4d0
Fix Job.state is changed even Job.stage isn't changed in a request.
Dec 3, 2021
48aad85
Reworked review pipeline, fixed one test
bsekachev Dec 6, 2021
64e52eb
Fixed test
bsekachev Dec 6, 2021
e8c394d
Fixed test actions_tasks2/case_31_label_constructor_color_name_label.js
bsekachev Dec 6, 2021
632c584
Fixed case_33_button_continue_label_editor.js
bsekachev Dec 6, 2021
7020c1f
Merge branch 'develop' into nm/opa_integration
bsekachev Dec 6, 2021
7378fa4
Fixed tests
bsekachev Dec 6, 2021
c938619
Fixed filters test
bsekachev Dec 6, 2021
c7f31cd
Fix case_46_create_task_with_files_from_remote... UI E2E tests
Dec 6, 2021
97454b4
Fixed several UI E2E tests
Dec 6, 2021
0f5ef4c
Fixed E2E UI tests from actions_users
Dec 7, 2021
0e5bb1c
Reworked annotation menu, added stage selector
bsekachev Dec 7, 2021
da0f7d7
Merge branch 'nm/opa_integration' of github.com:openvinotoolkit/cvat …
bsekachev Dec 7, 2021
f35a302
Fixed a couple of tests
bsekachev Dec 7, 2021
dcd9183
Fixed rotation test
bsekachev Dec 7, 2021
9d479db
Fixed search tasks feature
bsekachev Dec 7, 2021
4ec77e0
Fix actions_projects_models/registration_involved/base_actions_projec…
Dec 7, 2021
25a3979
Fixed reported issues
bsekachev Dec 9, 2021
9bcc230
Merge branch 'nm/opa_integration' of github.com:openvinotoolkit/cvat …
bsekachev Dec 9, 2021
0c7f711
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Dec 9, 2021
85591ea
Fix an exception when organization.owner is None.
Dec 9, 2021
28239b3
Fix task accessing if the owner is deleted.
Dec 9, 2021
12c3ec8
Fix import in case of organizations
Dec 9, 2021
f1c4fc5
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Dec 10, 2021
2e6f511
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Dec 10, 2021
e4643f2
Added handling of X-Organization HTTP header
Dec 13, 2021
0edcc6b
Fixed some comments, added X-Organization to tus call
bsekachev Dec 13, 2021
4d11ea9
Pass empty organization when not set
bsekachev Dec 13, 2021
13c42f9
Merge branch 'nm/opa_integration' of github.com:openvinotoolkit/cvat …
Dec 13, 2021
f01cad9
Fix CORS headers
Dec 13, 2021
0bb7781
Added permissions for tus actions
Dec 13, 2021
bd5ea5b
Fixed tests
bsekachev Dec 13, 2021
706493b
Fix migrations: added replaces property for renamed migrations
Dec 14, 2021
cc072a8
Fix file upload in case of TUS protocol with content type application…
Dec 14, 2021
af1983f
Reworked job state selector
bsekachev Dec 14, 2021
3096028
Merge branch 'nm/opa_integration' of github.com:openvinotoolkit/cvat …
bsekachev Dec 14, 2021
767ecf7
Rejected status show always
bsekachev Dec 14, 2021
b048585
Fixed test
bsekachev Dec 14, 2021
dce6a7d
Fixed test
bsekachev Dec 14, 2021
685b3f2
Fixed UI fail when invitation owner is null
bsekachev Dec 14, 2021
9b357c3
The initial version of the testing system for REST API.
Dec 15, 2021
4e12ebf
Merge branch 'nm/opa_integration' of github.com:openvinotoolkit/cvat …
Dec 15, 2021
ef97ee8
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Dec 15, 2021
b0998ff
Run REST API tests in github actions
Dec 15, 2021
3d25ec0
Fix github workflow for REST API tests
Dec 15, 2021
48dea77
Try to update the workflow
Dec 15, 2021
a14d09d
Fix comments from the code review.
Dec 15, 2021
ec7e436
Make output from psql and tar less verbose
Dec 15, 2021
2841672
Add one more test for REST API (users_api)
Dec 16, 2021
9a0063f
Improve REST API tests
Dec 16, 2021
aab4c8d
Updated client versions and changelog
bsekachev Dec 17, 2021
59a4686
Updated canvas version
bsekachev Dec 17, 2021
9558d3d
Merge branch 'develop' into nm/opa_integration
Dec 17, 2021
4394e22
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Dec 17, 2021
6c2a352
Cypress. Add test for check issue deleting feature. (#4031)
Dec 17, 2021
35e2743
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Dec 17, 2021
b553c41
Merge branch 'nm/opa_integration' of github.com:openvinotoolkit/cvat …
Dec 17, 2021
4436536
Fix server tests for import/export dataset for a project.
Dec 18, 2021
ca26ac1
Fixed linter errors from Bandit
Dec 19, 2021
ba4cd2b
Fixed warnings from PyLint
Dec 19, 2021
23b2122
Fix PyLint warnings
Dec 19, 2021
5890e3b
Fix pylint warnings
Dec 19, 2021
7937ae6
Fix ESLint error and warnings
Dec 19, 2021
c4a8a0a
Fix StyleLinter warnings
Dec 19, 2021
cf31242
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Dec 21, 2021
1b0a484
Merged develop
bsekachev Dec 21, 2021
5990a54
Minor fixes
bsekachev Dec 21, 2021
5e7d8a8
Removed unused import
bsekachev Dec 21, 2021
3c7b463
Aborted change
bsekachev Dec 21, 2021
266dbcc
Removed unused import
bsekachev Dec 21, 2021
fc84ad1
Fix tests
Dec 21, 2021
2e300a9
Merge branch 'nm/opa_integration' of github.com:openvinotoolkit/cvat …
Dec 21, 2021
412147e
Fix import/export backups (at least if outside of an org)
Dec 21, 2021
d58f24c
Fix import/export backups for projects
Dec 21, 2021
28a2be8
Added rules for import:annotations into jobs.rego
Dec 21, 2021
118e5d1
Added a test for organizations, fixed a case when org1 returned multiple
Dec 22, 2021
32032dc
Fixed a pylint warning
Dec 22, 2021
483c826
Fixed issue with fetching organizations list and not active account
bsekachev Dec 22, 2021
ec095de
Show loading icon while till organization initialized
bsekachev Dec 22, 2021
cde9b0b
Merge remote-tracking branch 'origin/develop' into nm/opa_integration
Dec 22, 2021
86ecac0
Merge branch 'nm/opa_integration' of github.com:openvinotoolkit/cvat …
Dec 22, 2021
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
Don't assign default groups if a user is updated. Corectly handle users
without groups.
  • Loading branch information
Nikita Manovich committed Oct 11, 2021

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
commit 7dbc141a24b7fa8f161287f4264da9b4158ce4f4
2 changes: 1 addition & 1 deletion cvat/apps/iam/permissions.py
Original file line number Diff line number Diff line change
@@ -27,7 +27,7 @@ def __init__(self, request, view, obj):
'auth': {
'user': {
'id': user.id,
'privilege': privilege.name,
'privilege': getattr(privilege, 'name', None),
},
'organization': {
'id': organization.id,
7 changes: 4 additions & 3 deletions cvat/apps/iam/signals.py
Original file line number Diff line number Diff line change
@@ -24,9 +24,10 @@ def create_user(sender, instance, created, **kwargs):
EmailAddress.objects.get_or_create(user=instance,
email=instance.email, primary=True, verified=True)
else: # don't need to add default groups for superuser
for role in settings.IAM_DEFAULT_ROLES:
db_group = Group.objects.get(name=role)
instance.groups.add(db_group)
if created:
for role in settings.IAM_DEFAULT_ROLES:
db_group = Group.objects.get(name=role)
instance.groups.add(db_group)

# Add default groups and add admin rights to super users.
post_save.connect(create_user, sender=User)