From ddecf4961b569edd5ac21dfcc67b1d801cafbfaf Mon Sep 17 00:00:00 2001 From: Dmitrii Lavrukhin Date: Tue, 29 Oct 2024 10:35:41 +0400 Subject: [PATCH 01/13] remove business --- .../rules/analytics_reports.rego | 2 +- .../tests/test_rest_api_formats.py | 2 +- cvat/apps/engine/rules/annotationguides.rego | 2 +- cvat/apps/engine/rules/cloudstorages.rego | 2 +- cvat/apps/engine/rules/comments.rego | 2 +- cvat/apps/engine/rules/issues.rego | 2 +- cvat/apps/engine/rules/jobs.rego | 2 +- cvat/apps/engine/rules/labels.rego | 2 +- cvat/apps/engine/rules/projects.rego | 15 +------- cvat/apps/engine/rules/server.rego | 2 +- cvat/apps/engine/rules/tasks.rego | 29 +--------------- .../annotationguides_test.gen.rego.py | 2 +- .../generators/cloudstorages_test.gen.rego.py | 2 +- .../generators/comments_test.gen.rego.py | 2 +- .../tests/generators/issues_test.gen.rego.py | 2 +- .../tests/generators/jobs_test.gen.rego.py | 2 +- .../generators/projects_test.gen.rego.py | 2 +- .../tests/generators/server_test.gen.rego.py | 2 +- .../tests/generators/tasks_test.gen.rego.py | 2 +- .../tests/generators/users_test.gen.rego.py | 2 +- cvat/apps/engine/rules/users.rego | 2 +- cvat/apps/engine/tests/test_rest_api.py | 3 +- cvat/apps/events/rules/events.rego | 2 +- .../tests/generators/events_test.gen.rego.py | 2 +- cvat/apps/iam/rules/utils.rego | 6 ---- cvat/apps/lambda_manager/rules/lambda.rego | 2 +- .../tests/generators/lambda_test.gen.rego.py | 2 +- cvat/apps/lambda_manager/tests/test_lambda.py | 2 +- cvat/apps/log_viewer/rules/analytics.rego | 8 +---- .../rules/tests/configs/analytics.csv | 1 - .../generators/analytics_test.gen.rego.py | 2 +- .../apps/organizations/rules/invitations.rego | 2 +- .../apps/organizations/rules/memberships.rego | 2 +- .../organizations/rules/organizations.rego | 7 +--- .../generators/invitations_test.gen.rego.py | 2 +- .../generators/memberships_test.gen.rego.py | 2 +- .../generators/organizations_test.gen.rego.py | 2 +- .../apps/quality_control/rules/conflicts.rego | 2 +- .../rules/quality_reports.rego | 2 +- .../rules/quality_settings.rego | 2 +- .../generators/webhooks_test.gen.rego.py | 2 +- cvat/apps/webhooks/rules/webhooks.rego | 2 +- cvat/settings/base.py | 2 +- tests/python/rest_api/test_analytics.py | 1 - tests/python/rest_api/test_cloud_storages.py | 3 -- tests/python/rest_api/test_issues.py | 6 ---- tests/python/rest_api/test_jobs.py | 34 ++++--------------- tests/python/rest_api/test_memberships.py | 2 +- tests/python/rest_api/test_organizations.py | 4 --- tests/python/rest_api/test_projects.py | 2 +- tests/python/rest_api/test_tasks.py | 4 --- tests/python/rest_api/test_webhooks.py | 24 ++++++------- 52 files changed, 61 insertions(+), 160 deletions(-) diff --git a/cvat/apps/analytics_report/rules/analytics_reports.rego b/cvat/apps/analytics_report/rules/analytics_reports.rego index 706d6e701db..87910192779 100644 --- a/cvat/apps/analytics_report/rules/analytics_reports.rego +++ b/cvat/apps/analytics_report/rules/analytics_reports.rego @@ -10,7 +10,7 @@ import data.organizations # "auth": { # "user": { # "id": , -# "privilege": <"admin"|"business"|"user"|"worker"> or null +# "privilege": <"admin"|"user"|"worker"> or null # }, # "organization": { # "id": , diff --git a/cvat/apps/dataset_manager/tests/test_rest_api_formats.py b/cvat/apps/dataset_manager/tests/test_rest_api_formats.py index 3350a4180ef..059a45f6df2 100644 --- a/cvat/apps/dataset_manager/tests/test_rest_api_formats.py +++ b/cvat/apps/dataset_manager/tests/test_rest_api_formats.py @@ -141,7 +141,7 @@ def setUpTestData(cls): @classmethod def create_db_users(cls): (group_admin, _) = Group.objects.get_or_create(name="admin") - (group_user, _) = Group.objects.get_or_create(name="business") + (group_user, _) = Group.objects.get_or_create(name="user") user_admin = User.objects.create_superuser(username="admin", email="", password="admin") diff --git a/cvat/apps/engine/rules/annotationguides.rego b/cvat/apps/engine/rules/annotationguides.rego index dd512af6d79..6429eecb23a 100644 --- a/cvat/apps/engine/rules/annotationguides.rego +++ b/cvat/apps/engine/rules/annotationguides.rego @@ -10,7 +10,7 @@ import data.organizations # "auth": { # "user": { # "id": , -# "privilege": <"admin"|"business"|"user"|"worker"> or null +# "privilege": <"admin"|"user"|"worker"> or null # }, # "organization": { # "id": , diff --git a/cvat/apps/engine/rules/cloudstorages.rego b/cvat/apps/engine/rules/cloudstorages.rego index 3e278a35a7d..04f8e0e4536 100644 --- a/cvat/apps/engine/rules/cloudstorages.rego +++ b/cvat/apps/engine/rules/cloudstorages.rego @@ -10,7 +10,7 @@ import data.organizations # "auth": { # "user": { # "id": , -# "privilege": <"admin"|"business"|"user"|"worker"> or null +# "privilege": <"admin"|"user"|"worker"> or null # }, # "organization": { # "id": , diff --git a/cvat/apps/engine/rules/comments.rego b/cvat/apps/engine/rules/comments.rego index 019a5ebcecc..9384d829b09 100644 --- a/cvat/apps/engine/rules/comments.rego +++ b/cvat/apps/engine/rules/comments.rego @@ -10,7 +10,7 @@ import data.organizations # "auth": { # "user": { # "id": , -# "privilege": <"admin"|"business"|"user"|"worker"> or null +# "privilege": <"admin"|"user"|"worker"> or null # }, # "organization": { # "id": , diff --git a/cvat/apps/engine/rules/issues.rego b/cvat/apps/engine/rules/issues.rego index 803dab16c01..d8a487cbcdb 100644 --- a/cvat/apps/engine/rules/issues.rego +++ b/cvat/apps/engine/rules/issues.rego @@ -10,7 +10,7 @@ import data.organizations # "auth": { # "user": { # "id": , -# "privilege": <"admin"|"business"|"user"|"worker"> or null +# "privilege": <"admin"|"user"|"worker"> or null # }, # "organization": { # "id": , diff --git a/cvat/apps/engine/rules/jobs.rego b/cvat/apps/engine/rules/jobs.rego index 8068f7d6fdf..7980a08d1bc 100644 --- a/cvat/apps/engine/rules/jobs.rego +++ b/cvat/apps/engine/rules/jobs.rego @@ -12,7 +12,7 @@ import data.organizations # "auth": { # "user": { # "id": , -# "privilege": <"admin"|"business"|"user"|"worker"> or null +# "privilege": <"admin"|"user"|"worker"> or null # }, # "organization": { # "id": , diff --git a/cvat/apps/engine/rules/labels.rego b/cvat/apps/engine/rules/labels.rego index a5029637768..1d4344da7fe 100644 --- a/cvat/apps/engine/rules/labels.rego +++ b/cvat/apps/engine/rules/labels.rego @@ -10,7 +10,7 @@ import data.organizations # "auth": { # "user": { # "id": , -# "privilege": <"admin"|"business"|"user"|"worker"> or null +# "privilege": <"admin"|"user"|"worker"> or null # }, # "organization": { # "id": , diff --git a/cvat/apps/engine/rules/projects.rego b/cvat/apps/engine/rules/projects.rego index 8e40ddc43c8..bdaabb12013 100644 --- a/cvat/apps/engine/rules/projects.rego +++ b/cvat/apps/engine/rules/projects.rego @@ -12,7 +12,7 @@ import data.organizations # "auth": { # "user": { # "id": , -# "privilege": <"admin"|"business"|"user"|"worker"> or null +# "privilege": <"admin"|"user"|"worker"> or null # }, # "organization": { # "id": , @@ -59,19 +59,6 @@ allow if { organizations.has_perm(organizations.SUPERVISOR) } -allow if { - input.scope in {utils.CREATE, utils.IMPORT_BACKUP} - utils.is_sandbox - utils.has_perm(utils.BUSINESS) -} - -allow if { - input.scope in {utils.CREATE, utils.IMPORT_BACKUP} - input.auth.organization.id == input.resource.organization.id - utils.has_perm(utils.BUSINESS) - organizations.has_perm(organizations.SUPERVISOR) -} - allow if { input.scope == utils.LIST utils.is_sandbox diff --git a/cvat/apps/engine/rules/server.rego b/cvat/apps/engine/rules/server.rego index bfe3b47a0d4..6833826a076 100644 --- a/cvat/apps/engine/rules/server.rego +++ b/cvat/apps/engine/rules/server.rego @@ -9,7 +9,7 @@ import data.utils # "auth": { # "user": { # "id": , -# "privilege": <"admin"|"business"|"user"|"worker"> or null +# "privilege": <"admin"|"user"|"worker"> or null # }, # "organization": { # "id": , diff --git a/cvat/apps/engine/rules/tasks.rego b/cvat/apps/engine/rules/tasks.rego index 99d126d2b44..f020cf4ac97 100644 --- a/cvat/apps/engine/rules/tasks.rego +++ b/cvat/apps/engine/rules/tasks.rego @@ -13,7 +13,7 @@ import data.organizations # "auth": { # "user": { # "id": , -# "privilege": <"admin"|"business"|"user"|"worker"> or null +# "privilege": <"admin"|"user"|"worker"> or null # }, # "organization": { # "id": , @@ -93,19 +93,6 @@ allow if { organizations.has_perm(organizations.SUPERVISOR) } -allow if { - input.scope in {utils.CREATE, utils.IMPORT_BACKUP} - utils.is_sandbox - utils.has_perm(utils.BUSINESS) -} - -allow if { - input.scope in {utils.CREATE, utils.IMPORT_BACKUP} - input.auth.organization.id == input.resource.organization.id - utils.has_perm(utils.BUSINESS) - organizations.has_perm(organizations.SUPERVISOR) -} - allow if { input.scope == utils.CREATE_IN_PROJECT utils.is_sandbox @@ -128,20 +115,6 @@ allow if { is_project_staff } -allow if { - input.scope == utils.CREATE_IN_PROJECT - utils.is_sandbox - utils.has_perm(utils.BUSINESS) - is_project_staff -} - -allow if { - input.scope == utils.CREATE_IN_PROJECT - input.auth.organization.id == input.resource.organization.id - utils.has_perm(utils.BUSINESS) - organizations.has_perm(organizations.SUPERVISOR) -} - allow if { input.scope == utils.LIST utils.is_sandbox diff --git a/cvat/apps/engine/rules/tests/generators/annotationguides_test.gen.rego.py b/cvat/apps/engine/rules/tests/generators/annotationguides_test.gen.rego.py index 4cf56274167..1dbfcc1167f 100644 --- a/cvat/apps/engine/rules/tests/generators/annotationguides_test.gen.rego.py +++ b/cvat/apps/engine/rules/tests/generators/annotationguides_test.gen.rego.py @@ -46,7 +46,7 @@ def read_rules(name): "job:assignee", "none", ] -GROUPS = ["admin", "business", "user", "worker"] +GROUPS = ["admin", "user", "worker"] ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None] SAME_ORG = [True, False] diff --git a/cvat/apps/engine/rules/tests/generators/cloudstorages_test.gen.rego.py b/cvat/apps/engine/rules/tests/generators/cloudstorages_test.gen.rego.py index 63460df540b..4a4941e0fd1 100644 --- a/cvat/apps/engine/rules/tests/generators/cloudstorages_test.gen.rego.py +++ b/cvat/apps/engine/rules/tests/generators/cloudstorages_test.gen.rego.py @@ -41,7 +41,7 @@ def read_rules(name): SCOPES = {rule["scope"] for rule in simple_rules} CONTEXTS = ["sandbox", "organization"] OWNERSHIPS = ["owner", "none"] -GROUPS = ["admin", "business", "user", "worker", "none"] +GROUPS = ["admin", "user", "worker", "none"] ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None] SAME_ORG = [False, True] diff --git a/cvat/apps/engine/rules/tests/generators/comments_test.gen.rego.py b/cvat/apps/engine/rules/tests/generators/comments_test.gen.rego.py index f36c8a7dfa0..a13a1897c66 100644 --- a/cvat/apps/engine/rules/tests/generators/comments_test.gen.rego.py +++ b/cvat/apps/engine/rules/tests/generators/comments_test.gen.rego.py @@ -51,7 +51,7 @@ def read_rules(name): "owner", "none", ] -GROUPS = ["admin", "business", "user", "worker", "none"] +GROUPS = ["admin", "user", "worker", "none"] ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None] SAME_ORG = [True, False] HAS_PROJ = [True, False] diff --git a/cvat/apps/engine/rules/tests/generators/issues_test.gen.rego.py b/cvat/apps/engine/rules/tests/generators/issues_test.gen.rego.py index 0a35d83880e..53213eb39d2 100644 --- a/cvat/apps/engine/rules/tests/generators/issues_test.gen.rego.py +++ b/cvat/apps/engine/rules/tests/generators/issues_test.gen.rego.py @@ -50,7 +50,7 @@ def read_rules(name): "assignee", "none", ] -GROUPS = ["admin", "business", "user", "worker", "none"] +GROUPS = ["admin", "user", "worker", "none"] ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None] SAME_ORG = [True, False] HAS_PROJ = [True, False] diff --git a/cvat/apps/engine/rules/tests/generators/jobs_test.gen.rego.py b/cvat/apps/engine/rules/tests/generators/jobs_test.gen.rego.py index ca799f953cd..e36f8c8ec7b 100644 --- a/cvat/apps/engine/rules/tests/generators/jobs_test.gen.rego.py +++ b/cvat/apps/engine/rules/tests/generators/jobs_test.gen.rego.py @@ -50,7 +50,7 @@ def read_rules(name): "assignee", "none", ] -GROUPS = ["admin", "business", "user", "worker", "none"] +GROUPS = ["admin", "user", "worker", "none"] ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None] SAME_ORG = [True, False] diff --git a/cvat/apps/engine/rules/tests/generators/projects_test.gen.rego.py b/cvat/apps/engine/rules/tests/generators/projects_test.gen.rego.py index 6657f21d299..d4a7259893f 100644 --- a/cvat/apps/engine/rules/tests/generators/projects_test.gen.rego.py +++ b/cvat/apps/engine/rules/tests/generators/projects_test.gen.rego.py @@ -41,7 +41,7 @@ def read_rules(name): SCOPES = {rule["scope"] for rule in simple_rules} CONTEXTS = ["sandbox", "organization"] OWNERSHIPS = ["owner", "assignee", "none"] -GROUPS = ["admin", "business", "user", "worker", "none"] +GROUPS = ["admin", "user", "worker", "none"] ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None] SAME_ORG = [False, True] diff --git a/cvat/apps/engine/rules/tests/generators/server_test.gen.rego.py b/cvat/apps/engine/rules/tests/generators/server_test.gen.rego.py index 8e9b57a814d..c2b4195191a 100644 --- a/cvat/apps/engine/rules/tests/generators/server_test.gen.rego.py +++ b/cvat/apps/engine/rules/tests/generators/server_test.gen.rego.py @@ -41,7 +41,7 @@ def read_rules(name): SCOPES = {rule["scope"] for rule in simple_rules} CONTEXTS = ["sandbox", "organization"] OWNERSHIPS = ["none"] -GROUPS = ["admin", "business", "user", "worker", "none"] +GROUPS = ["admin", "user", "worker", "none"] ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None] diff --git a/cvat/apps/engine/rules/tests/generators/tasks_test.gen.rego.py b/cvat/apps/engine/rules/tests/generators/tasks_test.gen.rego.py index 61da5c8520d..30925fcee18 100644 --- a/cvat/apps/engine/rules/tests/generators/tasks_test.gen.rego.py +++ b/cvat/apps/engine/rules/tests/generators/tasks_test.gen.rego.py @@ -43,7 +43,7 @@ def read_rules(name): SCOPES = list({rule["scope"] for rule in simple_rules}) CONTEXTS = ["sandbox", "organization"] OWNERSHIPS = ["project:owner", "project:assignee", "owner", "assignee", "none"] -GROUPS = ["admin", "business", "user", "worker", "none"] +GROUPS = ["admin", "user", "worker", "none"] ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None] SAME_ORG = [True, False] diff --git a/cvat/apps/engine/rules/tests/generators/users_test.gen.rego.py b/cvat/apps/engine/rules/tests/generators/users_test.gen.rego.py index 595cbaae4ee..a609492868f 100644 --- a/cvat/apps/engine/rules/tests/generators/users_test.gen.rego.py +++ b/cvat/apps/engine/rules/tests/generators/users_test.gen.rego.py @@ -41,7 +41,7 @@ def read_rules(name): SCOPES = {rule["scope"] for rule in simple_rules} CONTEXTS = ["sandbox", "organization"] OWNERSHIPS = ["self", "none"] -GROUPS = ["admin", "business", "user", "worker", "none"] +GROUPS = ["admin", "user", "worker", "none"] ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None] diff --git a/cvat/apps/engine/rules/users.rego b/cvat/apps/engine/rules/users.rego index 63469228e11..34cb0f4866d 100644 --- a/cvat/apps/engine/rules/users.rego +++ b/cvat/apps/engine/rules/users.rego @@ -10,7 +10,7 @@ import data.organizations # "auth": { # "user": { # "id": , -# "privilege": <"admin"|"business"|"user"|"worker"> or null +# "privilege": <"admin"|"user"|"worker"> or null # }, # "organization": { # "id": , diff --git a/cvat/apps/engine/tests/test_rest_api.py b/cvat/apps/engine/tests/test_rest_api.py index 07e01461ab7..e6ed6b6c030 100644 --- a/cvat/apps/engine/tests/test_rest_api.py +++ b/cvat/apps/engine/tests/test_rest_api.py @@ -54,7 +54,6 @@ def create_db_users(cls): (group_admin, _) = Group.objects.get_or_create(name="admin") - (group_business, _) = Group.objects.get_or_create(name="business") (group_user, _) = Group.objects.get_or_create(name="user") (group_annotator, _) = Group.objects.get_or_create(name="worker") (group_somebody, _) = Group.objects.get_or_create(name="somebody") @@ -63,7 +62,7 @@ def create_db_users(cls): password="admin") user_admin.groups.add(group_admin) user_owner = User.objects.create_user(username="user1", password="user1") - user_owner.groups.add(group_business) + user_owner.groups.add(group_user) user_assignee = User.objects.create_user(username="user2", password="user2") user_assignee.groups.add(group_annotator) user_annotator = User.objects.create_user(username="user3", password="user3") diff --git a/cvat/apps/events/rules/events.rego b/cvat/apps/events/rules/events.rego index 0152ec721ba..58ec43763b2 100644 --- a/cvat/apps/events/rules/events.rego +++ b/cvat/apps/events/rules/events.rego @@ -10,7 +10,7 @@ import data.organizations # "auth": { # "user": { # "id": , -# "privilege": <"admin"|"business"|"user"|"worker"> or null +# "privilege": <"admin"|"user"|"worker"> or null # }, # "organization": { # "id": , diff --git a/cvat/apps/events/rules/tests/generators/events_test.gen.rego.py b/cvat/apps/events/rules/tests/generators/events_test.gen.rego.py index da9d54d79e2..dee2d4a6896 100644 --- a/cvat/apps/events/rules/tests/generators/events_test.gen.rego.py +++ b/cvat/apps/events/rules/tests/generators/events_test.gen.rego.py @@ -42,7 +42,7 @@ def read_rules(name): SCOPES = list({rule["scope"] for rule in simple_rules}) CONTEXTS = ["sandbox", "organization"] OWNERSHIPS = ["none"] -GROUPS = ["admin", "business", "user", "worker", "none"] +GROUPS = ["admin", "user", "worker", "none"] ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None] SAME_ORG = [True, False] diff --git a/cvat/apps/iam/rules/utils.rego b/cvat/apps/iam/rules/utils.rego index 4bd64f0ae10..148b2ec1a2a 100644 --- a/cvat/apps/iam/rules/utils.rego +++ b/cvat/apps/iam/rules/utils.rego @@ -4,7 +4,6 @@ import rego.v1 # Groups ADMIN := "admin" -BUSINESS := "business" USER := "user" WORKER := "worker" @@ -65,7 +64,6 @@ UPDATE_VALIDATION_LAYOUT := "update:validation_layout" get_priority(privilege) := { ADMIN: 0, - BUSINESS: 50, USER: 75, WORKER: 100, null: 1000 @@ -79,10 +77,6 @@ is_admin if { input.auth.user.privilege == ADMIN } -is_business if { - input.auth.user.privilege == BUSINESS -} - is_user if { input.auth.user.privilege == USER } diff --git a/cvat/apps/lambda_manager/rules/lambda.rego b/cvat/apps/lambda_manager/rules/lambda.rego index 2829860c093..7b3b6c82897 100644 --- a/cvat/apps/lambda_manager/rules/lambda.rego +++ b/cvat/apps/lambda_manager/rules/lambda.rego @@ -10,7 +10,7 @@ import data.organizations # "auth": { # "user": { # "id": , -# "privilege": <"admin"|"business"|"user"|"worker"> or null +# "privilege": <"admin"|"user"|"worker"> or null # }, # "organization": { # "id": , diff --git a/cvat/apps/lambda_manager/rules/tests/generators/lambda_test.gen.rego.py b/cvat/apps/lambda_manager/rules/tests/generators/lambda_test.gen.rego.py index 5a669c5f49f..94f694988a3 100644 --- a/cvat/apps/lambda_manager/rules/tests/generators/lambda_test.gen.rego.py +++ b/cvat/apps/lambda_manager/rules/tests/generators/lambda_test.gen.rego.py @@ -41,7 +41,7 @@ def read_rules(name): SCOPES = list({rule["scope"] for rule in simple_rules}) CONTEXTS = ["sandbox", "organization"] OWNERSHIPS = ["none"] -GROUPS = ["admin", "business", "user", "worker", "none"] +GROUPS = ["admin", "user", "worker", "none"] ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None] diff --git a/cvat/apps/lambda_manager/tests/test_lambda.py b/cvat/apps/lambda_manager/tests/test_lambda.py index 57c74cf2c52..794ef8cefab 100644 --- a/cvat/apps/lambda_manager/tests/test_lambda.py +++ b/cvat/apps/lambda_manager/tests/test_lambda.py @@ -133,7 +133,7 @@ def _invoke_function(self, func, payload): @classmethod def _create_db_users(cls): (group_admin, _) = Group.objects.get_or_create(name="admin") - (group_user, _) = Group.objects.get_or_create(name="business") + (group_user, _) = Group.objects.get_or_create(name="user") user_admin = User.objects.create_superuser(username="admin", email="", password="admin") diff --git a/cvat/apps/log_viewer/rules/analytics.rego b/cvat/apps/log_viewer/rules/analytics.rego index b43a9c1b111..dcdbb5ea2ae 100644 --- a/cvat/apps/log_viewer/rules/analytics.rego +++ b/cvat/apps/log_viewer/rules/analytics.rego @@ -9,7 +9,7 @@ import data.utils # "auth": { # "user": { # "id": , -# "privilege": <"admin"|"business"|"user"|"worker"> or null, +# "privilege": <"admin"|"user"|"worker"> or null, # "has_analytics_access": # }, # "organization": { @@ -29,12 +29,6 @@ import data.utils default allow := false -allow if { - input.resource.visibility == utils.PUBLIC - input.scope == utils.VIEW - utils.has_perm(utils.BUSINESS) -} - allow if { input.auth.user.has_analytics_access } diff --git a/cvat/apps/log_viewer/rules/tests/configs/analytics.csv b/cvat/apps/log_viewer/rules/tests/configs/analytics.csv index a581e0716e5..7ff4ea28047 100644 --- a/cvat/apps/log_viewer/rules/tests/configs/analytics.csv +++ b/cvat/apps/log_viewer/rules/tests/configs/analytics.csv @@ -1,3 +1,2 @@ Scope,Resource,Context,Ownership,Limit,Method,URL,Privilege,Membership,HasAnalyticsAccess -view,Analytics,N/A,N/A,resource['visibility']=='public',GET,"/analytics",business,N/A,N/A view,Analytics,N/A,N/A,,GET,"/analytics",none,N/A,true diff --git a/cvat/apps/log_viewer/rules/tests/generators/analytics_test.gen.rego.py b/cvat/apps/log_viewer/rules/tests/generators/analytics_test.gen.rego.py index 7e40f092607..320f778b35f 100644 --- a/cvat/apps/log_viewer/rules/tests/generators/analytics_test.gen.rego.py +++ b/cvat/apps/log_viewer/rules/tests/generators/analytics_test.gen.rego.py @@ -41,7 +41,7 @@ def read_rules(name): SCOPES = {rule["scope"] for rule in simple_rules} CONTEXTS = ["sandbox", "organization"] OWNERSHIPS = ["none"] -GROUPS = ["admin", "business", "user", "worker", "none"] +GROUPS = ["admin", "user", "worker", "none"] ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None] HAS_ANALYTICS_ACCESS = [True, False] diff --git a/cvat/apps/organizations/rules/invitations.rego b/cvat/apps/organizations/rules/invitations.rego index 3a51f76128e..2e15ba4a863 100644 --- a/cvat/apps/organizations/rules/invitations.rego +++ b/cvat/apps/organizations/rules/invitations.rego @@ -10,7 +10,7 @@ import data.organizations # "auth": { # "user": { # "id": , -# "privilege": <"admin"|"business"|"user"|"worker"> or null +# "privilege": <"admin"|"user"|"worker"> or null # }, # "organization": { # "id": , diff --git a/cvat/apps/organizations/rules/memberships.rego b/cvat/apps/organizations/rules/memberships.rego index c23f3039ff1..09752e4b700 100644 --- a/cvat/apps/organizations/rules/memberships.rego +++ b/cvat/apps/organizations/rules/memberships.rego @@ -10,7 +10,7 @@ import data.organizations # "auth": { # "user": { # "id": , -# "privilege": <"admin"|"business"|"user"|"worker"> or null +# "privilege": <"admin"|"user"|"worker"> or null # }, # "organization": { # "id": , diff --git a/cvat/apps/organizations/rules/organizations.rego b/cvat/apps/organizations/rules/organizations.rego index 24643feab70..6d0a8c29c19 100644 --- a/cvat/apps/organizations/rules/organizations.rego +++ b/cvat/apps/organizations/rules/organizations.rego @@ -9,7 +9,7 @@ import data.utils # "auth": { # "user": { # "id": , -# "privilege": <"admin"|"business"|"user"|"worker"> or null +# "privilege": <"admin"|"user"|"worker"> or null # }, # "organization": null, # }, @@ -69,11 +69,6 @@ allow if { utils.has_perm(utils.USER) } -allow if { - input.scope == utils.CREATE - utils.has_perm(utils.BUSINESS) -} - filter := [] if { # Django Q object to filter list of entries utils.is_admin } else := qobject if { diff --git a/cvat/apps/organizations/rules/tests/generators/invitations_test.gen.rego.py b/cvat/apps/organizations/rules/tests/generators/invitations_test.gen.rego.py index c3ba86abb75..bf7edec5071 100644 --- a/cvat/apps/organizations/rules/tests/generators/invitations_test.gen.rego.py +++ b/cvat/apps/organizations/rules/tests/generators/invitations_test.gen.rego.py @@ -41,7 +41,7 @@ def read_rules(name): SCOPES = {rule["scope"] for rule in simple_rules} CONTEXTS = ["sandbox", "organization"] OWNERSHIPS = ["owner", "invitee", "none"] -GROUPS = ["admin", "business", "user", "worker", "none"] +GROUPS = ["admin", "user", "worker", "none"] ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None] SAME_ORG = [False, True] diff --git a/cvat/apps/organizations/rules/tests/generators/memberships_test.gen.rego.py b/cvat/apps/organizations/rules/tests/generators/memberships_test.gen.rego.py index b86548142da..c74a4a7c992 100644 --- a/cvat/apps/organizations/rules/tests/generators/memberships_test.gen.rego.py +++ b/cvat/apps/organizations/rules/tests/generators/memberships_test.gen.rego.py @@ -41,7 +41,7 @@ def read_rules(name): SCOPES = {rule["scope"] for rule in simple_rules} CONTEXTS = ["sandbox", "organization"] OWNERSHIPS = ["self", "none"] -GROUPS = ["admin", "business", "user", "worker", "none"] +GROUPS = ["admin", "user", "worker", "none"] ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None] SAME_ORG = [False, True] diff --git a/cvat/apps/organizations/rules/tests/generators/organizations_test.gen.rego.py b/cvat/apps/organizations/rules/tests/generators/organizations_test.gen.rego.py index a6c111bfef4..d2a8a6fb653 100644 --- a/cvat/apps/organizations/rules/tests/generators/organizations_test.gen.rego.py +++ b/cvat/apps/organizations/rules/tests/generators/organizations_test.gen.rego.py @@ -41,7 +41,7 @@ def read_rules(name): SCOPES = {rule["scope"] for rule in simple_rules} CONTEXTS = ["sandbox", "organization"] OWNERSHIPS = ["owner", "maintainer", "supervisor", "worker", "none"] -GROUPS = ["admin", "business", "user", "worker", "none"] +GROUPS = ["admin", "user", "worker", "none"] ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None] diff --git a/cvat/apps/quality_control/rules/conflicts.rego b/cvat/apps/quality_control/rules/conflicts.rego index f8e570b5882..88349112820 100644 --- a/cvat/apps/quality_control/rules/conflicts.rego +++ b/cvat/apps/quality_control/rules/conflicts.rego @@ -10,7 +10,7 @@ import data.organizations # "auth": { # "user": { # "id": , -# "privilege": <"admin"|"business"|"user"|"worker"> or null +# "privilege": <"admin"|"user"|"worker"> or null # }, # "organization": { # "id": , diff --git a/cvat/apps/quality_control/rules/quality_reports.rego b/cvat/apps/quality_control/rules/quality_reports.rego index e9dd28b3ec3..98626a5f0ca 100644 --- a/cvat/apps/quality_control/rules/quality_reports.rego +++ b/cvat/apps/quality_control/rules/quality_reports.rego @@ -11,7 +11,7 @@ import data.quality_utils # "auth": { # "user": { # "id": , -# "privilege": <"admin"|"business"|"user"|"worker"> or null +# "privilege": <"admin"|"user"|"worker"> or null # }, # "organization": { # "id": , diff --git a/cvat/apps/quality_control/rules/quality_settings.rego b/cvat/apps/quality_control/rules/quality_settings.rego index 1fc587159ee..0b2f6b149e7 100644 --- a/cvat/apps/quality_control/rules/quality_settings.rego +++ b/cvat/apps/quality_control/rules/quality_settings.rego @@ -10,7 +10,7 @@ import data.organizations # "auth": { # "user": { # "id": , -# "privilege": <"admin"|"business"|"user"|"worker"> or null +# "privilege": <"admin"|"user"|"worker"> or null # }, # "organization": { # "id": , diff --git a/cvat/apps/webhooks/rules/tests/generators/webhooks_test.gen.rego.py b/cvat/apps/webhooks/rules/tests/generators/webhooks_test.gen.rego.py index c367a42cc98..66417f3d096 100644 --- a/cvat/apps/webhooks/rules/tests/generators/webhooks_test.gen.rego.py +++ b/cvat/apps/webhooks/rules/tests/generators/webhooks_test.gen.rego.py @@ -40,7 +40,7 @@ def read_rules(name): SCOPES = list({rule["scope"] for rule in simple_rules}) CONTEXTS = ["sandbox", "organization"] OWNERSHIPS = ["project:owner", "owner", "none"] -GROUPS = ["admin", "business", "user", "worker", "none"] +GROUPS = ["admin", "user", "worker", "none"] ORG_ROLES = ["owner", "maintainer", "supervisor", "worker", None] SAME_ORG = [True, False] diff --git a/cvat/apps/webhooks/rules/webhooks.rego b/cvat/apps/webhooks/rules/webhooks.rego index a74a88c6a96..85d577a21ee 100644 --- a/cvat/apps/webhooks/rules/webhooks.rego +++ b/cvat/apps/webhooks/rules/webhooks.rego @@ -11,7 +11,7 @@ import data.organizations # "auth": { # "user": { # "id": -# "privilege": <"admin"|"business"|"user"|"worker"> or null +# "privilege": <"admin"|"user"|"worker"> or null # } # "organization": { # "id": , diff --git a/cvat/settings/base.py b/cvat/settings/base.py index f439000f9d2..17399629b4f 100644 --- a/cvat/settings/base.py +++ b/cvat/settings/base.py @@ -236,7 +236,7 @@ def generate_secret_key(): IAM_ADMIN_ROLE = 'admin' # Index in the list below corresponds to the priority (0 has highest priority) -IAM_ROLES = [IAM_ADMIN_ROLE, 'business', 'user', 'worker'] +IAM_ROLES = [IAM_ADMIN_ROLE, 'user', 'worker'] IAM_OPA_HOST = 'http://opa:8181' IAM_OPA_DATA_URL = f'{IAM_OPA_HOST}/v1/data' LOGIN_URL = 'rest_login' diff --git a/tests/python/rest_api/test_analytics.py b/tests/python/rest_api/test_analytics.py index f14cdd206f8..68671889a21 100644 --- a/tests/python/rest_api/test_analytics.py +++ b/tests/python/rest_api/test_analytics.py @@ -38,7 +38,6 @@ def _test_cannot_see(self, user): "conditions, is_allow", [ (dict(privilege="admin"), True), - (dict(privilege="business"), True), (dict(privilege="worker", has_analytics_access=False), False), (dict(privilege="worker", has_analytics_access=True), True), (dict(privilege="user", has_analytics_access=False), False), diff --git a/tests/python/rest_api/test_cloud_storages.py b/tests/python/rest_api/test_cloud_storages.py index 9fc1739b9e0..ce2db93cab5 100644 --- a/tests/python/rest_api/test_cloud_storages.py +++ b/tests/python/rest_api/test_cloud_storages.py @@ -58,7 +58,6 @@ def _test_cannot_see(self, user, storage_id): "group, is_owner, is_allow", [ ("admin", False, True), - ("business", False, False), ("user", True, True), ], ) @@ -302,7 +301,6 @@ def _test_cannot_update(self, user, storage_id, spec): "group, is_owner, is_allow", [ ("admin", False, True), - ("business", False, False), ("worker", True, True), ], ) @@ -387,7 +385,6 @@ def _test_cannot_see(self, user, storage_id): "group, is_owner, is_allow", [ ("admin", False, True), - ("business", False, False), ("user", True, True), ], ) diff --git a/tests/python/rest_api/test_issues.py b/tests/python/rest_api/test_issues.py index c6c043f2e44..51fd2041c00 100644 --- a/tests/python/rest_api/test_issues.py +++ b/tests/python/rest_api/test_issues.py @@ -55,8 +55,6 @@ def _test_check_response(self, user, data, is_allow, **kwargs): [ ("admin", True, True), ("admin", False, True), - ("business", True, True), - ("business", False, False), ("worker", True, True), ("worker", False, False), ("user", True, True), @@ -185,8 +183,6 @@ def get_data(issue_id, *, username: str = None): [ ("admin", True, None, True), ("admin", False, None, True), - ("business", True, None, True), - ("business", False, None, False), ("user", True, None, True), ("user", False, None, False), ("worker", False, True, True), @@ -275,8 +271,6 @@ def _test_check_response(self, user, issue_id, expect_success, **kwargs): [ ("admin", True, None, True), ("admin", False, None, True), - ("business", True, None, True), - ("business", False, None, False), ("user", True, None, True), ("user", False, None, False), ("worker", False, True, True), diff --git a/tests/python/rest_api/test_jobs.py b/tests/python/rest_api/test_jobs.py index 6d5626fcda9..5bb545497a8 100644 --- a/tests/python/rest_api/test_jobs.py +++ b/tests/python/rest_api/test_jobs.py @@ -568,7 +568,7 @@ def test_admin_can_get_org_job(self, admin_user, jobs, tasks): job = next(job for job in jobs if tasks[job["task_id"]]["organization"] is not None) self._test_get_job_200(admin_user, job["id"], expected_data=job) - @pytest.mark.parametrize("groups", [["business"], ["user"]]) + @pytest.mark.parametrize("groups", [["user"]]) def test_non_admin_org_staff_can_get_job( self, groups, users, organizations, org_staff, jobs_by_org ): @@ -581,7 +581,7 @@ def test_non_admin_org_staff_can_get_job( job = jobs_by_org[org_id][0] self._test_get_job_200(user["username"], job["id"], expected_data=job) - @pytest.mark.parametrize("groups", [["business"], ["user"], ["worker"]]) + @pytest.mark.parametrize("groups", [["user"], ["worker"]]) def test_non_admin_job_staff_can_get_job(self, groups, users, jobs, is_job_staff): user, job = next( (user, job) @@ -591,7 +591,7 @@ def test_non_admin_job_staff_can_get_job(self, groups, users, jobs, is_job_staff ) self._test_get_job_200(user["username"], job["id"], expected_data=job) - @pytest.mark.parametrize("groups", [["business"], ["user"], ["worker"]]) + @pytest.mark.parametrize("groups", [["user"], ["worker"]]) def test_non_admin_non_job_staff_non_org_staff_cannot_get_job( self, groups, users, organizations, org_staff, jobs, is_job_staff ): @@ -955,7 +955,7 @@ def test_admin_list_jobs(self, jobs, tasks, org): self._test_list_jobs_200("admin1", jobs, **kwargs) @pytest.mark.parametrize("org_id", ["", None, 1, 2]) - @pytest.mark.parametrize("groups", [["business"], ["user"], ["worker"], []]) + @pytest.mark.parametrize("groups", [["user"], ["worker"], []]) def test_non_admin_list_jobs( self, org_id, groups, users, jobs, tasks, projects, org_staff, is_org_member ): @@ -1024,8 +1024,6 @@ def _test_get_job_annotations_403(self, user, jid): [ (["admin"], True, True), (["admin"], False, True), - (["business"], True, True), - (["business"], False, False), (["worker"], True, True), (["worker"], False, False), (["user"], True, True), @@ -1093,7 +1091,7 @@ def test_member_get_job_annotations( @pytest.mark.parametrize("org", [1]) @pytest.mark.parametrize( "privilege, expect_success", - [("admin", True), ("business", False), ("worker", False), ("user", False)], + [("admin", True), ("worker", False), ("user", False)], ) def test_non_member_get_job_annotations( self, @@ -1191,7 +1189,7 @@ def test_member_update_job_annotations( @pytest.mark.parametrize("org", [2]) @pytest.mark.parametrize( "privilege, expect_success", - [("admin", True), ("business", False), ("worker", False), ("user", False)], + [("admin", True), ("worker", False), ("user", False)], ) def test_non_member_update_job_annotations( self, @@ -1218,8 +1216,6 @@ def test_non_member_update_job_annotations( [ ("admin", True, True), ("admin", False, True), - ("business", True, True), - ("business", False, False), ("worker", True, True), ("worker", False, False), ("user", True, True), @@ -1651,15 +1647,6 @@ def test_admin_get_org_job_preview(self, jobs, tasks): job_id = next(job["id"] for job in jobs if tasks[job["task_id"]]["organization"]) self._test_get_job_preview_200("admin2", job_id) - def test_business_can_get_job_preview_in_sandbox(self, find_users, jobs, is_job_staff): - username, job_id = next( - (user["username"], job["id"]) - for user in find_users(privilege="business") - for job in jobs - if is_job_staff(user["id"], job["id"]) - ) - self._test_get_job_preview_200(username, job_id) - def test_user_can_get_job_preview_in_sandbox(self, find_users, jobs, is_job_staff): username, job_id = next( (user["username"], job["id"]) @@ -1669,15 +1656,6 @@ def test_user_can_get_job_preview_in_sandbox(self, find_users, jobs, is_job_staf ) self._test_get_job_preview_200(username, job_id) - def test_business_cannot_get_job_preview_in_sandbox(self, find_users, jobs, is_job_staff): - username, job_id = next( - (user["username"], job["id"]) - for user in find_users(privilege="business") - for job in jobs - if not is_job_staff(user["id"], job["id"]) - ) - self._test_get_job_preview_403(username, job_id) - def test_user_cannot_get_job_preview_in_sandbox(self, find_users, jobs, is_job_staff): username, job_id = next( (user["username"], job["id"]) diff --git a/tests/python/rest_api/test_memberships.py b/tests/python/rest_api/test_memberships.py index e03cac2e277..dbb2863260f 100644 --- a/tests/python/rest_api/test_memberships.py +++ b/tests/python/rest_api/test_memberships.py @@ -40,7 +40,7 @@ def test_can_filter_by_org_id(self, field_value, query_value, memberships): ) def test_non_admin_can_see_only_self_memberships(self, memberships): - non_admins = ["business1", "user1", "dummy1", "worker2"] + non_admins = ["user1", "dummy1", "worker2"] for username in non_admins: data = [obj for obj in memberships if obj["user"]["username"] == username] self._test_can_see_memberships(username, data) diff --git a/tests/python/rest_api/test_organizations.py b/tests/python/rest_api/test_organizations.py index 5daee9e5353..50834b1fff8 100644 --- a/tests/python/rest_api/test_organizations.py +++ b/tests/python/rest_api/test_organizations.py @@ -31,7 +31,6 @@ class TestMetadataOrganizations: [ ("admin", None, None), ("user", None, False), - ("business", None, False), ("worker", None, False), (None, "owner", True), (None, "maintainer", True), @@ -79,7 +78,6 @@ class TestGetOrganizations: [ ("admin", None, None, True), ("user", None, False, False), - ("business", None, False, False), ("worker", None, False, False), (None, "owner", True, True), (None, "maintainer", True, True), @@ -182,7 +180,6 @@ def expected_data(self, organizations, request_data): [ ("admin", None, None, True), ("user", None, False, False), - ("business", None, False, False), ("worker", None, False, False), (None, "owner", True, True), (None, "maintainer", True, True), @@ -239,7 +236,6 @@ class TestDeleteOrganizations: (None, "worker", True, False), (None, "supervisor", True, False), ("user", None, False, False), - ("business", None, False, False), ("worker", None, False, False), ], ) diff --git a/tests/python/rest_api/test_projects.py b/tests/python/rest_api/test_projects.py index b0c8a3b247c..c44ec5d8373 100644 --- a/tests/python/rest_api/test_projects.py +++ b/tests/python/rest_api/test_projects.py @@ -447,7 +447,7 @@ def test_if_worker_cannot_create_project(self, find_users): spec = {"name": f"test {username} tries to create a project"} self._test_create_project_403(username, spec) - @pytest.mark.parametrize("privilege", ("admin", "business", "user")) + @pytest.mark.parametrize("privilege", ("admin", "user")) def test_if_user_can_create_project(self, find_users, privilege): privileged_users = find_users(privilege=privilege) assert len(privileged_users) diff --git a/tests/python/rest_api/test_tasks.py b/tests/python/rest_api/test_tasks.py index c57dec13f63..6f5bd04de7e 100644 --- a/tests/python/rest_api/test_tasks.py +++ b/tests/python/rest_api/test_tasks.py @@ -141,7 +141,6 @@ def _test_assigned_users_to_see_task_data(self, tasks, users, is_task_staff, **k "groups, is_staff, is_allow", [ ("admin", False, True), - ("business", False, False), ], ) def test_project_tasks_visibility( @@ -350,7 +349,6 @@ def _test_users_to_create_task_in_project( "groups, is_staff, is_allow", [ ("admin", False, True), - ("business", False, False), ("user", True, True), ], ) @@ -511,8 +509,6 @@ def get_data(tid): [ ("admin", True, True), ("admin", False, True), - ("business", True, True), - ("business", False, False), ("worker", True, True), ("worker", False, False), ("user", True, True), diff --git a/tests/python/rest_api/test_webhooks.py b/tests/python/rest_api/test_webhooks.py index 3c528bc78c1..33850cf8023 100644 --- a/tests/python/rest_api/test_webhooks.py +++ b/tests/python/rest_api/test_webhooks.py @@ -96,7 +96,7 @@ def test_admin_can_create_webhook_for_project_in_org( assert response.status_code == HTTPStatus.CREATED assert "secret" not in response.json() - @pytest.mark.parametrize("privilege", ["user", "business"]) + @pytest.mark.parametrize("privilege", ["user"]) def test_sandbox_project_owner_can_create_webhook_for_project(self, privilege, projects, users): users = [user for user in users if privilege in user["groups"]] username, project_id = next( @@ -116,7 +116,7 @@ def test_sandbox_project_owner_can_create_webhook_for_project(self, privilege, p assert response.status_code == HTTPStatus.CREATED assert "secret" not in response.json() - @pytest.mark.parametrize("privilege", ["worker", "user", "business"]) + @pytest.mark.parametrize("privilege", ["worker", "user"]) def test_sandbox_project_assignee_cannot_create_webhook_for_project( self, privilege, projects, users ): @@ -410,7 +410,7 @@ def test_admin_can_get_webhook(self, webhooks, users, projects): assert "secret" not in response.json() assert DeepDiff(webhooks[wid], response.json(), ignore_order=True) == {} - @pytest.mark.parametrize("privilege", ["user", "business"]) + @pytest.mark.parametrize("privilege", ["user"]) def test_project_owner_can_get_webhook(self, privilege, webhooks, projects, users): proj_webhooks = [w for w in webhooks if w["type"] == "project"] username, wid = next( @@ -429,7 +429,7 @@ def test_project_owner_can_get_webhook(self, privilege, webhooks, projects, user assert "secret" not in response.json() assert DeepDiff(webhooks[wid], response.json(), ignore_order=True) == {} - @pytest.mark.parametrize("privilege", ["user", "business"]) + @pytest.mark.parametrize("privilege", ["user"]) def test_webhook_owner_can_get_webhook(self, privilege, webhooks, projects, users): proj_webhooks = [w for w in webhooks if w["type"] == "project"] username, wid = next( @@ -447,7 +447,7 @@ def test_webhook_owner_can_get_webhook(self, privilege, webhooks, projects, user assert "secret" not in response.json() assert DeepDiff(webhooks[wid], response.json(), ignore_order=True) == {} - @pytest.mark.parametrize("privilege", ["user", "business"]) + @pytest.mark.parametrize("privilege", ["user"]) def test_not_project_staff_cannot_get_webhook(self, privilege, webhooks, projects, users): proj_webhooks = [w for w in webhooks if w["type"] == "project"] username, wid = next( @@ -631,7 +631,7 @@ def test_admin_can_get_webhooks_for_project_in_org(self, webhooks): assert response.status_code == HTTPStatus.OK assert DeepDiff(expected_response, response.json()["results"], ignore_order=True) == {} - @pytest.mark.parametrize("privilege", ["user", "business"]) + @pytest.mark.parametrize("privilege", ["user"]) def test_user_cannot_get_webhook_list_for_project( self, privilege, find_users, webhooks, projects ): @@ -654,7 +654,7 @@ def test_user_cannot_get_webhook_list_for_project( assert response.status_code == HTTPStatus.OK assert DeepDiff([], response.json()["results"], ignore_order=True) == {} - @pytest.mark.parametrize("privilege", ["user", "business"]) + @pytest.mark.parametrize("privilege", ["user"]) def test_user_can_get_webhook_list_for_project(self, privilege, find_users, webhooks, projects): username, pid = next( ( @@ -824,7 +824,7 @@ def test_cannot_update_with_nonexistent_contenttype(self): response = patch_method("admin2", f"webhooks/{self.WID}", patch_data) assert response.status_code == HTTPStatus.BAD_REQUEST - @pytest.mark.parametrize("privilege", ["user", "business"]) + @pytest.mark.parametrize("privilege", ["user"]) def test_sandbox_user_can_update_webhook(self, privilege, find_users, webhooks): username, webhook = next( ( @@ -852,7 +852,7 @@ def test_sandbox_user_can_update_webhook(self, privilege, find_users, webhooks): == {} ) - @pytest.mark.parametrize("privilege", ["worker", "user", "business"]) + @pytest.mark.parametrize("privilege", ["worker", "user"]) def test_sandbox_user_cannot_update_webhook(self, privilege, find_users, webhooks): username, webhook = next( ( @@ -1030,7 +1030,7 @@ def test_member_can_update_project_webhook_in_org( @pytest.mark.usefixtures("restore_db_per_function") class TestDeleteWebhooks: @pytest.mark.parametrize( - "privilege, allow", [("user", False), ("business", False), ("admin", True)] + "privilege, allow", [("user", False), ("admin", True)] ) def test_user_can_delete_project_webhook( self, privilege, allow, find_users, webhooks, projects @@ -1101,7 +1101,7 @@ def test_admin_can_delete_org_webhook(self, find_users, webhooks, is_org_member) response = get_method(username, f"webhooks/{webhook_id}") assert response.status_code == HTTPStatus.NOT_FOUND - @pytest.mark.parametrize("privilege", ["user", "business"]) + @pytest.mark.parametrize("privilege", ["user"]) def test_project_owner_can_delete_project_webhook( self, privilege, find_users, webhooks, projects ): @@ -1123,7 +1123,7 @@ def test_project_owner_can_delete_project_webhook( response = get_method(username, f"webhooks/{webhook_id}") assert response.status_code == HTTPStatus.NOT_FOUND - @pytest.mark.parametrize("privilege", ["user", "business"]) + @pytest.mark.parametrize("privilege", ["user"]) def test_webhook_owner_can_delete_project_webhook( self, privilege, find_users, webhooks, projects ): From 494a862a3183e727bea5d9391f494d47237af485 Mon Sep 17 00:00:00 2001 From: Dmitrii Lavrukhin Date: Tue, 29 Oct 2024 10:43:02 +0400 Subject: [PATCH 02/13] removing analytics_visibility from settings --- cvat/apps/log_viewer/permissions.py | 5 ----- cvat/apps/log_viewer/rules/analytics.rego | 1 - .../rules/tests/generators/analytics_test.gen.rego.py | 6 ------ cvat/settings/base.py | 6 ------ 4 files changed, 18 deletions(-) diff --git a/cvat/apps/log_viewer/permissions.py b/cvat/apps/log_viewer/permissions.py index c50cf9302c6..c0ace7b2fcf 100644 --- a/cvat/apps/log_viewer/permissions.py +++ b/cvat/apps/log_viewer/permissions.py @@ -47,8 +47,3 @@ def get_scopes(request, view, obj): return [{ 'list': Scopes.VIEW, }[view.action]] - - def get_resource(self): - return { - 'visibility': 'public' if settings.RESTRICTIONS['analytics_visibility'] else 'private', - } diff --git a/cvat/apps/log_viewer/rules/analytics.rego b/cvat/apps/log_viewer/rules/analytics.rego index dcdbb5ea2ae..d4bef6923d4 100644 --- a/cvat/apps/log_viewer/rules/analytics.rego +++ b/cvat/apps/log_viewer/rules/analytics.rego @@ -23,7 +23,6 @@ import data.utils # } or null, # }, # "resource": { -# "visibility": <"public"|"private"> or null, # } # } diff --git a/cvat/apps/log_viewer/rules/tests/generators/analytics_test.gen.rego.py b/cvat/apps/log_viewer/rules/tests/generators/analytics_test.gen.rego.py index 320f778b35f..95d566e4b93 100644 --- a/cvat/apps/log_viewer/rules/tests/generators/analytics_test.gen.rego.py +++ b/cvat/apps/log_viewer/rules/tests/generators/analytics_test.gen.rego.py @@ -47,12 +47,6 @@ def read_rules(name): def RESOURCES(scope): - if scope == "view": - return [ - {"visibility": "public"}, - {"visibility": "private"}, - ] - return [None] diff --git a/cvat/settings/base.py b/cvat/settings/base.py index 17399629b4f..404628fa555 100644 --- a/cvat/settings/base.py +++ b/cvat/settings/base.py @@ -532,12 +532,6 @@ class CVAT_QUEUES(Enum): DATA_UPLOAD_MAX_NUMBER_FIELDS = None # this django check disabled DATA_UPLOAD_MAX_NUMBER_FILES = None -RESTRICTIONS = { - # allow access to analytics component to users with business role - # otherwise, only the administrator has access - 'analytics_visibility': True, -} - redis_ondisk_host = os.getenv('CVAT_REDIS_ONDISK_HOST', 'localhost') # The default port is not Redis's default port (6379). # This is so that a developer can run both in-mem Redis and on-disk Kvrocks on their machine From fceb9acc7b0296d63df261e949f9646a05490cc2 Mon Sep 17 00:00:00 2001 From: Dmitrii Lavrukhin Date: Tue, 29 Oct 2024 10:47:37 +0400 Subject: [PATCH 03/13] removing business --- cvat-core/src/server-response-types.ts | 2 +- cvat-core/src/user.ts | 2 +- site/content/en/docs/administration/advanced/ldap.md | 2 -- site/content/en/docs/administration/basics/admin-account.md | 2 +- 4 files changed, 3 insertions(+), 5 deletions(-) diff --git a/cvat-core/src/server-response-types.ts b/cvat-core/src/server-response-types.ts index af6cd760ed4..224280992fd 100644 --- a/cvat-core/src/server-response-types.ts +++ b/cvat-core/src/server-response-types.ts @@ -47,7 +47,7 @@ export interface SerializedUser { first_name: string; last_name: string; email?: string; - groups?: ('user' | 'business' | 'admin')[]; + groups?: ('user' | 'admin')[]; is_staff?: boolean; is_superuser?: boolean; is_active?: boolean; diff --git a/cvat-core/src/user.ts b/cvat-core/src/user.ts index 6d7366151fb..ef28f3633f0 100644 --- a/cvat-core/src/user.ts +++ b/cvat-core/src/user.ts @@ -11,7 +11,7 @@ export default class User { public readonly email: string; public readonly firstName: string; public readonly lastName: string; - public readonly groups: ('user' | 'business' | 'admin')[]; + public readonly groups: ('user' | 'admin')[]; public readonly lastLogin: string; public readonly dateJoined: string; public readonly isStaff: boolean; diff --git a/site/content/en/docs/administration/advanced/ldap.md b/site/content/en/docs/administration/advanced/ldap.md index c1b6be282f2..6fe52ae4fb6 100644 --- a/site/content/en/docs/administration/advanced/ldap.md +++ b/site/content/en/docs/administration/advanced/ldap.md @@ -112,7 +112,6 @@ AUTH_LDAP_USER_GROUPS = [ DJANGO_AUTH_LDAP_GROUPS = { "admin": AUTH_LDAP_ADMIN_GROUPS, - "business": AUTH_LDAP_BUSINESS_GROUPS, "user": AUTH_LDAP_USER_GROUPS, "worker": AUTH_LDAP_WORKER_GROUPS, } @@ -193,7 +192,6 @@ AUTH_LDAP_USER_GROUPS = [ DJANGO_AUTH_LDAP_GROUPS = { "admin": AUTH_LDAP_ADMIN_GROUPS, - "business": AUTH_LDAP_BUSINESS_GROUPS, "user": AUTH_LDAP_USER_GROUPS, "worker": AUTH_LDAP_WORKER_GROUPS, } diff --git a/site/content/en/docs/administration/basics/admin-account.md b/site/content/en/docs/administration/basics/admin-account.md index 08182f80a22..bb72a99af89 100644 --- a/site/content/en/docs/administration/basics/admin-account.md +++ b/site/content/en/docs/administration/basics/admin-account.md @@ -11,7 +11,7 @@ The user you register by default does not have full permissions on the instance, so you must create a superuser. The superuser can use [Django administration panel](http://localhost:8080/admin) to assign groups (roles) to other users. -
Available roles are: user (default), admin, business, worker. +
Available roles are: user (default), admin, worker. ### Prerequisites From f61b0f32eeec6569991f089ec2f8d2cf96c93ca2 Mon Sep 17 00:00:00 2001 From: Dmitrii Lavrukhin Date: Tue, 29 Oct 2024 11:21:11 +0400 Subject: [PATCH 04/13] removing group business in test db and renaming business users --- tests/python/shared/assets/cloudstorages.json | 6 +- tests/python/shared/assets/comments.json | 12 +- tests/python/shared/assets/cvat_db/data.json | 140 +++++++++--------- tests/python/shared/assets/invitations.json | 54 +++---- tests/python/shared/assets/issues.json | 12 +- tests/python/shared/assets/memberships.json | 24 +-- tests/python/shared/assets/organizations.json | 6 +- tests/python/shared/assets/projects.json | 26 ++-- tests/python/shared/assets/tasks.json | 24 +-- tests/python/shared/assets/users.json | 48 +++--- tests/python/shared/assets/webhooks.json | 6 +- 11 files changed, 175 insertions(+), 183 deletions(-) diff --git a/tests/python/shared/assets/cloudstorages.json b/tests/python/shared/assets/cloudstorages.json index 4cda853ec93..8d8d92009aa 100644 --- a/tests/python/shared/assets/cloudstorages.json +++ b/tests/python/shared/assets/cloudstorages.json @@ -36,11 +36,11 @@ ], "organization": 2, "owner": { - "first_name": "Business", + "first_name": "User", "id": 11, - "last_name": "Second", + "last_name": "Eighth", "url": "http://localhost:8080/api/users/11", - "username": "business2" + "username": "user8" }, "provider_type": "AWS_S3_BUCKET", "resource": "private", diff --git a/tests/python/shared/assets/comments.json b/tests/python/shared/assets/comments.json index f1f7457eae7..4681af9bd7d 100644 --- a/tests/python/shared/assets/comments.json +++ b/tests/python/shared/assets/comments.json @@ -37,11 +37,11 @@ "issue": 3, "message": "Another one issue", "owner": { - "first_name": "Business", + "first_name": "User", "id": 11, - "last_name": "Second", + "last_name": "Eighth", "url": "http://localhost:8080/api/users/11", - "username": "business2" + "username": "user8" }, "updated_date": "2022-03-16T11:08:18.370000Z" }, @@ -51,11 +51,11 @@ "issue": 2, "message": "Something should be here", "owner": { - "first_name": "Business", + "first_name": "User", "id": 11, - "last_name": "Second", + "last_name": "Eighth", "url": "http://localhost:8080/api/users/11", - "username": "business2" + "username": "user8" }, "updated_date": "2022-03-16T11:07:22.173000Z" }, diff --git a/tests/python/shared/assets/cvat_db/data.json b/tests/python/shared/assets/cvat_db/data.json index 7bb20c4507c..a5df4b1432b 100644 --- a/tests/python/shared/assets/cvat_db/data.json +++ b/tests/python/shared/assets/cvat_db/data.json @@ -7,14 +7,6 @@ "permissions": [] } }, -{ - "model": "auth.group", - "pk": 2, - "fields": { - "name": "business", - "permissions": [] - } -}, { "model": "auth.group", "pk": 3, @@ -236,16 +228,16 @@ "password": "md5$6TyZJsUJ2hAbICwZHKp4p0$961841748b31d28bcaf3094e549d2bd5", "last_login": "2022-09-28T12:17:51.373Z", "is_superuser": false, - "username": "business1", - "first_name": "Business", - "last_name": "First", - "email": "business1@cvat.org", + "username": "user7", + "first_name": "User", + "last_name": "Seventh", + "email": "user7@cvat.org", "is_staff": false, "is_active": true, "date_joined": "2021-12-14T18:33:06Z", "groups": [ [ - "business" + "user" ] ], "user_permissions": [] @@ -258,16 +250,16 @@ "password": "md5$oLNLFFMdjViRqnAw1th3Zl$d816d16307053866451da43fb4443b66", "last_login": "2022-03-17T07:22:55.930Z", "is_superuser": false, - "username": "business2", - "first_name": "Business", - "last_name": "Second", - "email": "business2@cvat.org", + "username": "user8", + "first_name": "User", + "last_name": "Eighth", + "email": "user8@cvat.org", "is_staff": false, "is_active": true, "date_joined": "2021-12-14T18:34:01Z", "groups": [ [ - "business" + "user" ] ], "user_permissions": [] @@ -280,16 +272,16 @@ "password": "md5$7ETBhORLrHl45WPL9CkxnN$af77496152b60ffc73ef877c99807385", "last_login": null, "is_superuser": false, - "username": "business3", - "first_name": "Business", - "last_name": "Third", - "email": "business3@cvat.org", + "username": "user9", + "first_name": "User", + "last_name": "Nineth", + "email": "user9@cvat.org", "is_staff": false, "is_active": true, "date_joined": "2021-12-14T18:34:34Z", "groups": [ [ - "business" + "user" ] ], "user_permissions": [] @@ -302,16 +294,16 @@ "password": "md5$9huaZ72ncQGfmxUqU3Hwnz$6b010216eea87409f0aca7126bd80bbd", "last_login": null, "is_superuser": false, - "username": "business4", - "first_name": "Business", - "last_name": "Fourth", - "email": "business4@cvat.org", + "username": "user10", + "first_name": "User", + "last_name": "Tenth", + "email": "user10@cvat.org", "is_staff": false, "is_active": true, "date_joined": "2021-12-14T18:35:15Z", "groups": [ [ - "business" + "user" ] ], "user_permissions": [] @@ -734,7 +726,7 @@ "pk": "53da3ff9e514d84b56b5170059ff0f595c34157b", "fields": { "user": [ - "business2" + "user8" ], "created": "2022-03-17T07:22:55.921Z" } @@ -754,7 +746,7 @@ "pk": "c051fe19df24a0ac4c6bec5e635034271c9549dc", "fields": { "user": [ - "business1" + "user7" ], "created": "2023-05-01T08:42:48.127Z" } @@ -833,7 +825,7 @@ "email": "org2@cvat.org" }, "owner": [ - "business1" + "user7" ] } }, @@ -881,7 +873,7 @@ "pk": 4, "fields": { "user": [ - "business1" + "user7" ], "organization": 1, "is_active": true, @@ -894,7 +886,7 @@ "pk": 5, "fields": { "user": [ - "business1" + "user7" ], "organization": 2, "is_active": true, @@ -907,7 +899,7 @@ "pk": 6, "fields": { "user": [ - "business2" + "user8" ], "organization": 2, "is_active": true, @@ -1024,7 +1016,7 @@ "pk": 15, "fields": { "user": [ - "business2" + "user8" ], "organization": 1, "is_active": true, @@ -1039,7 +1031,7 @@ "created_date": "2022-01-19T13:54:42.005Z", "sent_date": "2022-01-19T13:54:42.005Z", "owner": [ - "business1" + "user7" ], "membership": 10 } @@ -1051,7 +1043,7 @@ "created_date": "2021-12-14T19:54:46.172Z", "sent_date": "2021-12-14T19:54:46.172Z", "owner": [ - "business1" + "user7" ], "membership": 7 } @@ -1063,7 +1055,7 @@ "created_date": "2022-01-19T13:54:42.015Z", "sent_date": "2022-01-19T13:54:42.015Z", "owner": [ - "business1" + "user7" ], "membership": 11 } @@ -1099,7 +1091,7 @@ "created_date": "2021-12-14T19:54:33.591Z", "sent_date": "2021-12-14T19:54:33.591Z", "owner": [ - "business1" + "user7" ], "membership": 6 } @@ -1147,7 +1139,7 @@ "created_date": "2021-12-14T19:55:13.745Z", "sent_date": "2021-12-14T19:55:13.745Z", "owner": [ - "business1" + "user7" ], "membership": 9 } @@ -1171,7 +1163,7 @@ "created_date": "2021-12-14T19:54:56.431Z", "sent_date": "2021-12-14T19:54:56.431Z", "owner": [ - "business1" + "user7" ], "membership": 8 } @@ -3896,7 +3888,7 @@ "updated_date": "2022-11-03T13:57:25.895Z", "name": "project1", "owner": [ - "business1" + "user7" ], "assignee": [ "user6" @@ -3917,7 +3909,7 @@ "updated_date": "2022-06-30T08:56:45.601Z", "name": "project2", "owner": [ - "business1" + "user7" ], "assignee": [ "user2" @@ -4000,7 +3992,7 @@ "user1" ], "assignee": [ - "business4" + "user10" ], "assignee_updated_date": null, "bug_tracker": "", @@ -4179,7 +4171,7 @@ "admin1" ], "assignee": [ - "business1" + "user7" ], "assignee_updated_date": "2024-09-23T08:09:45.461Z", "bug_tracker": "", @@ -4281,7 +4273,7 @@ "name": "task_2_org2", "mode": "annotation", "owner": [ - "business2" + "user8" ], "assignee": [ "worker2" @@ -4337,7 +4329,7 @@ "name": "task1_in_project1", "mode": "annotation", "owner": [ - "business1" + "user7" ], "assignee": [ "admin1" @@ -4365,7 +4357,7 @@ "name": "task1_in_project2", "mode": "annotation", "owner": [ - "business1" + "user7" ], "assignee": [ "user5" @@ -4738,7 +4730,7 @@ "user3" ], "assignee": [ - "business1" + "user7" ], "assignee_updated_date": "2024-09-23T10:51:45.525Z", "bug_tracker": "", @@ -12759,7 +12751,7 @@ "pk": 10, "fields": { "user": [ - "business1" + "user7" ], "rating": 0.0, "has_analytics_access": false @@ -12770,7 +12762,7 @@ "pk": 11, "fields": { "user": [ - "business2" + "user8" ], "rating": 0.0, "has_analytics_access": false @@ -12781,7 +12773,7 @@ "pk": 12, "fields": { "user": [ - "business3" + "user9" ], "rating": 0.0, "has_analytics_access": false @@ -12792,7 +12784,7 @@ "pk": 13, "fields": { "user": [ - "business4" + "user10" ], "rating": 0.0, "has_analytics_access": false @@ -12912,7 +12904,7 @@ "position": "98.48046875, 696.72265625, 326.1220703125, 841.5859375", "job": 9, "owner": [ - "business2" + "user8" ], "assignee": null, "resolved": false @@ -12928,7 +12920,7 @@ "position": "108.1845703125, 235.0, 720.0087890625, 703.3505859375", "job": 16, "owner": [ - "business2" + "user8" ], "assignee": null, "resolved": false @@ -13002,7 +12994,7 @@ "updated_date": "2022-03-16T11:07:22.173Z", "issue": 2, "owner": [ - "business2" + "user8" ], "message": "Something should be here" } @@ -13015,7 +13007,7 @@ "updated_date": "2022-03-16T11:08:18.370Z", "issue": 3, "owner": [ - "business2" + "user8" ], "message": "Another one issue" } @@ -13099,7 +13091,7 @@ "resource": "private", "display_name": "Bucket 2", "owner": [ - "business2" + "user8" ], "credentials": "minio_access_key minio_secret_key", "credentials_type": "KEY_SECRET_KEY_PAIR", @@ -13563,7 +13555,7 @@ "is_active": true, "enable_ssl": true, "owner": [ - "business1" + "user7" ], "project": 1, "organization": null @@ -13682,9 +13674,9 @@ "user": { "id": 11, "url": "http://localhost:8080/api/users/11", - "username": "business2", - "last_name": "Second", - "first_name": "Business" + "username": "user8", + "last_name": "Eighth", + "first_name": "User" }, "owner": { "id": 2, @@ -13771,9 +13763,9 @@ "user": { "id": 11, "url": "http://localhost:8080/api/users/11", - "username": "business2", - "last_name": "Second", - "first_name": "Business" + "username": "user8", + "last_name": "Eighth", + "first_name": "User" }, "is_active": true, "invitation": "q8GWTPiR1Vz9DDO6MQo1B6pUBzW9GjDb6AUQPziAV62jD7OpCLZji0GS66C48wRX", @@ -19010,7 +19002,7 @@ "user" ], "object_id": "10", - "object_repr": "business1", + "object_repr": "user7", "action_flag": 1, "change_message": "[{\"added\": {}}]" } @@ -19028,7 +19020,7 @@ "user" ], "object_id": "10", - "object_repr": "business1", + "object_repr": "user7", "action_flag": 2, "change_message": "[{\"changed\": {\"fields\": [\"First name\", \"Last name\"]}}]" } @@ -19046,7 +19038,7 @@ "user" ], "object_id": "10", - "object_repr": "business1", + "object_repr": "user7", "action_flag": 2, "change_message": "[{\"changed\": {\"fields\": [\"Last name\", \"Email address\", \"Groups\"]}}]" } @@ -19064,7 +19056,7 @@ "user" ], "object_id": "11", - "object_repr": "business2", + "object_repr": "user8", "action_flag": 1, "change_message": "[{\"added\": {}}]" } @@ -19082,7 +19074,7 @@ "user" ], "object_id": "11", - "object_repr": "business2", + "object_repr": "user8", "action_flag": 2, "change_message": "[{\"changed\": {\"fields\": [\"First name\", \"Last name\", \"Email address\", \"Groups\"]}}]" } @@ -19100,7 +19092,7 @@ "user" ], "object_id": "12", - "object_repr": "business3", + "object_repr": "user9", "action_flag": 1, "change_message": "[{\"added\": {}}]" } @@ -19118,7 +19110,7 @@ "user" ], "object_id": "12", - "object_repr": "business3", + "object_repr": "user9", "action_flag": 2, "change_message": "[{\"changed\": {\"fields\": [\"First name\", \"Last name\", \"Email address\", \"Groups\"]}}]" } @@ -19136,7 +19128,7 @@ "user" ], "object_id": "13", - "object_repr": "business4", + "object_repr": "user10", "action_flag": 1, "change_message": "[{\"added\": {}}]" } @@ -19154,7 +19146,7 @@ "user" ], "object_id": "13", - "object_repr": "business4", + "object_repr": "user10", "action_flag": 2, "change_message": "[{\"changed\": {\"fields\": [\"First name\", \"Last name\", \"Email address\", \"Groups\"]}}]" } diff --git a/tests/python/shared/assets/invitations.json b/tests/python/shared/assets/invitations.json index 6b0f2452820..9a58f4bbee0 100644 --- a/tests/python/shared/assets/invitations.json +++ b/tests/python/shared/assets/invitations.json @@ -21,11 +21,11 @@ }, "role": "maintainer", "user": { - "first_name": "Business", + "first_name": "User", "id": 11, - "last_name": "Second", + "last_name": "Eighth", "url": "http://localhost:8080/api/users/11", - "username": "business2" + "username": "user8" } }, { @@ -113,11 +113,11 @@ "slug": "org2" }, "owner": { - "first_name": "Business", + "first_name": "User", "id": 10, - "last_name": "First", + "last_name": "Seventh", "url": "http://localhost:8080/api/users/10", - "username": "business1" + "username": "user7" }, "role": "maintainer", "user": { @@ -138,11 +138,11 @@ "slug": "org2" }, "owner": { - "first_name": "Business", + "first_name": "User", "id": 10, - "last_name": "First", + "last_name": "Seventh", "url": "http://localhost:8080/api/users/10", - "username": "business1" + "username": "user7" }, "role": "supervisor", "user": { @@ -163,11 +163,11 @@ "slug": "org2" }, "owner": { - "first_name": "Business", + "first_name": "User", "id": 10, - "last_name": "First", + "last_name": "Seventh", "url": "http://localhost:8080/api/users/10", - "username": "business1" + "username": "user7" }, "role": "supervisor", "user": { @@ -188,11 +188,11 @@ "slug": "org2" }, "owner": { - "first_name": "Business", + "first_name": "User", "id": 10, - "last_name": "First", + "last_name": "Seventh", "url": "http://localhost:8080/api/users/10", - "username": "business1" + "username": "user7" }, "role": "worker", "user": { @@ -213,11 +213,11 @@ "slug": "org2" }, "owner": { - "first_name": "Business", + "first_name": "User", "id": 10, - "last_name": "First", + "last_name": "Seventh", "url": "http://localhost:8080/api/users/10", - "username": "business1" + "username": "user7" }, "role": "worker", "user": { @@ -238,19 +238,19 @@ "slug": "org2" }, "owner": { - "first_name": "Business", + "first_name": "User", "id": 10, - "last_name": "First", + "last_name": "Seventh", "url": "http://localhost:8080/api/users/10", - "username": "business1" + "username": "user7" }, "role": "maintainer", "user": { - "first_name": "Business", + "first_name": "User", "id": 11, - "last_name": "Second", + "last_name": "Eighth", "url": "http://localhost:8080/api/users/11", - "username": "business2" + "username": "user8" } }, { @@ -271,11 +271,11 @@ }, "role": "maintainer", "user": { - "first_name": "Business", + "first_name": "User", "id": 10, - "last_name": "First", + "last_name": "Seventh", "url": "http://localhost:8080/api/users/10", - "username": "business1" + "username": "user7" } }, { diff --git a/tests/python/shared/assets/issues.json b/tests/python/shared/assets/issues.json index 9aff3cf4b63..e719b30ac11 100644 --- a/tests/python/shared/assets/issues.json +++ b/tests/python/shared/assets/issues.json @@ -72,11 +72,11 @@ "id": 3, "job": 16, "owner": { - "first_name": "Business", + "first_name": "User", "id": 11, - "last_name": "Second", + "last_name": "Eighth", "url": "http://localhost:8080/api/users/11", - "username": "business2" + "username": "user8" }, "position": [ 108.1845703125, @@ -98,11 +98,11 @@ "id": 2, "job": 9, "owner": { - "first_name": "Business", + "first_name": "User", "id": 11, - "last_name": "Second", + "last_name": "Eighth", "url": "http://localhost:8080/api/users/11", - "username": "business2" + "username": "user8" }, "position": [ 98.48046875, diff --git a/tests/python/shared/assets/memberships.json b/tests/python/shared/assets/memberships.json index 9ae6bcc8d95..3c0be8035d2 100644 --- a/tests/python/shared/assets/memberships.json +++ b/tests/python/shared/assets/memberships.json @@ -11,11 +11,11 @@ "organization": 1, "role": "maintainer", "user": { - "first_name": "Business", + "first_name": "User", "id": 11, - "last_name": "Second", + "last_name": "Eighth", "url": "http://localhost:8080/api/users/11", - "username": "business2" + "username": "user8" } }, { @@ -146,11 +146,11 @@ "organization": 2, "role": "maintainer", "user": { - "first_name": "Business", + "first_name": "User", "id": 11, - "last_name": "Second", + "last_name": "Eighth", "url": "http://localhost:8080/api/users/11", - "username": "business2" + "username": "user8" } }, { @@ -161,11 +161,11 @@ "organization": 2, "role": "owner", "user": { - "first_name": "Business", + "first_name": "User", "id": 10, - "last_name": "First", + "last_name": "Seventh", "url": "http://localhost:8080/api/users/10", - "username": "business1" + "username": "user7" } }, { @@ -176,11 +176,11 @@ "organization": 1, "role": "maintainer", "user": { - "first_name": "Business", + "first_name": "User", "id": 10, - "last_name": "First", + "last_name": "Seventh", "url": "http://localhost:8080/api/users/10", - "username": "business1" + "username": "user7" } }, { diff --git a/tests/python/shared/assets/organizations.json b/tests/python/shared/assets/organizations.json index ad26620a27e..8106c5b8b6a 100644 --- a/tests/python/shared/assets/organizations.json +++ b/tests/python/shared/assets/organizations.json @@ -12,11 +12,11 @@ "id": 2, "name": "Organization #2", "owner": { - "first_name": "Business", + "first_name": "User", "id": 10, - "last_name": "First", + "last_name": "Seventh", "url": "http://localhost:8080/api/users/10", - "username": "business1" + "username": "user7" }, "slug": "org2", "updated_date": "2021-12-14T19:51:38.667000Z" diff --git a/tests/python/shared/assets/projects.json b/tests/python/shared/assets/projects.json index f7c0c25b464..86d5f1a8c95 100644 --- a/tests/python/shared/assets/projects.json +++ b/tests/python/shared/assets/projects.json @@ -5,11 +5,11 @@ "results": [ { "assignee": { - "first_name": "Business", + "first_name": "User", "id": 10, - "last_name": "First", + "last_name": "Seventh", "url": "http://localhost:8080/api/users/10", - "username": "business1" + "username": "user7" }, "assignee_updated_date": "2024-09-23T08:09:45.461000Z", "bug_tracker": "", @@ -383,11 +383,11 @@ }, { "assignee": { - "first_name": "Business", + "first_name": "User", "id": 13, - "last_name": "Fourth", + "last_name": "Tenth", "url": "http://localhost:8080/api/users/13", - "username": "business4" + "username": "user10" }, "assignee_updated_date": null, "bug_tracker": "", @@ -553,11 +553,11 @@ "name": "project2", "organization": 2, "owner": { - "first_name": "Business", + "first_name": "User", "id": 10, - "last_name": "First", + "last_name": "Seventh", "url": "http://localhost:8080/api/users/10", - "username": "business1" + "username": "user7" }, "source_storage": { "cloud_storage_id": 3, @@ -600,11 +600,11 @@ "name": "project1", "organization": null, "owner": { - "first_name": "Business", + "first_name": "User", "id": 10, - "last_name": "First", + "last_name": "Seventh", "url": "http://localhost:8080/api/users/10", - "username": "business1" + "username": "user7" }, "source_storage": null, "status": "annotation", @@ -618,4 +618,4 @@ "url": "http://localhost:8080/api/projects/1" } ] -} +} \ No newline at end of file diff --git a/tests/python/shared/assets/tasks.json b/tests/python/shared/assets/tasks.json index 5a28176ef5e..cf2d63da785 100644 --- a/tests/python/shared/assets/tasks.json +++ b/tests/python/shared/assets/tasks.json @@ -159,11 +159,11 @@ }, { "assignee": { - "first_name": "Business", + "first_name": "User", "id": 10, - "last_name": "First", + "last_name": "Seventh", "url": "http://localhost:8080/api/users/10", - "username": "business1" + "username": "user7" }, "assignee_updated_date": "2024-09-23T10:51:45.525000Z", "bug_tracker": "", @@ -890,11 +890,11 @@ "organization": 2, "overlap": 0, "owner": { - "first_name": "Business", + "first_name": "User", "id": 10, - "last_name": "First", + "last_name": "Seventh", "url": "http://localhost:8080/api/users/10", - "username": "business1" + "username": "user7" }, "project_id": 2, "segment_size": 11, @@ -948,11 +948,11 @@ "organization": null, "overlap": 0, "owner": { - "first_name": "Business", + "first_name": "User", "id": 10, - "last_name": "First", + "last_name": "Seventh", "url": "http://localhost:8080/api/users/10", - "username": "business1" + "username": "user7" }, "project_id": 1, "segment_size": 5, @@ -1048,11 +1048,11 @@ "organization": 2, "overlap": 0, "owner": { - "first_name": "Business", + "first_name": "User", "id": 11, - "last_name": "Second", + "last_name": "Eighth", "url": "http://localhost:8080/api/users/11", - "username": "business2" + "username": "user8" }, "project_id": null, "segment_size": 11, diff --git a/tests/python/shared/assets/users.json b/tests/python/shared/assets/users.json index d3a420b297a..8bcf32cb37d 100644 --- a/tests/python/shared/assets/users.json +++ b/tests/python/shared/assets/users.json @@ -133,10 +133,10 @@ }, { "date_joined": "2021-12-14T18:35:15Z", - "email": "business4@cvat.org", - "first_name": "Business", + "email": "user10@cvat.org", + "first_name": "User", "groups": [ - "business" + "user" ], "has_analytics_access": false, "id": 13, @@ -144,16 +144,16 @@ "is_staff": false, "is_superuser": false, "last_login": null, - "last_name": "Fourth", + "last_name": "Tenth", "url": "http://localhost:8080/api/users/13", - "username": "business4" + "username": "user10" }, { "date_joined": "2021-12-14T18:34:34Z", - "email": "business3@cvat.org", - "first_name": "Business", + "email": "user9@cvat.org", + "first_name": "User", "groups": [ - "business" + "user" ], "has_analytics_access": false, "id": 12, @@ -161,43 +161,43 @@ "is_staff": false, "is_superuser": false, "last_login": null, - "last_name": "Third", + "last_name": "Nineth", "url": "http://localhost:8080/api/users/12", - "username": "business3" + "username": "user9" }, { "date_joined": "2021-12-14T18:34:01Z", - "email": "business2@cvat.org", - "first_name": "Business", + "email": "user8@cvat.org", + "first_name": "User", "groups": [ - "business" + "user" ], "has_analytics_access": false, "id": 11, "is_active": true, "is_staff": false, "is_superuser": false, - "last_login": "2022-03-17T07:22:55.930000Z", - "last_name": "Second", + "last_login": "2022-03-17T07:22:55Z", + "last_name": "Eighth", "url": "http://localhost:8080/api/users/11", - "username": "business2" + "username": "user8" }, { "date_joined": "2021-12-14T18:33:06Z", - "email": "business1@cvat.org", - "first_name": "Business", + "email": "user7@cvat.org", + "first_name": "User", "groups": [ - "business" + "user" ], "has_analytics_access": false, "id": 10, "is_active": true, "is_staff": false, "is_superuser": false, - "last_login": "2022-09-28T12:17:51.373000Z", - "last_name": "First", + "last_login": "2022-09-28T12:17:51Z", + "last_name": "Seventh", "url": "http://localhost:8080/api/users/10", - "username": "business1" + "username": "user7" }, { "date_joined": "2021-12-14T18:32:01Z", @@ -347,10 +347,10 @@ "is_active": true, "is_staff": true, "is_superuser": true, - "last_login": "2024-04-03T09:51:04.664000Z", + "last_login": "2024-10-29T07:14:15.310735Z", "last_name": "First", "url": "http://localhost:8080/api/users/1", "username": "admin1" } ] -} +} \ No newline at end of file diff --git a/tests/python/shared/assets/webhooks.json b/tests/python/shared/assets/webhooks.json index da5b0f6837d..b6a90828ee3 100644 --- a/tests/python/shared/assets/webhooks.json +++ b/tests/python/shared/assets/webhooks.json @@ -95,11 +95,11 @@ "is_active": true, "organization": null, "owner": { - "first_name": "Business", + "first_name": "User", "id": 10, - "last_name": "First", + "last_name": "Seventh", "url": "http://localhost:8080/api/users/10", - "username": "business1" + "username": "user7" }, "project_id": 1, "target_url": "http://example.com/", From 71045414da6583bdb790c709182eab1ade4a9803 Mon Sep 17 00:00:00 2001 From: Dmitrii Lavrukhin Date: Tue, 29 Oct 2024 11:48:46 +0400 Subject: [PATCH 05/13] fixes --- cvat/apps/engine/cache.py | 2 +- tests/python/rest_api/test_webhooks.py | 4 +--- tests/python/shared/assets/users.json | 4 ++-- 3 files changed, 4 insertions(+), 6 deletions(-) diff --git a/cvat/apps/engine/cache.py b/cvat/apps/engine/cache.py index 990b2b31009..295e405a41d 100644 --- a/cvat/apps/engine/cache.py +++ b/cvat/apps/engine/cache.py @@ -54,7 +54,7 @@ ZipChunkWriter, ZipCompressedChunkWriter, ) -from cvat.apps.engine.utils import md5_hash, load_image +from cvat.apps.engine.utils import load_image, md5_hash from utils.dataset_manifest import ImageManifestManager slogger = ServerLogManager(__name__) diff --git a/tests/python/rest_api/test_webhooks.py b/tests/python/rest_api/test_webhooks.py index 33850cf8023..cacc2275c9d 100644 --- a/tests/python/rest_api/test_webhooks.py +++ b/tests/python/rest_api/test_webhooks.py @@ -1029,9 +1029,7 @@ def test_member_can_update_project_webhook_in_org( @pytest.mark.usefixtures("restore_db_per_function") class TestDeleteWebhooks: - @pytest.mark.parametrize( - "privilege, allow", [("user", False), ("admin", True)] - ) + @pytest.mark.parametrize("privilege, allow", [("user", False), ("admin", True)]) def test_user_can_delete_project_webhook( self, privilege, allow, find_users, webhooks, projects ): diff --git a/tests/python/shared/assets/users.json b/tests/python/shared/assets/users.json index 8bcf32cb37d..d5eadc47707 100644 --- a/tests/python/shared/assets/users.json +++ b/tests/python/shared/assets/users.json @@ -347,10 +347,10 @@ "is_active": true, "is_staff": true, "is_superuser": true, - "last_login": "2024-10-29T07:14:15.310735Z", + "last_login": "2024-04-03T09:51:04.664000Z", "last_name": "First", "url": "http://localhost:8080/api/users/1", "username": "admin1" } ] -} \ No newline at end of file +} From abd4aab2a130e49f7bb7d653a5edb8a1d8b74a65 Mon Sep 17 00:00:00 2001 From: Dmitrii Lavrukhin Date: Tue, 29 Oct 2024 12:04:33 +0400 Subject: [PATCH 06/13] changelog entry --- .../20241029_120317_dmitrii.lavrukhin_remove_business.md | 4 ++++ site/content/en/docs/administration/advanced/ldap.md | 6 ------ 2 files changed, 4 insertions(+), 6 deletions(-) create mode 100644 changelog.d/20241029_120317_dmitrii.lavrukhin_remove_business.md diff --git a/changelog.d/20241029_120317_dmitrii.lavrukhin_remove_business.md b/changelog.d/20241029_120317_dmitrii.lavrukhin_remove_business.md new file mode 100644 index 00000000000..654fc263dbb --- /dev/null +++ b/changelog.d/20241029_120317_dmitrii.lavrukhin_remove_business.md @@ -0,0 +1,4 @@ +### Removed + +- Removed unused business group + () diff --git a/site/content/en/docs/administration/advanced/ldap.md b/site/content/en/docs/administration/advanced/ldap.md index 6fe52ae4fb6..c57824d13fa 100644 --- a/site/content/en/docs/administration/advanced/ldap.md +++ b/site/content/en/docs/administration/advanced/ldap.md @@ -100,9 +100,6 @@ AUTHENTICATION_BACKENDS += ['django_auth_ldap.backend.LDAPBackend'] AUTH_LDAP_ADMIN_GROUPS = [ 'CN=CVAT Admins,%s' % _BASE_DN, ] -AUTH_LDAP_BUSINESS_GROUPS = [ - 'CN=CVAT Managers,%s' % _BASE_DN, -] AUTH_LDAP_WORKER_GROUPS = [ 'CN=CVAT Workers,%s' % _BASE_DN, ] @@ -180,9 +177,6 @@ AUTHENTICATION_BACKENDS += ['django_auth_ldap.backend.LDAPBackend'] AUTH_LDAP_ADMIN_GROUPS = [ 'CN=cvat_admins,CN=Groups,%s' % _BASE_DN, ] -AUTH_LDAP_BUSINESS_GROUPS = [ - 'CN=cvat_managers,CN=Groups,%s' % _BASE_DN, -] AUTH_LDAP_WORKER_GROUPS = [ 'CN=cvat_workers,CN=Groups,%s' % _BASE_DN, ] From 5570e8b5dd83bf51e2fddf633d303799e4a4bcf0 Mon Sep 17 00:00:00 2001 From: Dmitrii Lavrukhin Date: Tue, 29 Oct 2024 12:25:38 +0400 Subject: [PATCH 07/13] fixing group pks in test db --- tests/python/shared/assets/cvat_db/data.json | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/tests/python/shared/assets/cvat_db/data.json b/tests/python/shared/assets/cvat_db/data.json index a5df4b1432b..43b972c79e4 100644 --- a/tests/python/shared/assets/cvat_db/data.json +++ b/tests/python/shared/assets/cvat_db/data.json @@ -9,7 +9,7 @@ }, { "model": "auth.group", - "pk": 3, + "pk": 2, "fields": { "name": "user", "permissions": [] @@ -17,7 +17,7 @@ }, { "model": "auth.group", - "pk": 4, + "pk": 3, "fields": { "name": "worker", "permissions": [] From e1ec10925f50e7c390146d2cc82c3188912dee9d Mon Sep 17 00:00:00 2001 From: Dmitrii Lavrukhin Date: Tue, 29 Oct 2024 13:13:02 +0400 Subject: [PATCH 08/13] fixing tests --- cvat/apps/log_viewer/permissions.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cvat/apps/log_viewer/permissions.py b/cvat/apps/log_viewer/permissions.py index c0ace7b2fcf..d25aa7fe275 100644 --- a/cvat/apps/log_viewer/permissions.py +++ b/cvat/apps/log_viewer/permissions.py @@ -47,3 +47,6 @@ def get_scopes(request, view, obj): return [{ 'list': Scopes.VIEW, }[view.action]] + + def get_resource(self): + return None From 6b1471b8102f5817272fb701f408e29bbc5c2620 Mon Sep 17 00:00:00 2001 From: Dmitrii Lavrukhin Date: Tue, 29 Oct 2024 13:52:29 +0400 Subject: [PATCH 09/13] fixing tests --- tests/python/rest_api/test_webhooks.py | 2 +- tests/python/shared/assets/users.json | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tests/python/rest_api/test_webhooks.py b/tests/python/rest_api/test_webhooks.py index cacc2275c9d..778eda8430e 100644 --- a/tests/python/rest_api/test_webhooks.py +++ b/tests/python/rest_api/test_webhooks.py @@ -418,7 +418,7 @@ def test_project_owner_can_get_webhook(self, privilege, webhooks, projects, user (user["username"], webhook["id"]) for user in users for webhook in proj_webhooks - if privilege not in user["groups"] + if privilege in user["groups"] and projects[webhook["project_id"]]["owner"]["id"] == user["id"] ) ) diff --git a/tests/python/shared/assets/users.json b/tests/python/shared/assets/users.json index d5eadc47707..9c4dce1e4fd 100644 --- a/tests/python/shared/assets/users.json +++ b/tests/python/shared/assets/users.json @@ -177,7 +177,7 @@ "is_active": true, "is_staff": false, "is_superuser": false, - "last_login": "2022-03-17T07:22:55Z", + "last_login": "2022-03-17T07:22:55.930000Z", "last_name": "Eighth", "url": "http://localhost:8080/api/users/11", "username": "user8" @@ -194,7 +194,7 @@ "is_active": true, "is_staff": false, "is_superuser": false, - "last_login": "2022-09-28T12:17:51Z", + "last_login": "2022-09-28T12:17:51.373000Z", "last_name": "Seventh", "url": "http://localhost:8080/api/users/10", "username": "user7" From ee5f1b5eb3c3d77fd3ff8a76797e36e5f7650645 Mon Sep 17 00:00:00 2001 From: Dmitrii Lavrukhin Date: Wed, 30 Oct 2024 15:33:24 +0400 Subject: [PATCH 10/13] fixes --- cvat/apps/engine/cache.py | 2 +- tests/python/shared/assets/projects.json | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cvat/apps/engine/cache.py b/cvat/apps/engine/cache.py index 295e405a41d..990b2b31009 100644 --- a/cvat/apps/engine/cache.py +++ b/cvat/apps/engine/cache.py @@ -54,7 +54,7 @@ ZipChunkWriter, ZipCompressedChunkWriter, ) -from cvat.apps.engine.utils import load_image, md5_hash +from cvat.apps.engine.utils import md5_hash, load_image from utils.dataset_manifest import ImageManifestManager slogger = ServerLogManager(__name__) diff --git a/tests/python/shared/assets/projects.json b/tests/python/shared/assets/projects.json index 86d5f1a8c95..19d345ee4e3 100644 --- a/tests/python/shared/assets/projects.json +++ b/tests/python/shared/assets/projects.json @@ -618,4 +618,4 @@ "url": "http://localhost:8080/api/projects/1" } ] -} \ No newline at end of file +} From 336818175501fcecce7642cf7029f1ce714c3500 Mon Sep 17 00:00:00 2001 From: Dmitrii Lavrukhin Date: Wed, 30 Oct 2024 16:32:23 +0400 Subject: [PATCH 11/13] migration for removing business group --- .../migrations/0001_remove_business_group.py | 34 +++++++++++++++++++ cvat/apps/iam/migrations/__init__.py | 3 ++ 2 files changed, 37 insertions(+) create mode 100644 cvat/apps/iam/migrations/0001_remove_business_group.py create mode 100644 cvat/apps/iam/migrations/__init__.py diff --git a/cvat/apps/iam/migrations/0001_remove_business_group.py b/cvat/apps/iam/migrations/0001_remove_business_group.py new file mode 100644 index 00000000000..543faacc283 --- /dev/null +++ b/cvat/apps/iam/migrations/0001_remove_business_group.py @@ -0,0 +1,34 @@ +# Generated by Django 4.2.16 on 2024-10-30 12:03 +from django.conf import settings +from django.db import migrations + + +BUSINESS_GROUP_NAME = "business" +USER_GROUP_NAME = "user" + + +def delete_business_group(apps, schema_editor): + Group = apps.get_model('auth', 'Group') + User = apps.get_model('auth', 'User') + + if Group.objects.filter(name=USER_GROUP_NAME).exists(): + user_group = Group.objects.get(name=USER_GROUP_NAME) + for user in User.objects.all(): + if user.groups.filter(name=BUSINESS_GROUP_NAME).exists(): + user_group.user_set.add(user) + + Group.objects.filter(name=BUSINESS_GROUP_NAME).delete() + + +class Migration(migrations.Migration): + + dependencies = [ + migrations.swappable_dependency(settings.AUTH_USER_MODEL), + ] + + operations = [ + migrations.RunPython( + delete_business_group, + reverse_code=migrations.RunPython.noop, + ), + ] diff --git a/cvat/apps/iam/migrations/__init__.py b/cvat/apps/iam/migrations/__init__.py new file mode 100644 index 00000000000..bd6d6576ecf --- /dev/null +++ b/cvat/apps/iam/migrations/__init__.py @@ -0,0 +1,3 @@ +# Copyright (C) 2024 CVAT.ai Corporation +# +# SPDX-License-Identifier: MIT From 410cf6726da6410e3c30214cf1286f9da7f26063 Mon Sep 17 00:00:00 2001 From: Dmitrii Lavrukhin Date: Wed, 30 Oct 2024 16:54:35 +0400 Subject: [PATCH 12/13] fix --- cvat/apps/log_viewer/rules/analytics.rego | 2 -- 1 file changed, 2 deletions(-) diff --git a/cvat/apps/log_viewer/rules/analytics.rego b/cvat/apps/log_viewer/rules/analytics.rego index d4bef6923d4..f40653f63e2 100644 --- a/cvat/apps/log_viewer/rules/analytics.rego +++ b/cvat/apps/log_viewer/rules/analytics.rego @@ -22,8 +22,6 @@ import data.utils # } # } or null, # }, -# "resource": { -# } # } default allow := false From e11796b3aba0d14c34aec63f698f62666d229b58 Mon Sep 17 00:00:00 2001 From: Dmitrii Lavrukhin Date: Thu, 31 Oct 2024 11:50:20 +0400 Subject: [PATCH 13/13] fixing migration --- cvat/apps/iam/migrations/0001_remove_business_group.py | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/cvat/apps/iam/migrations/0001_remove_business_group.py b/cvat/apps/iam/migrations/0001_remove_business_group.py index 543faacc283..2bf1a56b406 100644 --- a/cvat/apps/iam/migrations/0001_remove_business_group.py +++ b/cvat/apps/iam/migrations/0001_remove_business_group.py @@ -9,13 +9,10 @@ def delete_business_group(apps, schema_editor): Group = apps.get_model('auth', 'Group') - User = apps.get_model('auth', 'User') + User = apps.get_model(settings.AUTH_USER_MODEL) - if Group.objects.filter(name=USER_GROUP_NAME).exists(): - user_group = Group.objects.get(name=USER_GROUP_NAME) - for user in User.objects.all(): - if user.groups.filter(name=BUSINESS_GROUP_NAME).exists(): - user_group.user_set.add(user) + if user_group := Group.objects.filter(name=USER_GROUP_NAME).first(): + user_group.user_set.add(*User.objects.filter(groups__name=BUSINESS_GROUP_NAME)) Group.objects.filter(name=BUSINESS_GROUP_NAME).delete()