fixed: Permission error occured when accessing the JobCommits cvat-ai…

…#4434

CHANGELOG.md

@@ -19,7 +19,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - TDB
 
 ### Fixed
-- TDB
+- Permission error occured when accessing the JobCommits (<https://github.com/openvinotoolkit/cvat/issues/4434>)
 
 ### Security
 - TDB

cvat/apps/iam/permissions.py

@@ -790,6 +790,7 @@ def get_scopes(request, view, obj):
             ('annotations', 'PUT'): 'update:annotations',
             ('data', 'GET'): 'view:data',
             ('issues', 'GET'): 'view',
+            ('commits', 'GET'): 'view:commits'
         }.get((view.action, request.method))
 
         scopes = []

cvat/apps/iam/rules/jobs.rego

@@ -139,20 +139,20 @@ filter = [] { # Django Q object to filter list of entries
 }
 
 allow {
-    { utils.VIEW, utils.VIEW_ANNOTATIONS, utils.VIEW_DATA }[input.scope]
+    { utils.VIEW, utils.VIEW_ANNOTATIONS, utils.VIEW_DATA, utils.VIEW_COMMITS }[input.scope]
     utils.is_sandbox
     is_job_staff
 }
 
 allow {
-    { utils.VIEW, utils.VIEW_ANNOTATIONS, utils.VIEW_DATA }[input.scope]
+    { utils.VIEW, utils.VIEW_ANNOTATIONS, utils.VIEW_DATA, utils.VIEW_COMMITS }[input.scope]
     input.auth.organization.id == input.resource.organization.id
     utils.has_perm(utils.USER)
     organizations.has_perm(organizations.MAINTAINER)
 }
 
 allow {
-    { utils.VIEW, utils.VIEW_ANNOTATIONS, utils.VIEW_DATA }[input.scope]
+    { utils.VIEW, utils.VIEW_ANNOTATIONS, utils.VIEW_DATA, utils.VIEW_COMMITS }[input.scope]
     input.auth.organization.id == input.resource.organization.id
     organizations.has_perm(organizations.WORKER)
     is_job_staff

cvat/apps/iam/rules/utils.rego

@@ -40,6 +40,7 @@ VIEW_ANNOTATIONS := "view:annotations"
 UPDATE_ANNOTATIONS := "update:annotations"
 DELETE_ANNOTATIONS := "delete:annotations"
 VIEW_DATA := "view:data"
+VIEW_COMMITS := "view:commits"
 UPLOAD_DATA := "upload:data"
 IMPORT_ANNOTATIONS := "import:annotations"
 UPDATE_STATE := "update:state"