From dd158b38e4a089a203b1f9ce997d1fe735ee5818 Mon Sep 17 00:00:00 2001
From: Andrey Zhavoronkov <41117609+azhavoro@users.noreply.github.com>
Date: Thu, 28 May 2020 14:41:26 +0300
Subject: [PATCH] fix analytics permissions (#1608)

---
 CHANGELOG.md                   | 1 +
 cvat/apps/log_viewer/admin.py  | 3 ---
 cvat/apps/log_viewer/models.py | 3 ---
 cvat/apps/log_viewer/tests.py  | 3 ---
 cvat/apps/log_viewer/urls.py   | 3 +--
 cvat/apps/log_viewer/views.py  | 9 +++++++++
 6 files changed, 11 insertions(+), 11 deletions(-)
 delete mode 100644 cvat/apps/log_viewer/admin.py
 delete mode 100644 cvat/apps/log_viewer/models.py
 delete mode 100644 cvat/apps/log_viewer/tests.py

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 51b0a519f15..01d1014746c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -58,6 +58,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - A problem with mask to polygons conversion when polygons are too small (<https://github.com/opencv/cvat/pull/1581>)
 - Unable to upload video with uneven size (<https://github.com/opencv/cvat/pull/1594>)
 - Fixed an issue with `z_order` having no effect on segmentations (<https://github.com/opencv/cvat/pull/1589>)
+- Permission group whitelist check for analytics view (<https://github.com/opencv/cvat/pull/1608>)
 
 ### Security
 -
diff --git a/cvat/apps/log_viewer/admin.py b/cvat/apps/log_viewer/admin.py
deleted file mode 100644
index 8c38f3f3dad..00000000000
--- a/cvat/apps/log_viewer/admin.py
+++ /dev/null
@@ -1,3 +0,0 @@
-from django.contrib import admin
-
-# Register your models here.
diff --git a/cvat/apps/log_viewer/models.py b/cvat/apps/log_viewer/models.py
deleted file mode 100644
index 71a83623907..00000000000
--- a/cvat/apps/log_viewer/models.py
+++ /dev/null
@@ -1,3 +0,0 @@
-from django.db import models
-
-# Create your models here.
diff --git a/cvat/apps/log_viewer/tests.py b/cvat/apps/log_viewer/tests.py
deleted file mode 100644
index 7ce503c2dd9..00000000000
--- a/cvat/apps/log_viewer/tests.py
+++ /dev/null
@@ -1,3 +0,0 @@
-from django.test import TestCase
-
-# Create your tests here.
diff --git a/cvat/apps/log_viewer/urls.py b/cvat/apps/log_viewer/urls.py
index d8996c681a1..eefad13066e 100644
--- a/cvat/apps/log_viewer/urls.py
+++ b/cvat/apps/log_viewer/urls.py
@@ -1,5 +1,5 @@
 
-# Copyright (C) 2018 Intel Corporation
+# Copyright (C) 2018-2020 Intel Corporation
 #
 # SPDX-License-Identifier: MIT
 
@@ -9,4 +9,3 @@
 urlpatterns = [
     path('<path:path>', views.LogViewerProxy.as_view())
 ]
-
diff --git a/cvat/apps/log_viewer/views.py b/cvat/apps/log_viewer/views.py
index 9d1d2a0c347..6718a18a537 100644
--- a/cvat/apps/log_viewer/views.py
+++ b/cvat/apps/log_viewer/views.py
@@ -1,3 +1,7 @@
+# Copyright (C) 2018-2020 Intel Corporation
+#
+# SPDX-License-Identifier: MIT
+
 import os
 
 from revproxy.views import ProxyView
@@ -20,3 +24,8 @@ def get_request_headers(self):
         headers['X-Forwarded-User'] = headers['REMOTE_USER']
 
         return headers
+
+    # Returns True if the user has any of the specified permissions
+    def has_permission(self):
+        perms = self.get_permission_required()
+        return any(self.request.user.has_perm(perm) for perm in perms)