Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission error occured when accessing the JobCommits #4434

Closed
2 tasks done
k1won opened this issue Mar 9, 2022 · 4 comments · Fixed by #4435
Closed
2 tasks done

Permission error occured when accessing the JobCommits #4434

k1won opened this issue Mar 9, 2022 · 4 comments · Fixed by #4435
Labels
bug Something isn't working

Comments

@k1won
Copy link
Contributor

k1won commented Mar 9, 2022

My actions before raising this issue

Expected Behaviour

  • returns the list of tracked changes for the job

Current Behaviour

  • permission error occured (except admin account)
HTTP 403 Forbidden
Allow: GET, HEAD, OPTIONS
Content-Type: application/vnd.cvat+json
Vary: Accept

{
    "detail": "You do not have permission to perform this action."
}

Possible Solution

  • add additional 'key:value'(('commits', 'GET'): 'view:commits') to the get_scopes() method in JobPermission class like below. (apps.iam.permissions.py)
    @staticmethod
    def get_scopes(request, view, obj):
        scope = {
            ('list', 'GET'): 'list', # TODO: need to add the method
            ('retrieve', 'GET'): 'view',
            ('partial_update', 'PATCH'): 'update',
            ('update', 'PUT'): 'update', # TODO: do we need the method?
            ('destroy', 'DELETE'): 'delete',
            ('annotations', 'GET'): 'view:annotations',
            ('annotations', 'PATCH'): 'update:annotations',
            ('annotations', 'DELETE'): 'delete:annotations',
            ('annotations', 'PUT'): 'update:annotations',
            ('data', 'GET'): 'view:data',
            ('issues', 'GET'): 'view',
            ('commits', 'GET'): 'view:commits'
        }.get((view.action, request.method))
  • add additional rule variable(VIEW_COMMITS:="view:commits") to the utils.rego
VIEW_DATA := "view:data"
VIEW_COMMITS := "view:commits"  <<---
UPLOAD_DATA := "upload:data"
  • update permission rule to the jobs.rego
allow {
    { utils.VIEW, utils.VIEW_ANNOTATIONS, utils.VIEW_DATA, utils.VIEW_COMMITS }[input.scope]
    utils.is_sandbox
    is_job_staff
}

allow {
    { utils.VIEW, utils.VIEW_ANNOTATIONS, utils.VIEW_DATA, utils.VIEW_COMMITS }[input.scope]
    input.auth.organization.id == input.resource.organization.id
    utils.has_perm(utils.USER)
    organizations.has_perm(organizations.MAINTAINER)
}

allow {
    { utils.VIEW, utils.VIEW_ANNOTATIONS, utils.VIEW_DATA, utils.VIEW_COMMITS }[input.scope]
    input.auth.organization.id == input.resource.organization.id
    organizations.has_perm(organizations.WORKER)
    is_job_staff
}

Steps to Reproduce (for bugs)

  1. create a task
  2. open the job
  3. create some shapes and save
  4. access the /api/jobs/{id}/commits endpoint

Context

Your Environment

  • Git hash commit (git log -1): b0e6074
  • Docker version docker version (e.g. Docker 17.0.05):
  • Are you using Docker Swarm or Kubernetes?
  • Operating System and version (e.g. Linux, Windows, MacOS): ubuntu 18.04
  • Code example or link to GitHub repo or gist to reproduce problem:
  • Other diagnostic information / logs:
    Logs from `cvat` container

Next steps

You may join our Gitter channel for community support.
@nmanovic
Copy link
Contributor

nmanovic commented Mar 9, 2022

@k1won , thanks again for your contribution! It looks like I tested these changes only with admin account.

@nmanovic nmanovic added the bug Something isn't working label Mar 9, 2022
@k1won
Copy link
Contributor Author

k1won commented Mar 9, 2022

@nmanovic , Do you want me to send a PR to fix this issue?
If you want, I can handle it.

@nmanovic
Copy link
Contributor

nmanovic commented Mar 9, 2022

@k1won , if you can help us again, please do that. We like contributions. It is the power of our community and it makes our team bigger and stronger.

@k1won
Copy link
Contributor Author

k1won commented Mar 9, 2022

@nmanovic , OK. No problem.
I will send a PR soon.

k1won added a commit to k1won/cvat that referenced this issue Mar 9, 2022
@k1won
fixed: Permission error occured when accessing the JobCommits cvat-ai…
499b36d 
…#4434
k1won added a commit to k1won/cvat that referenced this issue Mar 9, 2022
@k1won
fixed: Permission error occured when accessing the JobCommits cvat-ai…
fcbebbe 
…#4434
@k1won k1won mentioned this issue Mar 9, 2022
Merged
8 tasks
k1won added a commit to k1won/cvat that referenced this issue Mar 9, 2022
@k1won
fixed: Permission error occured when accessing the JobCommits cvat-ai…
bdeb8ab 
…#4434
nmanovic pushed a commit that referenced this issue Mar 9, 2022
@k1won
fixed: Permission error occured when accessing the JobCommits #4434 (#…
42fdea9 
…4435)
mikhail-treskin pushed a commit to retailnext/cvat that referenced this issue Jun 22, 2022
@k1won @mikhail-treskin
fixed: Permission error occured when accessing the JobCommits cvat-ai…
a68f249 
…#4434 (cvat-ai#4435)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fixed: Permission error occured when accessing the JobCommits #4434 k1won/cvat
2 participants
@k1won @nmanovic