Skip to content

Commit

Permalink
Refactor IAM id access (#8969)
Browse files Browse the repository at this point in the history 
getattr(obj.related, 'id', None) changed to obj.related_id
  • Loading branch information
@zhiltsov-max
zhiltsov-max authored Jan 22, 2025
1 parent e568888 commit 68ffe4a
Show file tree
Hide file tree
Showing 6 changed files with 126 additions and 115 deletions.
6 changes: 4 additions & 2 deletions cvat/apps/engine/models.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1315,8 +1315,10 @@ class AnnotationGuide(TimestampedModel):
is_public = models.BooleanField(default=False)

@property
def target(self):
return self.project or self.task
def target(self) -> Task | Project:
target = self.project or self.task
assert target # one of the fields must be set
return target

@property
def organization_id(self):
Expand Down
167 changes: 84 additions & 83 deletions cvat/apps/engine/permissions.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@
)
from cvat.apps.organizations.models import Organization

from .models import AnnotationGuide, CloudStorage, Issue, Job, Label, Project, Task
from .models import AnnotationGuide, CloudStorage, Comment, Issue, Job, Label, Project, Task, User


def _get_key(d: dict[str, Any], key_path: Union[str, Sequence[str]]) -> Optional[Any]:
Expand Down Expand Up @@ -75,6 +75,8 @@ def get_resource(self):
return None

class UserPermission(OpenPolicyAgentPermission):
obj: Optional[User]

class Scopes(StrEnum):
LIST = 'list'
VIEW = 'view'
Expand Down Expand Up @@ -134,6 +136,8 @@ def get_resource(self):
return data

class CloudStoragePermission(OpenPolicyAgentPermission):
obj: Optional[CloudStorage]

class Scopes(StrEnum):
LIST = 'list'
LIST_CONTENT = 'list:content'
Expand Down Expand Up @@ -196,15 +200,17 @@ def get_resource(self):
elif self.obj:
data = {
'id': self.obj.id,
'owner': { 'id': getattr(self.obj.owner, 'id', None) },
'owner': { 'id': self.obj.owner_id },
'organization': {
'id': self.obj.organization.id
} if self.obj.organization else None
'id': self.obj.organization_id
} if self.obj.organization_id else None
}

return data

class ProjectPermission(OpenPolicyAgentPermission):
obj: Optional[Project]

class Scopes(StrEnum):
LIST = 'list'
CREATE = 'create'
Expand Down Expand Up @@ -345,19 +351,17 @@ def get_resource(self):
if self.obj:
data = {
"id": self.obj.id,
"owner": { "id": getattr(self.obj.owner, 'id', None) },
"assignee": { "id": getattr(self.obj.assignee, 'id', None) },
'organization': {
"id": getattr(self.obj.organization, 'id', None)
}
"owner": { "id": self.obj.owner_id },
"assignee": { "id": self.obj.assignee_id },
'organization': { "id": self.obj.organization_id },
}
elif self.scope in [__class__.Scopes.CREATE, __class__.Scopes.IMPORT_BACKUP]:
data = {
"id": None,
"owner": { "id": self.user_id },
"assignee": {
"id": self.assignee_id,
} if getattr(self, 'assignee_id', None) else None,
} if self.assignee_id else None,
'organization': {
"id": self.org_id,
} if self.org_id else None,
Expand All @@ -366,6 +370,8 @@ def get_resource(self):
return data

class TaskPermission(OpenPolicyAgentPermission):
obj: Optional[Task]

class Scopes(StrEnum):
LIST = 'list'
CREATE = 'create'
Expand Down Expand Up @@ -558,17 +564,13 @@ def get_resource(self):
if self.obj:
data = {
"id": self.obj.id,
"owner": { "id": getattr(self.obj.owner, 'id', None) },
"assignee": { "id": getattr(self.obj.assignee, 'id', None) },
'organization': {
"id": getattr(self.obj.organization, 'id', None)
},
"owner": { "id": self.obj.owner_id },
"assignee": { "id": self.obj.assignee_id },
'organization': { "id": self.obj.organization_id },
"project": {
"owner": { "id": getattr(self.obj.project.owner, 'id', None) },
"assignee": { "id": getattr(self.obj.project.assignee, 'id', None) },
'organization': {
"id": getattr(self.obj.project.organization, 'id', None)
},
"owner": { "id": self.obj.project.owner_id },
"assignee": { "id": self.obj.project.assignee_id },
'organization': { "id": self.obj.project.organization_id },
} if self.obj.project else None
}
elif self.scope in [
Expand All @@ -593,18 +595,19 @@ def get_resource(self):
"id": self.org_id
},
"project": {
"owner": { "id": getattr(project.owner, 'id', None) },
"assignee": { "id": getattr(project.assignee, 'id', None) },
"owner": { "id": project.owner_id },
"assignee": { "id": project.assignee_id },
'organization': {
"id": getattr(project.organization, 'id', None),
} if project.organization is not None else None,
"id": project.organization_id,
} if project.organization_id else None,
} if project is not None else None,
}

return data

class JobPermission(OpenPolicyAgentPermission):
task_id: Optional[int]
obj: Optional[Job]

class Scopes(StrEnum):
CREATE = 'create'
Expand Down Expand Up @@ -751,23 +754,21 @@ def get_resource(self):
data = None
if self.obj:
if self.obj.segment.task.project:
organization = self.obj.segment.task.project.organization
organization_id = self.obj.segment.task.project.organization_id
else:
organization = self.obj.segment.task.organization
organization_id = self.obj.segment.task.organization_id

data = {
"id": self.obj.id,
"assignee": { "id": getattr(self.obj.assignee, 'id', None) },
'organization': {
"id": getattr(organization, 'id', None)
},
"assignee": { "id": self.obj.assignee_id },
'organization': { "id": organization_id },
"task": {
"owner": { "id": getattr(self.obj.segment.task.owner, 'id', None) },
"assignee": { "id": getattr(self.obj.segment.task.assignee, 'id', None) }
"owner": { "id": self.obj.segment.task.owner_id },
"assignee": { "id": self.obj.segment.task.assignee_id }
},
"project": {
"owner": { "id": getattr(self.obj.segment.task.project.owner, 'id', None) },
"assignee": { "id": getattr(self.obj.segment.task.project.assignee, 'id', None) }
"owner": { "id": self.obj.segment.task.project.owner_id },
"assignee": { "id": self.obj.segment.task.project.assignee_id }
} if self.obj.segment.task.project else None
}
elif self.scope == __class__.Scopes.CREATE:
Expand All @@ -776,27 +777,27 @@ def get_resource(self):
task = Task.objects.get(id=self.task_id)

if task.project:
organization = task.project.organization
organization_id = task.project.organization_id
else:
organization = task.organization
organization_id = task.organization_id

data = {
'organization': {
"id": getattr(organization, 'id', None)
},
'organization': { "id": organization_id },
"task": {
"owner": { "id": getattr(task.owner, 'id', None) },
"assignee": { "id": getattr(task.assignee, 'id', None) }
"owner": { "id": task.owner_id },
"assignee": { "id": task.assignee_id }
},
"project": {
"owner": { "id": getattr(task.project.owner, 'id', None) },
"assignee": { "id": getattr(task.project.assignee, 'id', None) }
"owner": { "id": task.project.owner_id },
"assignee": { "id": task.project.assignee_id }
} if task.project else None
}

return data

class CommentPermission(OpenPolicyAgentPermission):
obj: Optional[Comment]

class Scopes(StrEnum):
LIST = 'list'
CREATE = 'create'
Expand Down Expand Up @@ -835,29 +836,27 @@ def get_resource(self):
data = None
def get_common_data(db_issue):
if db_issue.job.segment.task.project:
organization = db_issue.job.segment.task.project.organization
organization_id = db_issue.job.segment.task.project.organization_id
else:
organization = db_issue.job.segment.task.organization
organization_id = db_issue.job.segment.task.organization_id

data = {
"project": {
"owner": { "id": getattr(db_issue.job.segment.task.project.owner, 'id', None) },
"assignee": { "id": getattr(db_issue.job.segment.task.project.assignee, 'id', None) }
"owner": { "id": db_issue.job.segment.task.project.owner_id },
"assignee": { "id": db_issue.job.segment.task.project.assignee_id }
} if db_issue.job.segment.task.project else None,
"task": {
"owner": { "id": getattr(db_issue.job.segment.task.owner, 'id', None) },
"assignee": { "id": getattr(db_issue.job.segment.task.assignee, 'id', None) }
"owner": { "id": db_issue.job.segment.task.owner_id},
"assignee": { "id": db_issue.job.segment.task.assignee_id }
},
"job": {
"assignee": { "id": getattr(db_issue.job.assignee, 'id', None) }
"assignee": { "id": db_issue.job.assignee_id }
},
"issue": {
"owner": { "id": getattr(db_issue.owner, 'id', None) },
"assignee": { "id": getattr(db_issue.assignee, 'id', None) }
"owner": { "id": db_issue.owner_id},
"assignee": { "id": db_issue.assignee_id }
},
'organization': {
"id": getattr(organization, 'id', None)
}
'organization': { "id": organization_id }
}

return data
Expand All @@ -882,6 +881,8 @@ def get_common_data(db_issue):
return data

class IssuePermission(OpenPolicyAgentPermission):
obj: Optional[Issue]

class Scopes(StrEnum):
LIST = 'list'
CREATE = 'create'
Expand Down Expand Up @@ -927,24 +928,24 @@ def get_resource(self):
data = None
def get_common_data(db_job):
if db_job.segment.task.project:
organization = db_job.segment.task.project.organization
organization_id = db_job.segment.task.project.organization_id
else:
organization = db_job.segment.task.organization
organization_id = db_job.segment.task.organization_id

data = {
"project": {
"owner": { "id": getattr(db_job.segment.task.project.owner, 'id', None) },
"assignee": { "id": getattr(db_job.segment.task.project.assignee, 'id', None) }
"owner": { "id": db_job.segment.task.project.owner_id },
"assignee": { "id": db_job.segment.task.project.assignee_id }
} if db_job.segment.task.project else None,
"task": {
"owner": { "id": getattr(db_job.segment.task.owner, 'id', None) },
"assignee": { "id": getattr(db_job.segment.task.assignee, 'id', None) }
"owner": { "id": db_job.segment.task.owner_id },
"assignee": { "id": db_job.segment.task.assignee_id }
},
"job": {
"assignee": { "id": getattr(db_job.assignee, 'id', None) }
"assignee": { "id": db_job.assignee_id }
},
'organization': {
"id": getattr(organization, 'id', None)
"id": organization_id
}
}

Expand All @@ -955,8 +956,8 @@ def get_common_data(db_job):
data = get_common_data(db_job)
data.update({
"id": self.obj.id,
"owner": { "id": getattr(self.obj.owner, 'id', None) },
"assignee": { "id": getattr(self.obj.assignee, 'id', None) }
"owner": { "id": self.obj.owner_id },
"assignee": { "id": self.obj.assignee_id }
})
elif self.scope.startswith(__class__.Scopes.CREATE):
job_id = self.job_id
Expand Down Expand Up @@ -1052,28 +1053,28 @@ def get_resource(self):

if self.obj:
if self.obj.project:
organization = self.obj.project.organization
organization_id = self.obj.project.organization_id
else:
organization = self.obj.task.organization
organization_id = self.obj.task.organization_id

data = {
"id": self.obj.id,
'organization': {
"id": getattr(organization, 'id', None)
},
'organization': { "id": organization_id },
"task": {
"owner": { "id": getattr(self.obj.task.owner, 'id', None) },
"assignee": { "id": getattr(self.obj.task.assignee, 'id', None) }
"owner": { "id": self.obj.task.owner_id },
"assignee": { "id": self.obj.task.assignee_id }
} if self.obj.task else None,
"project": {
"owner": { "id": getattr(self.obj.project.owner, 'id', None) },
"assignee": { "id": getattr(self.obj.project.assignee, 'id', None) }
"owner": { "id": self.obj.project.owner_id },
"assignee": { "id": self.obj.project.assignee_id }
} if self.obj.project else None,
}

return data

class AnnotationGuidePermission(OpenPolicyAgentPermission):
obj: Optional[AnnotationGuide]

class Scopes(StrEnum):
VIEW = 'view'
UPDATE = 'update'
Expand Down Expand Up @@ -1112,16 +1113,15 @@ def get_scopes(request, view, obj):
def get_resource(self):
data = {}
if self.obj:
db_target = getattr(self.obj, 'target', {})
db_organization = getattr(db_target, 'organization', {})
db_target = self.obj.target
data.update({
'id': self.obj.id,
'target': {
'owner': { 'id': getattr(getattr(db_target, 'owner', {}), 'id', None) },
'assignee': { 'id': getattr(getattr(db_target, 'assignee', {}), 'id', None) },
'owner': { 'id': db_target.owner_id },
'assignee': { 'id': db_target.assignee_id },
'is_job_staff': db_target.is_job_staff(self.user_id),
},
'organization': { 'id': getattr(db_organization, 'id', None) }
'organization': { 'id': self.obj.organization_id }
})
elif self.scope == __class__.Scopes.CREATE:
db_target = None
Expand All @@ -1135,13 +1135,14 @@ def get_resource(self):
db_target = Task.objects.get(id=self.task_id)
except Task.DoesNotExist as ex:
raise ValidationError(str(ex))
db_organization = getattr(db_target, 'organization', {})

organization_id = getattr(db_target, 'organization_id', None)
data.update({
'target': {
'owner': { 'id': db_target.owner.id },
'assignee': { 'id': getattr(db_target.assignee, 'id', None) }
'owner': { 'id': getattr(db_target, "owner_id", None) },
'assignee': { 'id': getattr(db_target, "assignee_id", None) },
},
'organization': { 'id': getattr(db_organization, 'id', None) }
'organization': { 'id': organization_id }
})
return data

Expand Down
10 changes: 7 additions & 3 deletions cvat/apps/engine/serializers.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2465,10 +2465,14 @@ class Meta:

def to_representation(self, instance):
response = super().to_representation(instance)
task_subsets = {task.subset for task in instance.tasks.all()}
task_subsets.discard('')

task_subsets = {task.subset for task in instance.tasks.all() if task.subset}
task_dimension = next(
(task.dimension for task in instance.tasks.all() if task.dimension),
None
)
response['task_subsets'] = list(task_subsets)
response['dimension'] = getattr(instance.tasks.first(), 'dimension', None)
response['dimension'] = task_dimension
return response

class ProjectWriteSerializer(serializers.ModelSerializer):
Expand Down
Loading

0 comments on commit 68ffe4a

Please sign in to comment.