Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
疯人忠
Cvat
提交
a6768625
C
Cvat
项目概览
疯人忠
/
Cvat
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
C
Cvat
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
a6768625
编写于
2月 15, 2022
作者:
B
bseres99
提交者:
GitHub
2月 15, 2022
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Fix stage and state modification permission (#4324)
Co-authored-by:
N
Matyesz12
<
turi.mate12@gmail.com
>
上级
2f1e89cc
变更
2
隐藏空白更改
内联
并排
Showing
2 changed file
with
7 addition
and
3 deletion
+7
-3
cvat/apps/engine/tests/test_rest_api.py
cvat/apps/engine/tests/test_rest_api.py
+3
-3
cvat/apps/iam/permissions.py
cvat/apps/iam/permissions.py
+4
-0
未找到文件。
cvat/apps/engine/tests/test_rest_api.py
浏览文件 @
a6768625
...
@@ -357,7 +357,7 @@ class JobUpdateAPITestCase(APITestCase):
...
@@ -357,7 +357,7 @@ class JobUpdateAPITestCase(APITestCase):
def
test_api_v2_jobs_id_annotator
(
self
):
def
test_api_v2_jobs_id_annotator
(
self
):
data
=
{
"stage"
:
StageChoice
.
ANNOTATION
,
"assignee"
:
self
.
annotator
.
id
}
data
=
{
"stage"
:
StageChoice
.
ANNOTATION
,
"assignee"
:
self
.
annotator
.
id
}
response
=
self
.
_run_api_v2_jobs_id
(
self
.
job
.
id
,
self
.
annotator
,
data
)
response
=
self
.
_run_api_v2_jobs_id
(
self
.
job
.
id
,
self
.
annotator
,
data
)
self
.
_check_request
(
response
,
data
)
self
.
assertEqual
(
response
.
status_code
,
status
.
HTTP_403_FORBIDDEN
)
response
=
self
.
_run_api_v2_jobs_id
(
self
.
job
.
id
+
10
,
self
.
annotator
,
data
)
response
=
self
.
_run_api_v2_jobs_id
(
self
.
job
.
id
+
10
,
self
.
annotator
,
data
)
self
.
assertEqual
(
response
.
status_code
,
status
.
HTTP_404_NOT_FOUND
)
self
.
assertEqual
(
response
.
status_code
,
status
.
HTTP_404_NOT_FOUND
)
...
@@ -391,8 +391,8 @@ class JobPartialUpdateAPITestCase(JobUpdateAPITestCase):
...
@@ -391,8 +391,8 @@ class JobPartialUpdateAPITestCase(JobUpdateAPITestCase):
def
test_api_v2_jobs_id_annotator_partial
(
self
):
def
test_api_v2_jobs_id_annotator_partial
(
self
):
data
=
{
"stage"
:
StageChoice
.
ANNOTATION
}
data
=
{
"stage"
:
StageChoice
.
ANNOTATION
}
response
=
self
.
_run_api_v2_jobs_id
(
self
.
job
.
id
,
self
.
owne
r
,
data
)
response
=
self
.
_run_api_v2_jobs_id
(
self
.
job
.
id
,
self
.
annotato
r
,
data
)
self
.
_check_request
(
response
,
data
)
self
.
assertEquals
(
response
.
status_code
,
status
.
HTTP_403_FORBIDDEN
,
response
)
def
test_api_v2_jobs_id_admin_partial
(
self
):
def
test_api_v2_jobs_id_admin_partial
(
self
):
data
=
{
"assignee_id"
:
self
.
user
.
id
}
data
=
{
"assignee_id"
:
self
.
user
.
id
}
...
...
cvat/apps/iam/permissions.py
浏览文件 @
a6768625
...
@@ -788,6 +788,10 @@ class JobPermission(OpenPolicyAgentPermission):
...
@@ -788,6 +788,10 @@ class JobPermission(OpenPolicyAgentPermission):
project_id
=
request
.
data
.
get
(
'project_id'
)
or
request
.
data
.
get
(
'project'
)
project_id
=
request
.
data
.
get
(
'project_id'
)
or
request
.
data
.
get
(
'project'
)
if
project_id
!=
getattr
(
obj
.
project
,
'id'
,
None
):
if
project_id
!=
getattr
(
obj
.
project
,
'id'
,
None
):
scopes
.
append
(
scope
+
':project'
)
scopes
.
append
(
scope
+
':project'
)
if
'stage'
in
request
.
data
:
scopes
.
append
(
scope
+
':stage'
)
if
'state'
in
request
.
data
:
scopes
.
append
(
scope
+
':state'
)
if
any
(
k
in
request
.
data
for
k
in
(
'name'
,
'labels'
,
'bug_tracker'
,
'subset'
)):
if
any
(
k
in
request
.
data
for
k
in
(
'name'
,
'labels'
,
'bug_tracker'
,
'subset'
)):
scopes
.
append
(
scope
+
':desc'
)
scopes
.
append
(
scope
+
':desc'
)
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录