added settings to reduce access to analytics component (cvat-ai#1592)

* added settings to reduce access to analytics component * updated CHANGELOG * fixed typo
signatrix · Aug 3, 2020 · 90fb1f3 · 90fb1f3
1 parent c818ec5
commit 90fb1f3
Show file tree

Hide file tree

Showing 3 changed files with 22 additions and 7 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -11,6 +11,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - Ability to configure user agreements for the user registration form (https://github.com/opencv/cvat/pull/1464)
 - Added cuboid interpolation and cuboid drawing from rectangles (<https://github.com/opencv/cvat/pull/1560>)
 - Ability to configure custom pageViewHit, which can be useful for web analytics integration (https://github.com/opencv/cvat/pull/1566)
+- Ability to configure access to the analytics page based on roles (https://github.com/opencv/cvat/pull/1592)
 
 ### Changed
 - Downloaded file name in annotations export became more informative (https://github.com/opencv/cvat/pull/1352)

diff --git a/cvat/apps/log_viewer/views.py b/cvat/apps/log_viewer/views.py
@@ -1,10 +1,16 @@
 import os
+
 from revproxy.views import ProxyView
-from cvat.apps.authentication.decorators import login_required
 from django.utils.decorators import method_decorator
+from django.conf import settings
+from rules.contrib.views import PermissionRequiredMixin
+
+from cvat.apps.authentication.decorators import login_required
 
 @method_decorator(login_required, name='dispatch')
-class LogViewerProxy(ProxyView):
+class LogViewerProxy(PermissionRequiredMixin, ProxyView):
+    permission_required = settings.RESTRICTIONS['analytics_access']
+
     upstream = 'http://{}:{}'.format(os.getenv('DJANGO_LOG_VIEWER_HOST'),
         os.getenv('DJANGO_LOG_VIEWER_PORT'))
     add_remote_user = True

diff --git a/cvat/settings/base.py b/cvat/settings/base.py
@@ -416,11 +416,19 @@ def generate_ssh_keys():
 sys.path.append(DATUMARO_PATH)
 
 RESTRICTIONS = {
-    "user_agreements": [],
+    'user_agreements': [],
 
     # this setting limits the number of tasks for the user
-    "task_limit": None,
-
-    # this settings reduse task visibility to owner and assignee only
-    "reduce_task_visibility": False,
+    'task_limit': None,
+
+    # this setting reduse task visibility to owner and assignee only
+    'reduce_task_visibility': False,
+
+    # allow access to analytics component to users with the following roles
+    'analytics_access': (
+        'engine.role.observer',
+        'engine.role.annotator',
+        'engine.role.user',
+        'engine.role.admin',
+        ),
 }