Merge pull request #1661 from doccano/enhancement/changePermissionName

Change permission names

backend/api/views/project.py

@@ -3,7 +3,7 @@
 from rest_framework.permissions import IsAdminUser, IsAuthenticated
 from rest_framework.response import Response
 
-from members.permissions import IsInProjectReadOnlyOrAdmin
+from members.permissions import IsProjectAdmin, IsProjectStaffAndReadOnly
 
 from ..models import Project
 from ..serializers import ProjectPolymorphicSerializer
@@ -45,4 +45,4 @@ class ProjectDetail(generics.RetrieveUpdateDestroyAPIView):
     queryset = Project.objects.all()
     serializer_class = ProjectPolymorphicSerializer
     lookup_url_kwarg = 'project_id'
-    permission_classes = [IsAuthenticated & IsInProjectReadOnlyOrAdmin]
+    permission_classes = [IsAuthenticated & (IsProjectAdmin | IsProjectStaffAndReadOnly)]

backend/api/views/tag.py

@@ -1,7 +1,7 @@
 from rest_framework import generics
 from rest_framework.permissions import IsAuthenticated
 
-from members.permissions import IsInProjectReadOnlyOrAdmin
+from members.permissions import IsProjectAdmin, IsProjectStaffAndReadOnly
 
 from ..models import Tag
 from ..serializers import TagSerializer
@@ -10,7 +10,7 @@
 class TagList(generics.ListCreateAPIView):
     serializer_class = TagSerializer
     pagination_class = None
-    permission_classes = [IsAuthenticated & IsInProjectReadOnlyOrAdmin]
+    permission_classes = [IsAuthenticated & (IsProjectAdmin | IsProjectStaffAndReadOnly)]
 
     def get_queryset(self):
         return Tag.objects.filter(project=self.kwargs['project_id'])
@@ -23,4 +23,4 @@ class TagDetail(generics.DestroyAPIView):
     queryset = Tag.objects.all()
     serializer_class = TagSerializer
     lookup_url_kwarg = 'tag_id'
-    permission_classes = [IsAuthenticated & IsInProjectReadOnlyOrAdmin]
+    permission_classes = [IsAuthenticated & (IsProjectAdmin | IsProjectStaffAndReadOnly)]

backend/auto_labeling/views.py

@@ -16,7 +16,7 @@
 from rest_framework.views import APIView
 
 from api.models import Project
-from members.permissions import IsInProjectOrAdmin, IsProjectAdmin
+from members.permissions import IsProjectMember, IsProjectAdmin
 from .pipeline.execution import execute_pipeline, get_label_collection
 from .exceptions import AWSTokenError, SampleDataException, TemplateMappingError, URLConnectionError
 from .models import AutoLabelingConfig
@@ -143,7 +143,7 @@ def post(self, *args, **kwargs):
 
 
 class AutomatedLabeling(generics.CreateAPIView):
-    permission_classes = [IsAuthenticated & IsInProjectOrAdmin]
+    permission_classes = [IsAuthenticated & IsProjectMember]
     swagger_schema = None
 
     def create(self, request, *args, **kwargs):

backend/examples/views/comment.py

@@ -3,14 +3,14 @@
 from rest_framework.permissions import IsAuthenticated
 from rest_framework.response import Response
 
-from members.permissions import IsInProjectOrAdmin
+from members.permissions import IsProjectMember
 from examples.models import Comment
 from examples.permissions import IsOwnComment
 from examples.serializers import CommentSerializer
 
 
 class CommentList(generics.ListCreateAPIView):
-    permission_classes = [IsAuthenticated & IsInProjectOrAdmin]
+    permission_classes = [IsAuthenticated & IsProjectMember]
     serializer_class = CommentSerializer
     filter_backends = (DjangoFilterBackend, filters.SearchFilter)
     filterset_fields = ['example']
@@ -38,4 +38,4 @@ class CommentDetail(generics.RetrieveUpdateDestroyAPIView):
     queryset = Comment.objects.all()
     serializer_class = CommentSerializer
     lookup_url_kwarg = 'comment_id'
-    permission_classes = [IsAuthenticated & IsInProjectOrAdmin & IsOwnComment]
+    permission_classes = [IsAuthenticated & IsProjectMember & IsOwnComment]

backend/examples/views/example.py

@@ -11,12 +11,12 @@
 from examples.filters import ExampleFilter
 from examples.models import Example
 from examples.serializers import ExampleSerializer
-from members.permissions import IsInProjectReadOnlyOrAdmin
+from members.permissions import IsProjectAdmin, IsProjectStaffAndReadOnly
 
 
 class ExampleList(generics.ListCreateAPIView):
     serializer_class = ExampleSerializer
-    permission_classes = [IsAuthenticated & IsInProjectReadOnlyOrAdmin]
+    permission_classes = [IsAuthenticated & (IsProjectAdmin | IsProjectStaffAndReadOnly)]
     filter_backends = (DjangoFilterBackend, filters.SearchFilter, filters.OrderingFilter)
     ordering_fields = ('created_at', 'updated_at')
     search_fields = ('text', 'filename')
@@ -55,4 +55,4 @@ class ExampleDetail(generics.RetrieveUpdateDestroyAPIView):
     queryset = Example.objects.all()
     serializer_class = ExampleSerializer
     lookup_url_kwarg = 'example_id'
-    permission_classes = [IsAuthenticated & IsInProjectReadOnlyOrAdmin]
+    permission_classes = [IsAuthenticated & (IsProjectAdmin | IsProjectStaffAndReadOnly)]

backend/examples/views/example_state.py

@@ -5,12 +5,12 @@
 from api.models import Project
 from examples.models import Example, ExampleState
 from examples.serializers import ExampleStateSerializer
-from members.permissions import IsInProjectOrAdmin
+from members.permissions import IsProjectMember
 
 
 class ExampleStateList(generics.ListCreateAPIView):
     serializer_class = ExampleStateSerializer
-    permission_classes = [IsAuthenticated & IsInProjectOrAdmin]
+    permission_classes = [IsAuthenticated & IsProjectMember]
 
     @property
     def can_confirm_per_user(self):

backend/label_types/views.py

@@ -10,7 +10,7 @@
 from rest_framework.response import Response
 from rest_framework.views import APIView
 
-from members.permissions import IsInProjectReadOnlyOrAdmin, IsProjectAdmin
+from members.permissions import IsProjectAdmin, IsProjectStaffAndReadOnly
 from .models import LabelType, CategoryType, SpanType, RelationType
 from .exceptions import LabelValidationError
 from .serializers import (CategoryTypeSerializer, LabelSerializer,
@@ -31,7 +31,7 @@ class LabelList(generics.ListCreateAPIView):
     filter_backends = [DjangoFilterBackend]
     serializer_class = LabelSerializer
     pagination_class = None
-    permission_classes = [IsAuthenticated & IsInProjectReadOnlyOrAdmin]
+    permission_classes = [IsAuthenticated & (IsProjectAdmin | IsProjectStaffAndReadOnly)]
 
     def get_queryset(self):
         return self.model.objects.filter(project=self.kwargs['project_id'])
@@ -54,7 +54,7 @@ class CategoryTypeDetail(generics.RetrieveUpdateDestroyAPIView):
     queryset = CategoryType.objects.all()
     serializer_class = CategoryTypeSerializer
     lookup_url_kwarg = 'label_id'
-    permission_classes = [IsAuthenticated & IsInProjectReadOnlyOrAdmin]
+    permission_classes = [IsAuthenticated & (IsProjectAdmin | IsProjectStaffAndReadOnly)]
 
 
 class SpanTypeList(LabelList):
@@ -66,7 +66,7 @@ class SpanTypeDetail(generics.RetrieveUpdateDestroyAPIView):
     queryset = SpanType.objects.all()
     serializer_class = SpanTypeSerializer
     lookup_url_kwarg = 'label_id'
-    permission_classes = [IsAuthenticated & IsInProjectReadOnlyOrAdmin]
+    permission_classes = [IsAuthenticated & (IsProjectAdmin | IsProjectStaffAndReadOnly)]
 
 
 class RelationTypeList(LabelList):
@@ -78,7 +78,7 @@ class RelationTypeDetail(generics.RetrieveUpdateDestroyAPIView):
     queryset = RelationType.objects.all()
     serializer_class = RelationTypesSerializer
     lookup_url_kwarg = 'relation_type_id'
-    permission_classes = [IsAuthenticated & IsInProjectReadOnlyOrAdmin]
+    permission_classes = [IsAuthenticated & (IsProjectAdmin | IsProjectStaffAndReadOnly)]
 
 
 class LabelUploadAPI(APIView):

backend/labels/views.py

@@ -8,15 +8,15 @@
 
 from api.models import Project
 from labels.models import Category, Span, TextLabel, Relation
-from members.permissions import IsInProjectOrAdmin, IsInProjectReadOnlyOrAdmin
+from members.permissions import IsProjectMember
 from .permissions import CanEditLabel
 from .serializers import CategorySerializer, SpanSerializer, TextLabelSerializer, RelationSerializer
 
 
 class BaseListAPI(generics.ListCreateAPIView):
     label_class = None
     pagination_class = None
-    permission_classes = [IsAuthenticated & IsInProjectOrAdmin]
+    permission_classes = [IsAuthenticated & IsProjectMember]
     swagger_schema = None
 
     @property
@@ -56,10 +56,10 @@ def project(self):
 
     def get_permissions(self):
         if self.project.collaborative_annotation:
-            self.permission_classes = [IsAuthenticated & IsInProjectOrAdmin]
+            self.permission_classes = [IsAuthenticated & IsProjectMember]
         else:
             self.permission_classes = [
-                IsAuthenticated & IsInProjectOrAdmin & partial(CanEditLabel, self.queryset)
+                IsAuthenticated & IsProjectMember & partial(CanEditLabel, self.queryset)
             ]
         return super().get_permissions()
 
@@ -102,7 +102,7 @@ class TextLabelDetailAPI(BaseDetailAPI):
 class RelationList(generics.ListCreateAPIView):
     serializer_class = RelationSerializer
     pagination_class = None
-    permission_classes = [IsAuthenticated & IsInProjectReadOnlyOrAdmin]
+    permission_classes = [IsAuthenticated & IsProjectMember]
 
     def get_queryset(self):
         project = get_object_or_404(Project, pk=self.kwargs['project_id'])
@@ -122,4 +122,4 @@ class RelationDetail(generics.RetrieveUpdateDestroyAPIView):
     queryset = Relation.objects.all()
     serializer_class = RelationSerializer
     lookup_url_kwarg = 'annotation_id'
-    permission_classes = [IsAuthenticated & IsInProjectReadOnlyOrAdmin]
+    permission_classes = [IsAuthenticated & IsProjectMember]

backend/members/permissions.py

@@ -50,5 +50,5 @@ class IsAnnotationApprover(RolePermission):
     role_name = settings.ROLE_ANNOTATION_APPROVER
 
 
-IsInProjectReadOnlyOrAdmin = (IsAnnotatorAndReadOnly | IsAnnotationApproverAndReadOnly | IsProjectAdmin)
-IsInProjectOrAdmin = (IsAnnotator | IsAnnotationApprover | IsProjectAdmin)
+IsProjectMember = (IsAnnotator | IsAnnotationApprover | IsProjectAdmin)
+IsProjectStaffAndReadOnly = (IsAnnotatorAndReadOnly | IsAnnotationApproverAndReadOnly)

backend/metrics/views.py

@@ -9,11 +9,11 @@
 from label_types.models import LabelType, CategoryType, SpanType
 from labels.models import Label, Category, Span
 from members.models import Member
-from members.permissions import IsInProjectReadOnlyOrAdmin
+from members.permissions import IsProjectAdmin, IsProjectStaffAndReadOnly
 
 
 class ProgressAPI(APIView):
-    permission_classes = [IsAuthenticated & IsInProjectReadOnlyOrAdmin]
+    permission_classes = [IsAuthenticated & (IsProjectAdmin | IsProjectStaffAndReadOnly)]
 
     def get(self, request, *args, **kwargs):
         examples = Example.objects.filter(project=self.kwargs['project_id']).values('id')
@@ -23,7 +23,7 @@ def get(self, request, *args, **kwargs):
 
 
 class MemberProgressAPI(APIView):
-    permission_classes = [IsAuthenticated & IsInProjectReadOnlyOrAdmin]
+    permission_classes = [IsAuthenticated & (IsProjectAdmin | IsProjectStaffAndReadOnly)]
 
     def get(self, request, *args, **kwargs):
         examples = Example.objects.filter(project=self.kwargs['project_id']).values('id')
@@ -33,7 +33,7 @@ def get(self, request, *args, **kwargs):
 
 
 class LabelDistribution(abc.ABC, APIView):
-    permission_classes = [IsAuthenticated & IsInProjectReadOnlyOrAdmin]
+    permission_classes = [IsAuthenticated & (IsProjectAdmin | IsProjectStaffAndReadOnly)]
     model = Label
     label_type = LabelType