Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix leaving the organization #6422

Merged
merged 22 commits into from
Sep 22, 2023
Merged

Fix leaving the organization #6422

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
22 commits
Select commit Hold shift + click to select a range
ac20fed
Fix json filter
Marishka17 Jul 4, 2023
01c194e
Fix permissions
Marishka17 Jul 4, 2023
5bfface
Reload the page after leaving the organization
Marishka17 Jul 4, 2023
f9ef588
Add emply line
Marishka17 Jul 4, 2023
3d01820
Merge branch 'develop' into mk/fix_ability_to_leave_org
nmanovic Jul 13, 2023
8608564
Merge branch 'develop' into mk/fix_ability_to_leave_org
Marishka17 Sep 13, 2023
7b88310
Exclude delete button for self
Marishka17 Sep 13, 2023
6603600
Update permissions
Marishka17 Sep 13, 2023
d48ee52
Merge branch 'mk/fix_ability_to_leave_org' of https://github.com/open…
Marishka17 Sep 13, 2023
8bb8886
Make invitation field in membership serializer nullable
Marishka17 Sep 14, 2023
b717622
Add REST API tests to remove users from organization
Marishka17 Sep 14, 2023
7a2336e
Update assets
Marishka17 Sep 14, 2023
9d4112f
Add some tests to check for role updates
Marishka17 Sep 14, 2023
68b8cdf
Merge develop
Marishka17 Sep 14, 2023
2c64ec9
Fix assets
Marishka17 Sep 15, 2023
ae8c505
Fix several tests
Marishka17 Sep 15, 2023
483b3d1
Fis black issue
Marishka17 Sep 15, 2023
70e1fc5
Merge develop
Marishka17 Sep 15, 2023
8be1aac
Update changelog
Marishka17 Sep 15, 2023
ae9a8d0
v1.56.2
Marishka17 Sep 15, 2023
36278e8
added callback for organization leave
klakhov Sep 22, 2023
10969ca
Merge branch 'develop' into mk/fix_ability_to_leave_org
klakhov Sep 22, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion cvat-core/src/organization.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -348,7 +348,7 @@ Object.defineProperties(Organization.prototype.leave, {
const result = await serverProxy.organizations.members(this.slug, 1, 10, {
filter: JSON.stringify({
and: [{
'==': [{ var: 'user' }, user.id],
'==': [{ var: 'user' }, user.username],
nmanovic marked this conversation as resolved.
Show resolved Hide resolved
}],
}),
});
Expand Down
1 change: 1 addition & 0 deletions cvat-ui/src/actions/organization-actions.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,7 @@ export function leaveOrganizationAsync(organization: any): ThunkAction {
await organization.leave(user);
dispatch(organizationActions.leaveOrganizationSuccess());
localStorage.removeItem('currentOrganization');
window.location.reload();
klakhov marked this conversation as resolved.
Show resolved Hide resolved
} catch (error) {
dispatch(organizationActions.leaveOrganizationFailed(error));
}
Expand Down
11 changes: 9 additions & 2 deletions cvat/apps/iam/rules/memberships.rego
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,7 @@ allow {
input.resource.organization.id == input.auth.organization.id
}

# maintainer of the organization can change role and delete all members except himself and owner
allow {
{ utils.CHANGE_ROLE, utils.DELETE }[input.scope]
input.resource.is_active
Expand All @@ -83,6 +84,7 @@ allow {
}[input.resource.role]
}

# owner of the organization can change role and delete all members except himself
allow {
{ utils.CHANGE_ROLE, utils.DELETE }[input.scope]
input.resource.is_active
Expand All @@ -92,11 +94,16 @@ allow {
input.resource.role != organizations.OWNER
}

# member can leave the organization except cases when member is the owner or maintainer
allow {
input.scope == utils.DELETE
input.resource.is_active
utils.is_sandbox
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kirill-sizov, In case of deleting a membership, the environment will never be a sandbox. https://github.com/opencv/cvat/blob/9148234a159c5d5e193e1fcd785ed7010bf950b7/cvat/apps/iam/permissions.py#L61C29-L61C29

input.resource.role != organizations.OWNER
organizations.is_member
input.resource.organization.id == input.auth.organization.id
input.resource.user.id == input.auth.user.id
not {
organizations.OWNER,
organizations.MAINTAINER
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Marishka17 , why cannot maintainer leave the organization?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@nmanovic, For me, maintainer should also be able to leave the organization. But we have here and here such limitations..

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The idea behind the rule was a maintainer cannot delete another maintainer. Maintainers should be possible to leave the organization for sure.

}[input.resource.role]
utils.has_perm(utils.WORKER)
}