Open resource links from any organization/sandbox #5892
Conversation
…e and list rest api methods
|
I got the error below when I requested a task. |
|
@kirill-sizov , could you please look at /api/organizations request. The number of queries are growing together with number of organizations. Indeed I believe the number of requests should be less than 10. Please try to minimize.
|
|
@kirill-sizov , /api/jobs request doesn't work in debug at least. Could you please look?
|
…ng extra db query
…pencv/cvat into kl/remove-org-from-id-requests
|
@nmanovic I fixed the performance problem and the problem with getting jobs. But confused about this issue:
I have checked accessing tasks with different parameters of privileges and organization roles (this is also covered by our test) and couldn't reproduce this problem. Could please clarify how did you get this error? Did you get this error in the development environment or in docker? |
| return [] | ||
|
|
||
| return [ | ||
| { |
There was a problem hiding this comment.
Shouldn't these values be aligned with the ORGANIZATION_OPEN_API_PARAMETERS somehow? The code can easily diverge.
| @@ -228,4 +229,27 @@ class CloudStorageReadSerializerExtension(_CloudStorageSerializerExtension): | |||
| class CloudStorageWriteSerializerExtension(_CloudStorageSerializerExtension): | |||
| target_class = 'cvat.apps.engine.serializers.CloudStorageWriteSerializer' | |||
|
|
|||
| ORGANIZATION_OPEN_API_PARAMETERS = [ | |||
There was a problem hiding this comment.
When this should be used? Shouldn't it be documented and declared in IAM or in the organizations apps?
There was a problem hiding this comment.
We use this in "schema" decorators for views like here. But yes I agree probably it would be more logical to move it in iam
| # Filter works only for "list" requests and allows to return | ||
| # only non-organization objects if org isn't specified |
There was a problem hiding this comment.
Probably, these parameters should be documented somehow, especially the (past?) logic about org=''/org=None etc.
| @@ -107,35 +78,6 @@ def get_security_definition(self, auto_schema): | |||
| return [sessionid_schema, csrftoken_schema] | |||
|
|
|||
| class CustomAutoSchema(AutoSchema): | |||
There was a problem hiding this comment.
This class can be moved to engine if there are no IAM specifics added. The only reason it is here is that we can't define it in the engine and import and inherit here.
There was a problem hiding this comment.
Moving this class in apps/engine/schema.py still leads to error due to this line
| if oid is None: | ||
| return instance.get_organization_id() | ||
| return oid | ||
| return getattr(instance, "organization_id", None) |
There was a problem hiding this comment.
Should this attr be enforced on the objects somehow? It's easy to miss it and it won't be noticed.
There was a problem hiding this comment.
Currently objects that have foreign key to Organization has organization_id attribute, for those models that don't have explicit relation with Organization has get_organization_id attribute. This logic is used in few places of code: events, webhooks, permissions. Currently I don't know how this can be done without defining organization_id in each model
There was a problem hiding this comment.
Do you know if we can do anything about places like this https://github.com/opencv/cvat/blob/develop/cvat/apps/engine/views.py#L1832 ?
There was a problem hiding this comment.
Probably, such tests should be updated too https://github.com/opencv/cvat/blob/develop/tests/python/rest_api/test_labels.py#L249-L253
Yes I agree, case with Labels is unusual. Currently the least laborious solution I can suggest is to change iam_organization_field(str) to iam_organizationd_fields(tuple), which would allow multiple organization fields for objects like Label. But I would suggest to postpone this idea until we have other such objects besides labels. |
There is a couple more in the Honey Pot feature endpoints. Probably, an option to provide a list or even a mapping would be useful, similarly to what is done for other list filters. |
### Motivation and context Applied comments: - [x] Aligning ORGANIZATION_OPEN_API_PARAMETERS #5892 (comment) - [x] Moving ORGANIZATION_OPEN_API_PARAMETERS #5892 (comment) ~~- [ ] Moving CustomerAutoSchema #5892 (comment) this uncritical comment that cannot be done easily, [see answer](#5892 (comment)) - [x] Raise error if cannot get `organization_id` for objects #5892 (comment) - [x] Multiply fields for `iam_organization_field` #5892 (comment) Co-authored-by: Maxim Zhiltsov <zhiltsov.max35@gmail.com>
## \[2.4.5] - 2023-06-02 ### Added - Integrated support for sharepoint and cloud storage files, along with directories to be omitted during task creation (server) (<#6074>) - Enabled task creation with directories from cloud storage or sharepoint (<#6074>) - Enhanced task creation to support any data type supported by the server by default, from cloud storage without the necessity for the `use_cache` option (<#6074>) - Added capability for task creation with data from cloud storage without the `use_cache` option (<#6074>) ### Changed - User can now access resource links from any organization or sandbox, granted it's available to them (<#5892>) - Cloud storage manifest files have been made optional (<#6074>) - Updated Django to the 4.2.x version (<#6122>) - Renamed certain Nuclio functions to adhere to a common naming convention. For instance, `onnx-yolov7` -> `onnx-wongkinyiu-yolov7`, `ultralytics-yolov5` -> `pth-ultralytics-yolov5` (<#6140>) ### Deprecated - Deprecated the endpoint `/cloudstorages/{id}/content` (<#6074>) ### Fixed - Fixed the issue of skeletons dumping on created tasks/projects (<#6157>) - Resolved an issue related to saving annotations for skeleton tracks (<#6075>) --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Boris Sekachev <boris.sekachev@yandex.ru> Co-authored-by: Roman Donchenko <roman@cvat.ai> Co-authored-by: Maria Khrustaleva <maya17grd@gmail.com> Co-authored-by: Boris Sekachev <sekachev.bs@gmail.com> Co-authored-by: Nikita Manovich <nikita@cvat.ai> Co-authored-by: Anastasia Yasakova <yasakova_anastasiya@mail.ru> Co-authored-by: Snyk bot <snyk-bot@snyk.io> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Kirill Sizov <kirill.sizov@cvat.ai> Co-authored-by: Paweł Kotiuk <kotiuk@zohomail.eu> Co-authored-by: SK <450723+senthilkumarkj@users.noreply.github.com> Co-authored-by: Kirill Lakhov <kirill.9992@gmail.com>
Motivation and context
Server part:
org_idororg(slug)UI part:
How has this been tested?
Checklist
developbranch(cvat-canvas,
cvat-core,
cvat-data and
cvat-ui)
License
Feel free to contact the maintainers if that's a concern.