From 0a65679086335c3ab68a56cbfc92d708e8bd2fcf Mon Sep 17 00:00:00 2001 From: Alexandr Kuzmitsky Date: Fri, 27 Dec 2024 14:45:51 +0100 Subject: [PATCH] Use dynamic toggle based definition of Permissions class for a RBAC model --- engine/apps/api/permissions.py | 35 +++- engine/apps/api/tests/test_permissions.py | 162 +++++++++--------- engine/apps/api/tests/test_user.py | 12 +- engine/apps/api/views/alert_group.py | 40 ++--- .../api/views/alert_group_table_settings.py | 8 +- .../apps/api/views/alert_receive_channel.py | 80 ++++----- .../views/alert_receive_channel_template.py | 10 +- engine/apps/api/views/channel_filter.py | 18 +- engine/apps/api/views/direct_paging.py | 2 +- engine/apps/api/views/escalation_chain.py | 18 +- engine/apps/api/views/escalation_policy.py | 24 +-- .../apps/api/views/integration_heartbeat.py | 16 +- engine/apps/api/views/labels.py | 18 +- engine/apps/api/views/live_setting.py | 10 +- engine/apps/api/views/on_call_shifts.py | 22 +-- engine/apps/api/views/organization.py | 12 +- engine/apps/api/views/public_api_tokens.py | 10 +- engine/apps/api/views/resolution_note.py | 14 +- engine/apps/api/views/schedule.py | 42 ++--- engine/apps/api/views/shift_swap.py | 16 +- engine/apps/api/views/slack_channel.py | 4 +- engine/apps/api/views/slack_team_settings.py | 8 +- engine/apps/api/views/team.py | 6 +- engine/apps/api/views/telegram_channels.py | 10 +- engine/apps/api/views/user.py | 56 +++--- engine/apps/api/views/user_group.py | 4 +- .../api/views/user_notification_policy.py | 22 +-- engine/apps/api/views/webhooks.py | 24 +-- 28 files changed, 363 insertions(+), 340 deletions(-) diff --git a/engine/apps/api/permissions.py b/engine/apps/api/permissions.py index 2d83b63bf8..67be62a55e 100644 --- a/engine/apps/api/permissions.py +++ b/engine/apps/api/permissions.py @@ -261,13 +261,7 @@ class Permissions: ) NOTIFICATIONS_READ = LegacyAccessControlCompatiblePermission( - Resources.NOTIFICATIONS, - Actions.READ, - ( - LegacyAccessControlRole.VIEWER - if settings.FEATURE_ALLOW_VIEWERS_ON_CALL - else LegacyAccessControlRole.EDITOR - ), + Resources.NOTIFICATIONS, Actions.READ, LegacyAccessControlRole.EDITOR ) NOTIFICATION_SETTINGS_READ = LegacyAccessControlCompatiblePermission( @@ -305,6 +299,29 @@ class Permissions: Resources.LABEL, Actions.WRITE, LegacyAccessControlRole.EDITOR, prefix=PluginID.LABELS ) + class ViewerOnCallPermissions(Permissions): + """ + This class is used to define permissions for the "Viewer on Call" role. This role is used in the context of + the "Viewer on Call" feature flag. + The role is a subset of the "Viewer" role, and is used to define permissions for users who + are allowed be OnCall having only READ role in grafana. + """ + + ALERT_GROUPS_WRITE = LegacyAccessControlCompatiblePermission( + Resources.ALERT_GROUPS, Actions.WRITE, LegacyAccessControlRole.VIEWER + ) + ALERT_GROUPS_DIRECT_PAGING = LegacyAccessControlCompatiblePermission( + Resources.ALERT_GROUPS, Actions.DIRECT_PAGING, LegacyAccessControlRole.VIEWER + ) + SCHEDULES_WRITE = LegacyAccessControlCompatiblePermission( + Resources.SCHEDULES, Actions.WRITE, LegacyAccessControlRole.VIEWER + ) + NOTIFICATIONS_READ = LegacyAccessControlCompatiblePermission( + Resources.NOTIFICATIONS, Actions.READ, LegacyAccessControlRole.VIEWER + ) + + permissions: Permissions = Permissions if not settings.FEATURE_ALLOW_VIEWERS_ON_CALL else ViewerOnCallPermissions + # mypy complains about "Liskov substitution principle" here because request is `AuthenticatedRequest` object # and not rest_framework.request.Request # https://mypy.readthedocs.io/en/stable/common_issues.html#incompatible-overrides @@ -356,9 +373,9 @@ def has_object_permission(self, request: AuthenticatedRequest, view: ViewSetOrAP return True -ALL_PERMISSION_NAMES = [perm for perm in dir(RBACPermission.Permissions) if not perm.startswith("_")] +ALL_PERMISSION_NAMES = [perm for perm in dir(RBACPermission.permissions) if not perm.startswith("_")] ALL_PERMISSION_CLASSES: LegacyAccessControlCompatiblePermissions = [ - getattr(RBACPermission.Permissions, permission_name) for permission_name in ALL_PERMISSION_NAMES + getattr(RBACPermission.permissions, permission_name) for permission_name in ALL_PERMISSION_NAMES ] ALL_PERMISSION_CHOICES: typing.List[typing.Tuple[str, str]] = [] for permission_class, permission_name in zip(ALL_PERMISSION_CLASSES, ALL_PERMISSION_NAMES): diff --git a/engine/apps/api/tests/test_permissions.py b/engine/apps/api/tests/test_permissions.py index ab99f5ba01..6dcc3c620c 100644 --- a/engine/apps/api/tests/test_permissions.py +++ b/engine/apps/api/tests/test_permissions.py @@ -58,14 +58,14 @@ class TestLegacyAccessControlCompatiblePermission: [ # rbac enabled - is_grafana_irm_enabled disabled ( - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ, + permissions.RBACPermission.permissions.ALERT_GROUPS_READ, permissions.LegacyAccessControlRole.VIEWER, True, False, True, ), ( - permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE, + permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE, permissions.LegacyAccessControlRole.VIEWER, True, False, @@ -73,14 +73,14 @@ class TestLegacyAccessControlCompatiblePermission: ), # rbac enabled - is_grafana_irm_enabled enabled ( - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ, + permissions.RBACPermission.permissions.ALERT_GROUPS_READ, permissions.LegacyAccessControlRole.VIEWER, True, True, True, ), ( - permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE, + permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE, permissions.LegacyAccessControlRole.VIEWER, True, True, @@ -88,28 +88,28 @@ class TestLegacyAccessControlCompatiblePermission: ), # rbac disabled (and hence is_grafana_irm_enabled is irrelevant) ( - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ, + permissions.RBACPermission.permissions.ALERT_GROUPS_READ, permissions.LegacyAccessControlRole.VIEWER, False, False, True, ), ( - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ, + permissions.RBACPermission.permissions.ALERT_GROUPS_READ, permissions.LegacyAccessControlRole.VIEWER, False, True, True, ), ( - permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE, + permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE, permissions.LegacyAccessControlRole.VIEWER, False, False, False, ), ( - permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE, + permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE, permissions.LegacyAccessControlRole.VIEWER, False, True, @@ -128,7 +128,7 @@ def test_user_has_permission( is_grafana_irm_enabled, expected_result, ): - user_permission = permissions.RBACPermission.Permissions.ALERT_GROUPS_READ + user_permission = permissions.RBACPermission.permissions.ALERT_GROUPS_READ org = make_organization( is_rbac_permissions_enabled=is_rbac_permissions_enabled, is_grafana_irm_enabled=is_grafana_irm_enabled @@ -138,9 +138,11 @@ def test_user_has_permission( role=user_basic_role, permissions=permissions.GrafanaAPIPermissions.construct_permissions( [ - permissions.convert_oncall_permission_to_irm(user_permission) - if is_grafana_irm_enabled - else user_permission.value + ( + permissions.convert_oncall_permission_to_irm(user_permission) + if is_grafana_irm_enabled + else user_permission.value + ) ] ), ) @@ -187,67 +189,67 @@ def test_user_has_minimum_required_basic_role( "user_permissions,required_permissions,is_rbac_permissions_enabled,expected_result", [ ( - [permissions.RBACPermission.Permissions.ALERT_GROUPS_READ], - [permissions.RBACPermission.Permissions.ALERT_GROUPS_READ], + [permissions.RBACPermission.permissions.ALERT_GROUPS_READ], + [permissions.RBACPermission.permissions.ALERT_GROUPS_READ], True, True, ), ( - [permissions.RBACPermission.Permissions.ALERT_GROUPS_READ], - [permissions.RBACPermission.Permissions.ALERT_GROUPS_READ], + [permissions.RBACPermission.permissions.ALERT_GROUPS_READ], + [permissions.RBACPermission.permissions.ALERT_GROUPS_READ], False, True, ), ( [ - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ, - permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE, + permissions.RBACPermission.permissions.ALERT_GROUPS_READ, + permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE, ], [ - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ, - permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE, + permissions.RBACPermission.permissions.ALERT_GROUPS_READ, + permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE, ], True, True, ), ( [ - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ, - permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE, + permissions.RBACPermission.permissions.ALERT_GROUPS_READ, + permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE, ], [ - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ, - permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE, + permissions.RBACPermission.permissions.ALERT_GROUPS_READ, + permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE, ], False, True, ), ( - [permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE], - [permissions.RBACPermission.Permissions.ALERT_GROUPS_READ], + [permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE], + [permissions.RBACPermission.permissions.ALERT_GROUPS_READ], True, False, ), ( - [permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE], - [permissions.RBACPermission.Permissions.ALERT_GROUPS_READ], + [permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE], + [permissions.RBACPermission.permissions.ALERT_GROUPS_READ], False, True, ), ( - [permissions.RBACPermission.Permissions.ALERT_GROUPS_READ], + [permissions.RBACPermission.permissions.ALERT_GROUPS_READ], [ - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ, - permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE, + permissions.RBACPermission.permissions.ALERT_GROUPS_READ, + permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE, ], False, False, ), ( - [permissions.RBACPermission.Permissions.ALERT_GROUPS_READ], + [permissions.RBACPermission.permissions.ALERT_GROUPS_READ], [ - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ, - permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE, + permissions.RBACPermission.permissions.ALERT_GROUPS_READ, + permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE, ], True, False, @@ -287,23 +289,23 @@ def test_user_is_authorized( "user_permissions,expected_role", [ ( - [permissions.RBACPermission.Permissions.ALERT_GROUPS_READ], - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ.fallback_role, + [permissions.RBACPermission.permissions.ALERT_GROUPS_READ], + permissions.RBACPermission.permissions.ALERT_GROUPS_READ.fallback_role, ), ( [ - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ, - permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE, + permissions.RBACPermission.permissions.ALERT_GROUPS_READ, + permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE, ], - permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE.fallback_role, + permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE.fallback_role, ), ( [ - permissions.RBACPermission.Permissions.USER_SETTINGS_READ, - permissions.RBACPermission.Permissions.USER_SETTINGS_WRITE, - permissions.RBACPermission.Permissions.USER_SETTINGS_ADMIN, + permissions.RBACPermission.permissions.USER_SETTINGS_READ, + permissions.RBACPermission.permissions.USER_SETTINGS_WRITE, + permissions.RBACPermission.permissions.USER_SETTINGS_ADMIN, ], - permissions.RBACPermission.Permissions.USER_SETTINGS_ADMIN.fallback_role, + permissions.RBACPermission.permissions.USER_SETTINGS_ADMIN.fallback_role, ), ], ) @@ -331,7 +333,7 @@ def test_has_permission_works_on_a_viewset_view( make_organization, make_user_for_organization, ) -> None: - required_permission = permissions.RBACPermission.Permissions.ALERT_GROUPS_READ + required_permission = permissions.RBACPermission.permissions.ALERT_GROUPS_READ action = "hello" viewset = MockedViewSet( @@ -358,7 +360,7 @@ def test_has_permission_works_on_a_viewset_view( org, role=permissions.LegacyAccessControlRole.NONE, permissions=permissions.GrafanaAPIPermissions.construct_permissions( - [permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE.value] + [permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE.value] ), ) @@ -383,7 +385,7 @@ def test_has_permission_works_on_an_apiview_view( make_organization, make_user_for_organization, ) -> None: - required_permission = permissions.RBACPermission.Permissions.ALERT_GROUPS_READ + required_permission = permissions.RBACPermission.permissions.ALERT_GROUPS_READ method = "hello" apiview = MockedAPIView( @@ -407,7 +409,7 @@ def test_has_permission_works_on_an_apiview_view( org, role=permissions.LegacyAccessControlRole.NONE, permissions=permissions.GrafanaAPIPermissions.construct_permissions( - [permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE.value] + [permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE.value] ), ) @@ -573,31 +575,31 @@ def __init__(self, schedule: MockedSchedule) -> None: "user_permissions,required_permissions,expected_result", [ ( - [permissions.RBACPermission.Permissions.ALERT_GROUPS_READ], - [permissions.RBACPermission.Permissions.ALERT_GROUPS_READ], + [permissions.RBACPermission.permissions.ALERT_GROUPS_READ], + [permissions.RBACPermission.permissions.ALERT_GROUPS_READ], True, ), ( [ - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ, - permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE, + permissions.RBACPermission.permissions.ALERT_GROUPS_READ, + permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE, ], [ - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ, - permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE, + permissions.RBACPermission.permissions.ALERT_GROUPS_READ, + permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE, ], True, ), ( - [permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE], - [permissions.RBACPermission.Permissions.ALERT_GROUPS_READ], + [permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE], + [permissions.RBACPermission.permissions.ALERT_GROUPS_READ], False, ), ( - [permissions.RBACPermission.Permissions.ALERT_GROUPS_READ], + [permissions.RBACPermission.permissions.ALERT_GROUPS_READ], [ - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ, - permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE, + permissions.RBACPermission.permissions.ALERT_GROUPS_READ, + permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE, ], False, ), @@ -626,7 +628,7 @@ def test_HasRBACPermission( class TestIsOwnerOrHasRBACPermissions: - required_permission = permissions.RBACPermission.Permissions.SCHEDULES_READ + required_permission = permissions.RBACPermission.permissions.SCHEDULES_READ required_permissions = [required_permission] user_permissions = permissions.GrafanaAPIPermissions.construct_permissions( [perm.value for perm in required_permissions] @@ -724,12 +726,12 @@ def __init__(self, schedule: MockedSchedule) -> None: "permission,expected", [ ( - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ, + permissions.RBACPermission.permissions.ALERT_GROUPS_READ, f"{PluginID.IRM}.alert-groups:read", ), ( - permissions.RBACPermission.Permissions.LABEL_READ, - permissions.RBACPermission.Permissions.LABEL_READ.value, + permissions.RBACPermission.permissions.LABEL_READ, + permissions.RBACPermission.permissions.LABEL_READ.value, ), ], ) @@ -743,36 +745,36 @@ def test_convert_oncall_permission_to_irm(permission, expected) -> None: ( False, [ - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ, - permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE, + permissions.RBACPermission.permissions.ALERT_GROUPS_READ, + permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE, ], [ - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ.value, - permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE.value, + permissions.RBACPermission.permissions.ALERT_GROUPS_READ.value, + permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE.value, ], ), ( True, [ - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ, - permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE, + permissions.RBACPermission.permissions.ALERT_GROUPS_READ, + permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE, ], [ - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ.value.replace(PluginID.ONCALL, PluginID.IRM), - permissions.RBACPermission.Permissions.ALERT_GROUPS_WRITE.value.replace(PluginID.ONCALL, PluginID.IRM), + permissions.RBACPermission.permissions.ALERT_GROUPS_READ.value.replace(PluginID.ONCALL, PluginID.IRM), + permissions.RBACPermission.permissions.ALERT_GROUPS_WRITE.value.replace(PluginID.ONCALL, PluginID.IRM), ], ), ( True, [ - permissions.RBACPermission.Permissions.LABEL_CREATE, - permissions.RBACPermission.Permissions.LABEL_WRITE, - permissions.RBACPermission.Permissions.LABEL_READ, + permissions.RBACPermission.permissions.LABEL_CREATE, + permissions.RBACPermission.permissions.LABEL_WRITE, + permissions.RBACPermission.permissions.LABEL_READ, ], [ - permissions.RBACPermission.Permissions.LABEL_CREATE.value, - permissions.RBACPermission.Permissions.LABEL_WRITE.value, - permissions.RBACPermission.Permissions.LABEL_READ.value, + permissions.RBACPermission.permissions.LABEL_CREATE.value, + permissions.RBACPermission.permissions.LABEL_WRITE.value, + permissions.RBACPermission.permissions.LABEL_READ.value, ], ), ], @@ -792,16 +794,16 @@ def test_get_required_permission_values( "perm,expected_permission", [ ( - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ.value, - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ, + permissions.RBACPermission.permissions.ALERT_GROUPS_READ.value, + permissions.RBACPermission.permissions.ALERT_GROUPS_READ, ), ( "non.existent.permission", None, ), ( - permissions.convert_oncall_permission_to_irm(permissions.RBACPermission.Permissions.ALERT_GROUPS_READ), - permissions.RBACPermission.Permissions.ALERT_GROUPS_READ, + permissions.convert_oncall_permission_to_irm(permissions.RBACPermission.permissions.ALERT_GROUPS_READ), + permissions.RBACPermission.permissions.ALERT_GROUPS_READ, ), ], ) diff --git a/engine/apps/api/tests/test_user.py b/engine/apps/api/tests/test_user.py index 262989281e..7db3fc3eb3 100644 --- a/engine/apps/api/tests/test_user.py +++ b/engine/apps/api/tests/test_user.py @@ -325,8 +325,8 @@ def test_list_users_filtered_by_granted_permission( make_token_for_organization, make_user_auth_headers, ): - permission = permissions.RBACPermission.Permissions.NOTIFICATIONS_READ - admin_perm_required_to_call_endpoint = permissions.RBACPermission.Permissions.USER_SETTINGS_READ + permission = permissions.RBACPermission.permissions.NOTIFICATIONS_READ + admin_perm_required_to_call_endpoint = permissions.RBACPermission.permissions.USER_SETTINGS_READ perm_to_filter_on = ( permissions.convert_oncall_permission_to_irm(permission) if is_grafana_irm_enabled else permission.value ) @@ -340,9 +340,11 @@ def test_list_users_filtered_by_granted_permission( # make_user_for_organization fixture will only grant the oncall flavour of the permission permissions=permissions.GrafanaAPIPermissions.construct_permissions( [ - permissions.convert_oncall_permission_to_irm(admin_perm_required_to_call_endpoint) - if is_grafana_irm_enabled - else admin_perm_required_to_call_endpoint.value + ( + permissions.convert_oncall_permission_to_irm(admin_perm_required_to_call_endpoint) + if is_grafana_irm_enabled + else admin_perm_required_to_call_endpoint.value + ) ] ), ) diff --git a/engine/apps/api/views/alert_group.py b/engine/apps/api/views/alert_group.py index 117fb9ce9d..94b8761aba 100644 --- a/engine/apps/api/views/alert_group.py +++ b/engine/apps/api/views/alert_group.py @@ -263,26 +263,26 @@ class AlertGroupView( permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "metadata": [RBACPermission.Permissions.ALERT_GROUPS_READ], - "list": [RBACPermission.Permissions.ALERT_GROUPS_READ], - "retrieve": [RBACPermission.Permissions.ALERT_GROUPS_READ], - "stats": [RBACPermission.Permissions.ALERT_GROUPS_READ], - "filters": [RBACPermission.Permissions.ALERT_GROUPS_READ], - "silence_options": [RBACPermission.Permissions.ALERT_GROUPS_READ], - "bulk_action_options": [RBACPermission.Permissions.ALERT_GROUPS_READ], - "destroy": [RBACPermission.Permissions.ALERT_GROUPS_WRITE], - "acknowledge": [RBACPermission.Permissions.ALERT_GROUPS_WRITE], - "unacknowledge": [RBACPermission.Permissions.ALERT_GROUPS_WRITE], - "resolve": [RBACPermission.Permissions.ALERT_GROUPS_WRITE], - "unresolve": [RBACPermission.Permissions.ALERT_GROUPS_WRITE], - "attach": [RBACPermission.Permissions.ALERT_GROUPS_WRITE], - "unattach": [RBACPermission.Permissions.ALERT_GROUPS_WRITE], - "silence": [RBACPermission.Permissions.ALERT_GROUPS_WRITE], - "unsilence": [RBACPermission.Permissions.ALERT_GROUPS_WRITE], - "unpage_user": [RBACPermission.Permissions.ALERT_GROUPS_WRITE], - "bulk_action": [RBACPermission.Permissions.ALERT_GROUPS_WRITE], - "preview_template": [RBACPermission.Permissions.INTEGRATIONS_TEST], - "escalation_snapshot": [RBACPermission.Permissions.ALERT_GROUPS_READ], + "metadata": [RBACPermission.permissions.ALERT_GROUPS_READ], + "list": [RBACPermission.permissions.ALERT_GROUPS_READ], + "retrieve": [RBACPermission.permissions.ALERT_GROUPS_READ], + "stats": [RBACPermission.permissions.ALERT_GROUPS_READ], + "filters": [RBACPermission.permissions.ALERT_GROUPS_READ], + "silence_options": [RBACPermission.permissions.ALERT_GROUPS_READ], + "bulk_action_options": [RBACPermission.permissions.ALERT_GROUPS_READ], + "destroy": [RBACPermission.permissions.ALERT_GROUPS_WRITE], + "acknowledge": [RBACPermission.permissions.ALERT_GROUPS_WRITE], + "unacknowledge": [RBACPermission.permissions.ALERT_GROUPS_WRITE], + "resolve": [RBACPermission.permissions.ALERT_GROUPS_WRITE], + "unresolve": [RBACPermission.permissions.ALERT_GROUPS_WRITE], + "attach": [RBACPermission.permissions.ALERT_GROUPS_WRITE], + "unattach": [RBACPermission.permissions.ALERT_GROUPS_WRITE], + "silence": [RBACPermission.permissions.ALERT_GROUPS_WRITE], + "unsilence": [RBACPermission.permissions.ALERT_GROUPS_WRITE], + "unpage_user": [RBACPermission.permissions.ALERT_GROUPS_WRITE], + "bulk_action": [RBACPermission.permissions.ALERT_GROUPS_WRITE], + "preview_template": [RBACPermission.permissions.INTEGRATIONS_TEST], + "escalation_snapshot": [RBACPermission.permissions.ALERT_GROUPS_READ], } queryset = AlertGroup.objects.none() # needed for drf-spectacular introspection diff --git a/engine/apps/api/views/alert_group_table_settings.py b/engine/apps/api/views/alert_group_table_settings.py index 53859f1b37..422dfc7edc 100644 --- a/engine/apps/api/views/alert_group_table_settings.py +++ b/engine/apps/api/views/alert_group_table_settings.py @@ -21,10 +21,10 @@ class AlertGroupTableColumnsViewSet(LabelsFeatureFlagViewSet): permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "get_columns": [RBACPermission.Permissions.ALERT_GROUPS_READ], - "update_user_columns": [RBACPermission.Permissions.ALERT_GROUPS_READ], - "reset_user_columns": [RBACPermission.Permissions.ALERT_GROUPS_READ], - "update_organization_columns": [RBACPermission.Permissions.OTHER_SETTINGS_WRITE], + "get_columns": [RBACPermission.permissions.ALERT_GROUPS_READ], + "update_user_columns": [RBACPermission.permissions.ALERT_GROUPS_READ], + "reset_user_columns": [RBACPermission.permissions.ALERT_GROUPS_READ], + "update_organization_columns": [RBACPermission.permissions.OTHER_SETTINGS_WRITE], } def get_columns(self, request: Request) -> Response: diff --git a/engine/apps/api/views/alert_receive_channel.py b/engine/apps/api/views/alert_receive_channel.py index 19c40a579a..80b24bfa98 100644 --- a/engine/apps/api/views/alert_receive_channel.py +++ b/engine/apps/api/views/alert_receive_channel.py @@ -150,42 +150,42 @@ class AlertReceiveChannelView( pagination_class = FifteenPageSizePaginator rbac_permissions = { - "metadata": [RBACPermission.Permissions.INTEGRATIONS_READ], - "list": [RBACPermission.Permissions.INTEGRATIONS_READ], - "retrieve": [RBACPermission.Permissions.INTEGRATIONS_READ], - "integration_options": [RBACPermission.Permissions.INTEGRATIONS_READ], - "counters": [RBACPermission.Permissions.INTEGRATIONS_READ], - "counters_per_integration": [RBACPermission.Permissions.INTEGRATIONS_READ], - "send_demo_alert": [RBACPermission.Permissions.INTEGRATIONS_TEST], - "preview_template": [RBACPermission.Permissions.INTEGRATIONS_TEST], - "create": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "update": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "partial_update": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "destroy": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "change_team": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "filters": [RBACPermission.Permissions.INTEGRATIONS_READ], - "start_maintenance": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "stop_maintenance": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "validate_name": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "migrate": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "connected_contact_points": [RBACPermission.Permissions.INTEGRATIONS_READ], - "contact_points": [RBACPermission.Permissions.INTEGRATIONS_READ], - "connect_contact_point": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "create_contact_point": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "disconnect_contact_point": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "test_connection_create": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "test_connection": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "status_options": [RBACPermission.Permissions.INTEGRATIONS_READ], - "webhooks_get": [RBACPermission.Permissions.INTEGRATIONS_READ], - "webhooks_post": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "webhooks_put": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "webhooks_delete": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "connected_alert_receive_channels_get": [RBACPermission.Permissions.INTEGRATIONS_READ], - "connected_alert_receive_channels_post": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "connected_alert_receive_channels_put": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "connected_alert_receive_channels_delete": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "backsync_token_get": [RBACPermission.Permissions.INTEGRATIONS_READ], - "backsync_token_post": [RBACPermission.Permissions.INTEGRATIONS_WRITE], + "metadata": [RBACPermission.permissions.INTEGRATIONS_READ], + "list": [RBACPermission.permissions.INTEGRATIONS_READ], + "retrieve": [RBACPermission.permissions.INTEGRATIONS_READ], + "integration_options": [RBACPermission.permissions.INTEGRATIONS_READ], + "counters": [RBACPermission.permissions.INTEGRATIONS_READ], + "counters_per_integration": [RBACPermission.permissions.INTEGRATIONS_READ], + "send_demo_alert": [RBACPermission.permissions.INTEGRATIONS_TEST], + "preview_template": [RBACPermission.permissions.INTEGRATIONS_TEST], + "create": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "update": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "partial_update": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "destroy": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "change_team": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "filters": [RBACPermission.permissions.INTEGRATIONS_READ], + "start_maintenance": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "stop_maintenance": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "validate_name": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "migrate": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "connected_contact_points": [RBACPermission.permissions.INTEGRATIONS_READ], + "contact_points": [RBACPermission.permissions.INTEGRATIONS_READ], + "connect_contact_point": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "create_contact_point": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "disconnect_contact_point": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "test_connection_create": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "test_connection": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "status_options": [RBACPermission.permissions.INTEGRATIONS_READ], + "webhooks_get": [RBACPermission.permissions.INTEGRATIONS_READ], + "webhooks_post": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "webhooks_put": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "webhooks_delete": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "connected_alert_receive_channels_get": [RBACPermission.permissions.INTEGRATIONS_READ], + "connected_alert_receive_channels_post": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "connected_alert_receive_channels_put": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "connected_alert_receive_channels_delete": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "backsync_token_get": [RBACPermission.permissions.INTEGRATIONS_READ], + "backsync_token_post": [RBACPermission.permissions.INTEGRATIONS_WRITE], } def perform_update(self, serializer): @@ -375,9 +375,11 @@ def integration_options(self, request): "display_name": integration_title, "short_description": AlertReceiveChannel.INTEGRATION_SHORT_DESCRIPTION[integration_id], "featured": integration_id in AlertReceiveChannel.INTEGRATION_FEATURED, - "featured_tag_name": AlertReceiveChannel.INTEGRATION_FEATURED_TAG_NAME[integration_id] - if integration_id in AlertReceiveChannel.INTEGRATION_FEATURED_TAG_NAME - else None, + "featured_tag_name": ( + AlertReceiveChannel.INTEGRATION_FEATURED_TAG_NAME[integration_id] + if integration_id in AlertReceiveChannel.INTEGRATION_FEATURED_TAG_NAME + else None + ), } # if integration is featured we show it in the beginning if choice["featured"]: diff --git a/engine/apps/api/views/alert_receive_channel_template.py b/engine/apps/api/views/alert_receive_channel_template.py index 579ae3aa78..4beb8557a6 100644 --- a/engine/apps/api/views/alert_receive_channel_template.py +++ b/engine/apps/api/views/alert_receive_channel_template.py @@ -22,11 +22,11 @@ class AlertReceiveChannelTemplateView( permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "metadata": [RBACPermission.Permissions.INTEGRATIONS_READ], - "list": [RBACPermission.Permissions.INTEGRATIONS_READ], - "retrieve": [RBACPermission.Permissions.INTEGRATIONS_READ], - "update": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "partial_update": [RBACPermission.Permissions.INTEGRATIONS_WRITE], + "metadata": [RBACPermission.permissions.INTEGRATIONS_READ], + "list": [RBACPermission.permissions.INTEGRATIONS_READ], + "retrieve": [RBACPermission.permissions.INTEGRATIONS_READ], + "update": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "partial_update": [RBACPermission.permissions.INTEGRATIONS_WRITE], } model = AlertReceiveChannel diff --git a/engine/apps/api/views/channel_filter.py b/engine/apps/api/views/channel_filter.py index f3bc46e84c..3e007b625a 100644 --- a/engine/apps/api/views/channel_filter.py +++ b/engine/apps/api/views/channel_filter.py @@ -56,15 +56,15 @@ class ChannelFilterView( authentication_classes = (PluginAuthentication,) permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "metadata": [RBACPermission.Permissions.INTEGRATIONS_READ], - "list": [RBACPermission.Permissions.INTEGRATIONS_READ], - "retrieve": [RBACPermission.Permissions.INTEGRATIONS_READ], - "create": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "update": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "partial_update": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "destroy": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "move_to_position": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "convert_from_regex_to_jinja2": [RBACPermission.Permissions.INTEGRATIONS_WRITE], + "metadata": [RBACPermission.permissions.INTEGRATIONS_READ], + "list": [RBACPermission.permissions.INTEGRATIONS_READ], + "retrieve": [RBACPermission.permissions.INTEGRATIONS_READ], + "create": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "update": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "partial_update": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "destroy": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "move_to_position": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "convert_from_regex_to_jinja2": [RBACPermission.permissions.INTEGRATIONS_WRITE], } queryset = ChannelFilter.objects.none() # needed for drf-spectacular introspection diff --git a/engine/apps/api/views/direct_paging.py b/engine/apps/api/views/direct_paging.py index b5d7a9eb0a..2640974d13 100644 --- a/engine/apps/api/views/direct_paging.py +++ b/engine/apps/api/views/direct_paging.py @@ -19,7 +19,7 @@ class DirectPagingAPIView(APIView): permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "post": [RBACPermission.Permissions.ALERT_GROUPS_DIRECT_PAGING], + "post": [RBACPermission.permissions.ALERT_GROUPS_DIRECT_PAGING], } def post(self, request): diff --git a/engine/apps/api/views/escalation_chain.py b/engine/apps/api/views/escalation_chain.py index e48a96a484..619a6a836b 100644 --- a/engine/apps/api/views/escalation_chain.py +++ b/engine/apps/api/views/escalation_chain.py @@ -67,15 +67,15 @@ class EscalationChainViewSet( permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "metadata": [RBACPermission.Permissions.ESCALATION_CHAINS_READ], - "list": [RBACPermission.Permissions.ESCALATION_CHAINS_READ], - "retrieve": [RBACPermission.Permissions.ESCALATION_CHAINS_READ], - "details": [RBACPermission.Permissions.ESCALATION_CHAINS_READ], - "create": [RBACPermission.Permissions.ESCALATION_CHAINS_WRITE], - "update": [RBACPermission.Permissions.ESCALATION_CHAINS_WRITE], - "destroy": [RBACPermission.Permissions.ESCALATION_CHAINS_WRITE], - "copy": [RBACPermission.Permissions.ESCALATION_CHAINS_WRITE], - "filters": [RBACPermission.Permissions.ESCALATION_CHAINS_READ], + "metadata": [RBACPermission.permissions.ESCALATION_CHAINS_READ], + "list": [RBACPermission.permissions.ESCALATION_CHAINS_READ], + "retrieve": [RBACPermission.permissions.ESCALATION_CHAINS_READ], + "details": [RBACPermission.permissions.ESCALATION_CHAINS_READ], + "create": [RBACPermission.permissions.ESCALATION_CHAINS_WRITE], + "update": [RBACPermission.permissions.ESCALATION_CHAINS_WRITE], + "destroy": [RBACPermission.permissions.ESCALATION_CHAINS_WRITE], + "copy": [RBACPermission.permissions.ESCALATION_CHAINS_WRITE], + "filters": [RBACPermission.permissions.ESCALATION_CHAINS_READ], } queryset = EscalationChain.objects.none() # needed for drf-spectacular introspection diff --git a/engine/apps/api/views/escalation_policy.py b/engine/apps/api/views/escalation_policy.py index 23a2d14b9c..1f3499c91d 100644 --- a/engine/apps/api/views/escalation_policy.py +++ b/engine/apps/api/views/escalation_policy.py @@ -65,18 +65,18 @@ class EscalationPolicyView( ) permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "metadata": [RBACPermission.Permissions.ESCALATION_CHAINS_READ], - "list": [RBACPermission.Permissions.ESCALATION_CHAINS_READ], - "retrieve": [RBACPermission.Permissions.ESCALATION_CHAINS_READ], - "escalation_options": [RBACPermission.Permissions.ESCALATION_CHAINS_READ], - "delay_options": [RBACPermission.Permissions.ESCALATION_CHAINS_READ], - "num_minutes_in_window_options": [RBACPermission.Permissions.ESCALATION_CHAINS_READ], - "severity_options": [RBACPermission.Permissions.ESCALATION_CHAINS_READ], - "create": [RBACPermission.Permissions.ESCALATION_CHAINS_WRITE], - "update": [RBACPermission.Permissions.ESCALATION_CHAINS_WRITE], - "partial_update": [RBACPermission.Permissions.ESCALATION_CHAINS_WRITE], - "destroy": [RBACPermission.Permissions.ESCALATION_CHAINS_WRITE], - "move_to_position": [RBACPermission.Permissions.ESCALATION_CHAINS_WRITE], + "metadata": [RBACPermission.permissions.ESCALATION_CHAINS_READ], + "list": [RBACPermission.permissions.ESCALATION_CHAINS_READ], + "retrieve": [RBACPermission.permissions.ESCALATION_CHAINS_READ], + "escalation_options": [RBACPermission.permissions.ESCALATION_CHAINS_READ], + "delay_options": [RBACPermission.permissions.ESCALATION_CHAINS_READ], + "num_minutes_in_window_options": [RBACPermission.permissions.ESCALATION_CHAINS_READ], + "severity_options": [RBACPermission.permissions.ESCALATION_CHAINS_READ], + "create": [RBACPermission.permissions.ESCALATION_CHAINS_WRITE], + "update": [RBACPermission.permissions.ESCALATION_CHAINS_WRITE], + "partial_update": [RBACPermission.permissions.ESCALATION_CHAINS_WRITE], + "destroy": [RBACPermission.permissions.ESCALATION_CHAINS_WRITE], + "move_to_position": [RBACPermission.permissions.ESCALATION_CHAINS_WRITE], } queryset = EscalationPolicy.objects.none() # needed for drf-spectacular introspection diff --git a/engine/apps/api/views/integration_heartbeat.py b/engine/apps/api/views/integration_heartbeat.py index 1a3f03dd8c..3546fbe6a8 100644 --- a/engine/apps/api/views/integration_heartbeat.py +++ b/engine/apps/api/views/integration_heartbeat.py @@ -23,14 +23,14 @@ class IntegrationHeartBeatView( authentication_classes = (PluginAuthentication,) permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "metadata": [RBACPermission.Permissions.INTEGRATIONS_READ], - "list": [RBACPermission.Permissions.INTEGRATIONS_READ], - "retrieve": [RBACPermission.Permissions.INTEGRATIONS_READ], - "timeout_options": [RBACPermission.Permissions.INTEGRATIONS_READ], - "create": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "update": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "partial_update": [RBACPermission.Permissions.INTEGRATIONS_WRITE], - "reset": [RBACPermission.Permissions.INTEGRATIONS_WRITE], + "metadata": [RBACPermission.permissions.INTEGRATIONS_READ], + "list": [RBACPermission.permissions.INTEGRATIONS_READ], + "retrieve": [RBACPermission.permissions.INTEGRATIONS_READ], + "timeout_options": [RBACPermission.permissions.INTEGRATIONS_READ], + "create": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "update": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "partial_update": [RBACPermission.permissions.INTEGRATIONS_WRITE], + "reset": [RBACPermission.permissions.INTEGRATIONS_WRITE], } model = IntegrationHeartBeat diff --git a/engine/apps/api/views/labels.py b/engine/apps/api/views/labels.py index d27215f2e3..96ca7adfa0 100644 --- a/engine/apps/api/views/labels.py +++ b/engine/apps/api/views/labels.py @@ -38,13 +38,13 @@ class LabelsViewSet(LabelsFeatureFlagViewSet): permission_classes = (IsAuthenticated, RBACPermission) authentication_classes = (PluginAuthentication,) rbac_permissions = { - "create_label": [RBACPermission.Permissions.LABEL_CREATE], - "rename_key": [RBACPermission.Permissions.LABEL_WRITE], - "add_value": [RBACPermission.Permissions.LABEL_WRITE], - "rename_value": [RBACPermission.Permissions.LABEL_WRITE], - "get_keys": [RBACPermission.Permissions.LABEL_READ], - "get_key": [RBACPermission.Permissions.LABEL_READ], - "get_value": [RBACPermission.Permissions.LABEL_READ], + "create_label": [RBACPermission.permissions.LABEL_CREATE], + "rename_key": [RBACPermission.permissions.LABEL_WRITE], + "add_value": [RBACPermission.permissions.LABEL_WRITE], + "rename_value": [RBACPermission.permissions.LABEL_WRITE], + "get_keys": [RBACPermission.permissions.LABEL_READ], + "get_key": [RBACPermission.permissions.LABEL_READ], + "get_value": [RBACPermission.permissions.LABEL_READ], } @extend_schema(responses=LabelKeySerializer(many=True)) @@ -163,8 +163,8 @@ class AlertGroupLabelsViewSet(LabelsFeatureFlagViewSet): permission_classes = (IsAuthenticated, RBACPermission) authentication_classes = (PluginAuthentication,) rbac_permissions = { - "get_keys": [RBACPermission.Permissions.ALERT_GROUPS_READ], - "get_key": [RBACPermission.Permissions.ALERT_GROUPS_READ], + "get_keys": [RBACPermission.permissions.ALERT_GROUPS_READ], + "get_key": [RBACPermission.permissions.ALERT_GROUPS_READ], } @extend_schema(responses=LabelKeySerializer(many=True)) diff --git a/engine/apps/api/views/live_setting.py b/engine/apps/api/views/live_setting.py index 3068427a95..c9d110daf3 100644 --- a/engine/apps/api/views/live_setting.py +++ b/engine/apps/api/views/live_setting.py @@ -23,11 +23,11 @@ class LiveSettingViewSet(PublicPrimaryKeyMixin[LiveSetting], viewsets.ModelViewS authentication_classes = (PluginAuthentication,) permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "list": [RBACPermission.Permissions.OTHER_SETTINGS_READ], - "retrieve": [RBACPermission.Permissions.OTHER_SETTINGS_READ], - "create": [RBACPermission.Permissions.OTHER_SETTINGS_WRITE], - "update": [RBACPermission.Permissions.OTHER_SETTINGS_WRITE], - "destroy": [RBACPermission.Permissions.OTHER_SETTINGS_WRITE], + "list": [RBACPermission.permissions.OTHER_SETTINGS_READ], + "retrieve": [RBACPermission.permissions.OTHER_SETTINGS_READ], + "create": [RBACPermission.permissions.OTHER_SETTINGS_WRITE], + "update": [RBACPermission.permissions.OTHER_SETTINGS_WRITE], + "destroy": [RBACPermission.permissions.OTHER_SETTINGS_WRITE], } def dispatch(self, request, *args, **kwargs): diff --git a/engine/apps/api/views/on_call_shifts.py b/engine/apps/api/views/on_call_shifts.py index 99b0ec4c2b..448c61c8ca 100644 --- a/engine/apps/api/views/on_call_shifts.py +++ b/engine/apps/api/views/on_call_shifts.py @@ -26,17 +26,17 @@ class OnCallShiftView( permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "metadata": [RBACPermission.Permissions.SCHEDULES_READ], - "list": [RBACPermission.Permissions.SCHEDULES_READ], - "retrieve": [RBACPermission.Permissions.SCHEDULES_READ], - "details": [RBACPermission.Permissions.SCHEDULES_READ], - "frequency_options": [RBACPermission.Permissions.SCHEDULES_READ], - "days_options": [RBACPermission.Permissions.SCHEDULES_READ], - "create": [RBACPermission.Permissions.SCHEDULES_WRITE], - "update": [RBACPermission.Permissions.SCHEDULES_WRITE], - "partial_update": [RBACPermission.Permissions.SCHEDULES_WRITE], - "destroy": [RBACPermission.Permissions.SCHEDULES_WRITE], - "preview": [RBACPermission.Permissions.SCHEDULES_WRITE], + "metadata": [RBACPermission.permissions.SCHEDULES_READ], + "list": [RBACPermission.permissions.SCHEDULES_READ], + "retrieve": [RBACPermission.permissions.SCHEDULES_READ], + "details": [RBACPermission.permissions.SCHEDULES_READ], + "frequency_options": [RBACPermission.permissions.SCHEDULES_READ], + "days_options": [RBACPermission.permissions.SCHEDULES_READ], + "create": [RBACPermission.permissions.SCHEDULES_WRITE], + "update": [RBACPermission.permissions.SCHEDULES_WRITE], + "partial_update": [RBACPermission.permissions.SCHEDULES_WRITE], + "destroy": [RBACPermission.permissions.SCHEDULES_WRITE], + "preview": [RBACPermission.permissions.SCHEDULES_WRITE], } model = CustomOnCallShift diff --git a/engine/apps/api/views/organization.py b/engine/apps/api/views/organization.py index ee2b22e77d..94e7f1a30b 100644 --- a/engine/apps/api/views/organization.py +++ b/engine/apps/api/views/organization.py @@ -22,8 +22,8 @@ class CurrentOrganizationView(APIView): permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "get": [RBACPermission.Permissions.OTHER_SETTINGS_READ], - "put": [RBACPermission.Permissions.OTHER_SETTINGS_WRITE], + "get": [RBACPermission.permissions.OTHER_SETTINGS_READ], + "put": [RBACPermission.permissions.OTHER_SETTINGS_WRITE], } def get(self, request): @@ -55,7 +55,7 @@ class OrganizationConfigChecksView(APIView): permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "get": [RBACPermission.Permissions.OTHER_SETTINGS_READ], + "get": [RBACPermission.permissions.OTHER_SETTINGS_READ], } def get(self, request): @@ -69,7 +69,7 @@ class GetTelegramVerificationCode(APIView): permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "get": [RBACPermission.Permissions.INTEGRATIONS_WRITE], + "get": [RBACPermission.permissions.INTEGRATIONS_WRITE], } def get(self, request): @@ -94,7 +94,7 @@ class GetChannelVerificationCode(APIView): permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "get": [RBACPermission.Permissions.INTEGRATIONS_WRITE], + "get": [RBACPermission.permissions.INTEGRATIONS_WRITE], } def get(self, request): @@ -113,7 +113,7 @@ class SetDefaultSlackChannel(APIView): permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "post": [RBACPermission.Permissions.CHATOPS_UPDATE_SETTINGS], + "post": [RBACPermission.permissions.CHATOPS_UPDATE_SETTINGS], } def post(self, request): diff --git a/engine/apps/api/views/public_api_tokens.py b/engine/apps/api/views/public_api_tokens.py index 2bded740aa..19e4c036f0 100644 --- a/engine/apps/api/views/public_api_tokens.py +++ b/engine/apps/api/views/public_api_tokens.py @@ -21,11 +21,11 @@ class PublicApiTokenView( authentication_classes = [PluginAuthentication] permission_classes = [IsAuthenticated, RBACPermission] rbac_permissions = { - "metadata": [RBACPermission.Permissions.API_KEYS_READ], - "list": [RBACPermission.Permissions.API_KEYS_READ], - "retrieve": [RBACPermission.Permissions.API_KEYS_READ], - "create": [RBACPermission.Permissions.API_KEYS_WRITE], - "destroy": [RBACPermission.Permissions.API_KEYS_WRITE], + "metadata": [RBACPermission.permissions.API_KEYS_READ], + "list": [RBACPermission.permissions.API_KEYS_READ], + "retrieve": [RBACPermission.permissions.API_KEYS_READ], + "create": [RBACPermission.permissions.API_KEYS_WRITE], + "destroy": [RBACPermission.permissions.API_KEYS_WRITE], } model = ApiAuthToken diff --git a/engine/apps/api/views/resolution_note.py b/engine/apps/api/views/resolution_note.py index ee2e3a546a..a9a3c38ee3 100644 --- a/engine/apps/api/views/resolution_note.py +++ b/engine/apps/api/views/resolution_note.py @@ -20,13 +20,13 @@ class ResolutionNoteView( permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "metadata": [RBACPermission.Permissions.ALERT_GROUPS_READ], - "list": [RBACPermission.Permissions.ALERT_GROUPS_READ], - "retrieve": [RBACPermission.Permissions.ALERT_GROUPS_READ], - "create": [RBACPermission.Permissions.ALERT_GROUPS_WRITE], - "update": [RBACPermission.Permissions.ALERT_GROUPS_WRITE], - "partial_update": [RBACPermission.Permissions.ALERT_GROUPS_WRITE], - "destroy": [RBACPermission.Permissions.ALERT_GROUPS_WRITE], + "metadata": [RBACPermission.permissions.ALERT_GROUPS_READ], + "list": [RBACPermission.permissions.ALERT_GROUPS_READ], + "retrieve": [RBACPermission.permissions.ALERT_GROUPS_READ], + "create": [RBACPermission.permissions.ALERT_GROUPS_WRITE], + "update": [RBACPermission.permissions.ALERT_GROUPS_WRITE], + "partial_update": [RBACPermission.permissions.ALERT_GROUPS_WRITE], + "destroy": [RBACPermission.permissions.ALERT_GROUPS_WRITE], } model = ResolutionNote diff --git a/engine/apps/api/views/schedule.py b/engine/apps/api/views/schedule.py index e30aa8cbde..77be9417b3 100644 --- a/engine/apps/api/views/schedule.py +++ b/engine/apps/api/views/schedule.py @@ -80,27 +80,27 @@ class ScheduleView( ) permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "metadata": [RBACPermission.Permissions.SCHEDULES_READ], - "list": [RBACPermission.Permissions.SCHEDULES_READ], - "retrieve": [RBACPermission.Permissions.SCHEDULES_READ], - "events": [RBACPermission.Permissions.SCHEDULES_READ], - "filter_events": [RBACPermission.Permissions.SCHEDULES_READ], - "filter_shift_swaps": [RBACPermission.Permissions.SCHEDULES_READ], - "next_shifts_per_user": [RBACPermission.Permissions.SCHEDULES_READ], - "related_users": [RBACPermission.Permissions.SCHEDULES_READ], - "quality": [RBACPermission.Permissions.SCHEDULES_READ], - "notify_empty_oncall_options": [RBACPermission.Permissions.SCHEDULES_READ], - "notify_oncall_shift_freq_options": [RBACPermission.Permissions.SCHEDULES_READ], - "mention_options": [RBACPermission.Permissions.SCHEDULES_READ], - "related_escalation_chains": [RBACPermission.Permissions.SCHEDULES_READ], - "current_user_events": [RBACPermission.Permissions.SCHEDULES_READ], - "create": [RBACPermission.Permissions.SCHEDULES_WRITE], - "update": [RBACPermission.Permissions.SCHEDULES_WRITE], - "partial_update": [RBACPermission.Permissions.SCHEDULES_WRITE], - "destroy": [RBACPermission.Permissions.SCHEDULES_WRITE], - "reload_ical": [RBACPermission.Permissions.SCHEDULES_WRITE], - "export_token": [RBACPermission.Permissions.SCHEDULES_EXPORT], - "filters": [RBACPermission.Permissions.SCHEDULES_READ], + "metadata": [RBACPermission.permissions.SCHEDULES_READ], + "list": [RBACPermission.permissions.SCHEDULES_READ], + "retrieve": [RBACPermission.permissions.SCHEDULES_READ], + "events": [RBACPermission.permissions.SCHEDULES_READ], + "filter_events": [RBACPermission.permissions.SCHEDULES_READ], + "filter_shift_swaps": [RBACPermission.permissions.SCHEDULES_READ], + "next_shifts_per_user": [RBACPermission.permissions.SCHEDULES_READ], + "related_users": [RBACPermission.permissions.SCHEDULES_READ], + "quality": [RBACPermission.permissions.SCHEDULES_READ], + "notify_empty_oncall_options": [RBACPermission.permissions.SCHEDULES_READ], + "notify_oncall_shift_freq_options": [RBACPermission.permissions.SCHEDULES_READ], + "mention_options": [RBACPermission.permissions.SCHEDULES_READ], + "related_escalation_chains": [RBACPermission.permissions.SCHEDULES_READ], + "current_user_events": [RBACPermission.permissions.SCHEDULES_READ], + "create": [RBACPermission.permissions.SCHEDULES_WRITE], + "update": [RBACPermission.permissions.SCHEDULES_WRITE], + "partial_update": [RBACPermission.permissions.SCHEDULES_WRITE], + "destroy": [RBACPermission.permissions.SCHEDULES_WRITE], + "reload_ical": [RBACPermission.permissions.SCHEDULES_WRITE], + "export_token": [RBACPermission.permissions.SCHEDULES_EXPORT], + "filters": [RBACPermission.permissions.SCHEDULES_READ], } filter_backends = [SearchFilter, filters.DjangoFilterBackend] diff --git a/engine/apps/api/views/shift_swap.py b/engine/apps/api/views/shift_swap.py index bbc674efae..56833ddf43 100644 --- a/engine/apps/api/views/shift_swap.py +++ b/engine/apps/api/views/shift_swap.py @@ -101,14 +101,14 @@ class ShiftSwapViewSet(PublicPrimaryKeyMixin[ShiftSwapRequest], BaseShiftSwapVie permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "metadata": [RBACPermission.Permissions.SCHEDULES_READ], - "list": [RBACPermission.Permissions.SCHEDULES_READ], - "retrieve": [RBACPermission.Permissions.SCHEDULES_READ], - "create": [RBACPermission.Permissions.SCHEDULES_WRITE], - "update": [RBACPermission.Permissions.SCHEDULES_WRITE], - "partial_update": [RBACPermission.Permissions.SCHEDULES_WRITE], - "destroy": [RBACPermission.Permissions.SCHEDULES_WRITE], - "take": [RBACPermission.Permissions.SCHEDULES_WRITE], + "metadata": [RBACPermission.permissions.SCHEDULES_READ], + "list": [RBACPermission.permissions.SCHEDULES_READ], + "retrieve": [RBACPermission.permissions.SCHEDULES_READ], + "create": [RBACPermission.permissions.SCHEDULES_WRITE], + "update": [RBACPermission.permissions.SCHEDULES_WRITE], + "partial_update": [RBACPermission.permissions.SCHEDULES_WRITE], + "destroy": [RBACPermission.permissions.SCHEDULES_WRITE], + "take": [RBACPermission.permissions.SCHEDULES_WRITE], } is_beneficiary = IsOwner(ownership_field="beneficiary") diff --git a/engine/apps/api/views/slack_channel.py b/engine/apps/api/views/slack_channel.py index 6725ebc9f2..f2bc951369 100644 --- a/engine/apps/api/views/slack_channel.py +++ b/engine/apps/api/views/slack_channel.py @@ -25,8 +25,8 @@ class SlackChannelView( search_fields = ["name"] rbac_permissions = { - "list": [RBACPermission.Permissions.CHATOPS_READ], - "retrieve": [RBACPermission.Permissions.CHATOPS_READ], + "list": [RBACPermission.permissions.CHATOPS_READ], + "retrieve": [RBACPermission.permissions.CHATOPS_READ], } def get_queryset(self): diff --git a/engine/apps/api/views/slack_team_settings.py b/engine/apps/api/views/slack_team_settings.py index e91aa19d5a..b8e7cf8042 100644 --- a/engine/apps/api/views/slack_team_settings.py +++ b/engine/apps/api/views/slack_team_settings.py @@ -14,8 +14,8 @@ class SlackTeamSettingsAPIView(views.APIView): permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "get": [RBACPermission.Permissions.CHATOPS_READ], - "put": [RBACPermission.Permissions.CHATOPS_UPDATE_SETTINGS], + "get": [RBACPermission.permissions.CHATOPS_READ], + "put": [RBACPermission.permissions.CHATOPS_UPDATE_SETTINGS], } serializer_class = OrganizationSlackSettingsSerializer @@ -47,7 +47,7 @@ class AcknowledgeReminderOptionsAPIView(views.APIView): permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "get": [RBACPermission.Permissions.CHATOPS_READ], + "get": [RBACPermission.permissions.CHATOPS_READ], } def get(self, request): @@ -64,7 +64,7 @@ class UnAcknowledgeTimeoutOptionsAPIView(views.APIView): permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "get": [RBACPermission.Permissions.CHATOPS_READ], + "get": [RBACPermission.permissions.CHATOPS_READ], } def get(self, request): diff --git a/engine/apps/api/views/team.py b/engine/apps/api/views/team.py index 33ef7e3942..be0597366a 100644 --- a/engine/apps/api/views/team.py +++ b/engine/apps/api/views/team.py @@ -27,9 +27,9 @@ class TeamViewSet( ) permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "list": [RBACPermission.Permissions.OTHER_SETTINGS_READ], - "retrieve": [RBACPermission.Permissions.OTHER_SETTINGS_READ], - "update": [RBACPermission.Permissions.OTHER_SETTINGS_WRITE], + "list": [RBACPermission.permissions.OTHER_SETTINGS_READ], + "retrieve": [RBACPermission.permissions.OTHER_SETTINGS_READ], + "update": [RBACPermission.permissions.OTHER_SETTINGS_WRITE], } serializer_class = TeamSerializer diff --git a/engine/apps/api/views/telegram_channels.py b/engine/apps/api/views/telegram_channels.py index 90d7849e47..c61f57393f 100644 --- a/engine/apps/api/views/telegram_channels.py +++ b/engine/apps/api/views/telegram_channels.py @@ -22,11 +22,11 @@ class TelegramChannelViewSet( permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "metadata": [RBACPermission.Permissions.CHATOPS_READ], - "list": [RBACPermission.Permissions.CHATOPS_READ], - "retrieve": [RBACPermission.Permissions.CHATOPS_READ], - "destroy": [RBACPermission.Permissions.CHATOPS_UPDATE_SETTINGS], - "set_default": [RBACPermission.Permissions.CHATOPS_UPDATE_SETTINGS], + "metadata": [RBACPermission.permissions.CHATOPS_READ], + "list": [RBACPermission.permissions.CHATOPS_READ], + "retrieve": [RBACPermission.permissions.CHATOPS_READ], + "destroy": [RBACPermission.permissions.CHATOPS_UPDATE_SETTINGS], + "set_default": [RBACPermission.permissions.CHATOPS_UPDATE_SETTINGS], } serializer_class = TelegramToOrganizationConnectorSerializer diff --git a/engine/apps/api/views/user.py b/engine/apps/api/views/user.py index 56c46b35b3..28b10febb8 100644 --- a/engine/apps/api/views/user.py +++ b/engine/apps/api/views/user.py @@ -84,8 +84,8 @@ from common.recaptcha import check_recaptcha_internal_api logger = logging.getLogger(__name__) -IsOwnerOrHasUserSettingsAdminPermission = IsOwnerOrHasRBACPermissions([RBACPermission.Permissions.USER_SETTINGS_ADMIN]) -IsOwnerOrHasUserSettingsReadPermission = IsOwnerOrHasRBACPermissions([RBACPermission.Permissions.USER_SETTINGS_READ]) +IsOwnerOrHasUserSettingsAdminPermission = IsOwnerOrHasRBACPermissions([RBACPermission.permissions.USER_SETTINGS_ADMIN]) +IsOwnerOrHasUserSettingsReadPermission = IsOwnerOrHasRBACPermissions([RBACPermission.permissions.USER_SETTINGS_READ]) UPCOMING_SHIFTS_DEFAULT_DAYS = 7 @@ -119,9 +119,9 @@ def get_serializer_context(self): context = getattr(super(), "get_serializer_context", lambda: {})() context.update( { - "schedules_with_oncall_users": self.schedules_with_oncall_users - if self._populate_schedules_oncall_cache() - else {} + "schedules_with_oncall_users": ( + self.schedules_with_oncall_users if self._populate_schedules_oncall_cache() else {} + ) } ) return context @@ -213,28 +213,28 @@ class UserView( permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "retrieve": [RBACPermission.Permissions.USER_SETTINGS_READ], - "timezone_options": [RBACPermission.Permissions.USER_SETTINGS_READ], - "check_availability": [RBACPermission.Permissions.USER_SETTINGS_READ], - "metadata": [RBACPermission.Permissions.USER_SETTINGS_WRITE], - "list": [RBACPermission.Permissions.USER_SETTINGS_READ], - "update": [RBACPermission.Permissions.USER_SETTINGS_WRITE], - "partial_update": [RBACPermission.Permissions.USER_SETTINGS_WRITE], - "verify_number": [RBACPermission.Permissions.USER_SETTINGS_WRITE], - "forget_number": [RBACPermission.Permissions.USER_SETTINGS_WRITE], - "get_verification_code": [RBACPermission.Permissions.USER_SETTINGS_WRITE], - "get_verification_call": [RBACPermission.Permissions.USER_SETTINGS_WRITE], - "get_backend_verification_code": [RBACPermission.Permissions.USER_SETTINGS_READ], - "get_telegram_verification_code": [RBACPermission.Permissions.USER_SETTINGS_WRITE], - "unlink_slack": [RBACPermission.Permissions.USER_SETTINGS_WRITE], - "unlink_telegram": [RBACPermission.Permissions.USER_SETTINGS_WRITE], - "unlink_backend": [RBACPermission.Permissions.USER_SETTINGS_READ], - "make_test_call": [RBACPermission.Permissions.USER_SETTINGS_WRITE], - "send_test_push": [RBACPermission.Permissions.USER_SETTINGS_READ], - "send_test_sms": [RBACPermission.Permissions.USER_SETTINGS_WRITE], - "export_token": [RBACPermission.Permissions.USER_SETTINGS_WRITE], - "upcoming_shifts": [RBACPermission.Permissions.USER_SETTINGS_READ], - "filters": [RBACPermission.Permissions.USER_SETTINGS_READ], + "retrieve": [RBACPermission.permissions.USER_SETTINGS_READ], + "timezone_options": [RBACPermission.permissions.USER_SETTINGS_READ], + "check_availability": [RBACPermission.permissions.USER_SETTINGS_READ], + "metadata": [RBACPermission.permissions.USER_SETTINGS_WRITE], + "list": [RBACPermission.permissions.USER_SETTINGS_READ], + "update": [RBACPermission.permissions.USER_SETTINGS_WRITE], + "partial_update": [RBACPermission.permissions.USER_SETTINGS_WRITE], + "verify_number": [RBACPermission.permissions.USER_SETTINGS_WRITE], + "forget_number": [RBACPermission.permissions.USER_SETTINGS_WRITE], + "get_verification_code": [RBACPermission.permissions.USER_SETTINGS_WRITE], + "get_verification_call": [RBACPermission.permissions.USER_SETTINGS_WRITE], + "get_backend_verification_code": [RBACPermission.permissions.USER_SETTINGS_READ], + "get_telegram_verification_code": [RBACPermission.permissions.USER_SETTINGS_WRITE], + "unlink_slack": [RBACPermission.permissions.USER_SETTINGS_WRITE], + "unlink_telegram": [RBACPermission.permissions.USER_SETTINGS_WRITE], + "unlink_backend": [RBACPermission.permissions.USER_SETTINGS_READ], + "make_test_call": [RBACPermission.permissions.USER_SETTINGS_WRITE], + "send_test_push": [RBACPermission.permissions.USER_SETTINGS_READ], + "send_test_sms": [RBACPermission.permissions.USER_SETTINGS_WRITE], + "export_token": [RBACPermission.permissions.USER_SETTINGS_WRITE], + "upcoming_shifts": [RBACPermission.permissions.USER_SETTINGS_READ], + "filters": [RBACPermission.permissions.USER_SETTINGS_READ], } rbac_object_permissions = { @@ -304,7 +304,7 @@ def is_owner_or_admin(self): kwargs = self.kwargs is_users_own_data = kwargs.get("pk") is not None and kwargs.get("pk") == user.public_primary_key - has_admin_permission = user_is_authorized(user, [RBACPermission.Permissions.USER_SETTINGS_ADMIN]) + has_admin_permission = user_is_authorized(user, [RBACPermission.permissions.USER_SETTINGS_ADMIN]) return is_users_own_data or has_admin_permission diff --git a/engine/apps/api/views/user_group.py b/engine/apps/api/views/user_group.py index 31ccfea82d..8c056f09fb 100644 --- a/engine/apps/api/views/user_group.py +++ b/engine/apps/api/views/user_group.py @@ -17,8 +17,8 @@ class UserGroupViewSet( serializer_class = UserGroupSerializer rbac_permissions = { - "list": [RBACPermission.Permissions.CHATOPS_READ], - "retrieve": [RBACPermission.Permissions.CHATOPS_READ], + "list": [RBACPermission.permissions.CHATOPS_READ], + "retrieve": [RBACPermission.permissions.CHATOPS_READ], } filter_backends = (SearchFilter,) diff --git a/engine/apps/api/views/user_notification_policy.py b/engine/apps/api/views/user_notification_policy.py index 82f6cc11bd..a404257b1d 100644 --- a/engine/apps/api/views/user_notification_policy.py +++ b/engine/apps/api/views/user_notification_policy.py @@ -47,20 +47,20 @@ class UserNotificationPolicyView(UpdateSerializerMixin, OrderedModelViewSet): permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "metadata": [RBACPermission.Permissions.USER_SETTINGS_READ], - "list": [RBACPermission.Permissions.USER_SETTINGS_READ], - "retrieve": [RBACPermission.Permissions.USER_SETTINGS_READ], - "delay_options": [RBACPermission.Permissions.USER_SETTINGS_READ], - "notify_by_options": [RBACPermission.Permissions.USER_SETTINGS_READ], - "create": [RBACPermission.Permissions.USER_SETTINGS_WRITE], - "update": [RBACPermission.Permissions.USER_SETTINGS_WRITE], - "partial_update": [RBACPermission.Permissions.USER_SETTINGS_WRITE], - "destroy": [RBACPermission.Permissions.USER_SETTINGS_WRITE], - "move_to_position": [RBACPermission.Permissions.USER_SETTINGS_WRITE], + "metadata": [RBACPermission.permissions.USER_SETTINGS_READ], + "list": [RBACPermission.permissions.USER_SETTINGS_READ], + "retrieve": [RBACPermission.permissions.USER_SETTINGS_READ], + "delay_options": [RBACPermission.permissions.USER_SETTINGS_READ], + "notify_by_options": [RBACPermission.permissions.USER_SETTINGS_READ], + "create": [RBACPermission.permissions.USER_SETTINGS_WRITE], + "update": [RBACPermission.permissions.USER_SETTINGS_WRITE], + "partial_update": [RBACPermission.permissions.USER_SETTINGS_WRITE], + "destroy": [RBACPermission.permissions.USER_SETTINGS_WRITE], + "move_to_position": [RBACPermission.permissions.USER_SETTINGS_WRITE], } IsOwnerOrHasUserSettingsAdminPermission = IsOwnerOrHasRBACPermissions( - required_permissions=[RBACPermission.Permissions.USER_SETTINGS_ADMIN], ownership_field="user" + required_permissions=[RBACPermission.permissions.USER_SETTINGS_ADMIN], ownership_field="user" ) rbac_object_permissions = { diff --git a/engine/apps/api/views/webhooks.py b/engine/apps/api/views/webhooks.py index d249ef87e6..e66c55481b 100644 --- a/engine/apps/api/views/webhooks.py +++ b/engine/apps/api/views/webhooks.py @@ -77,18 +77,18 @@ class WebhooksView(TeamFilteringMixin, PublicPrimaryKeyMixin[Webhook], ModelView permission_classes = (IsAuthenticated, RBACPermission) rbac_permissions = { - "metadata": [RBACPermission.Permissions.OUTGOING_WEBHOOKS_READ], - "filters": [RBACPermission.Permissions.OUTGOING_WEBHOOKS_READ], - "list": [RBACPermission.Permissions.OUTGOING_WEBHOOKS_READ], - "retrieve": [RBACPermission.Permissions.OUTGOING_WEBHOOKS_READ], - "create": [RBACPermission.Permissions.OUTGOING_WEBHOOKS_WRITE], - "update": [RBACPermission.Permissions.OUTGOING_WEBHOOKS_WRITE], - "partial_update": [RBACPermission.Permissions.OUTGOING_WEBHOOKS_WRITE], - "destroy": [RBACPermission.Permissions.OUTGOING_WEBHOOKS_WRITE], - "responses": [RBACPermission.Permissions.OUTGOING_WEBHOOKS_READ], - "preview_template": [RBACPermission.Permissions.OUTGOING_WEBHOOKS_WRITE], - "preset_options": [RBACPermission.Permissions.OUTGOING_WEBHOOKS_READ], - "trigger_manual": [RBACPermission.Permissions.OUTGOING_WEBHOOKS_READ], + "metadata": [RBACPermission.permissions.OUTGOING_WEBHOOKS_READ], + "filters": [RBACPermission.permissions.OUTGOING_WEBHOOKS_READ], + "list": [RBACPermission.permissions.OUTGOING_WEBHOOKS_READ], + "retrieve": [RBACPermission.permissions.OUTGOING_WEBHOOKS_READ], + "create": [RBACPermission.permissions.OUTGOING_WEBHOOKS_WRITE], + "update": [RBACPermission.permissions.OUTGOING_WEBHOOKS_WRITE], + "partial_update": [RBACPermission.permissions.OUTGOING_WEBHOOKS_WRITE], + "destroy": [RBACPermission.permissions.OUTGOING_WEBHOOKS_WRITE], + "responses": [RBACPermission.permissions.OUTGOING_WEBHOOKS_READ], + "preview_template": [RBACPermission.permissions.OUTGOING_WEBHOOKS_WRITE], + "preset_options": [RBACPermission.permissions.OUTGOING_WEBHOOKS_READ], + "trigger_manual": [RBACPermission.permissions.OUTGOING_WEBHOOKS_READ], } model = Webhook