Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] Revisit permissions in FeedbackDataset via allowed_for_roles #3545

Closed
alvarobartt opened this issue Aug 10, 2023 · 0 comments · Fixed by #3601
Closed

[BUG] Revisit permissions in FeedbackDataset via allowed_for_roles #3545

alvarobartt opened this issue Aug 10, 2023 · 0 comments · Fixed by #3601
Assignees
@alvarobartt
Labels
area: api Indicates that an issue or pull request is related to the Fast API server or REST endpoints type: bug Indicates an unexpected problem or unintended behavior
Milestone
v1.15.0

Comments

@alvarobartt
Copy link
Member

Describe the bug

More than a bug, this is an issue created to revisit the permissions for the FeedbackDataset methods to ensure that the Python client permission restrictions via allowed_for_roles are matching the API policies.

Expected behavior

Ensure that the methods only allowed for either owners or admins with access to a given workspace are properly set, and that the PermissionErrors are raised when applicable.
@alvarobartt alvarobartt added type: bug Indicates an unexpected problem or unintended behavior area: api Indicates that an issue or pull request is related to the Fast API server or REST endpoints labels Aug 10, 2023
@alvarobartt alvarobartt added this to the 1.15.0 milestone Aug 10, 2023
@alvarobartt alvarobartt self-assigned this Aug 10, 2023
@alvarobartt alvarobartt mentioned this issue Aug 21, 2023
Merged
12 tasks
alvarobartt added a commit that referenced this issue Aug 22, 2023
@alvarobartt
fix: add allowed_for_roles to manage RemoteFeedbackDataset permis…
aeb5b8e 
…sions (#3601)

# Description

This PR adds `allowed_for_roles` for `RemoteFeedbackDataset`,
`RemoteFeedbackRecords`, and `RemoteFeedbackRecord` when needed, as the
`annotator` cannot do most of the operations.

Since the `RemoteFeedbackDataset`, `RemoteFeedbackRecords`, and
`RemoteFeedbackRecord` are just intended to be used from either an
`owner` or an `admin`, we should probably restrict everything to those
roles only.

Closes #3545

**Type of change**

- [X] Bug fix (non-breaking change which fixes an issue)
- [X] Improvement (change adding some improvement to an existing
functionality)

**How Has This Been Tested**

- [X] Add integration tests to check `role` in methods decorated with
`allowed_for_roles`
- [X] Add missing `await` before `RecordFactory`

**Checklist**

- [ ] I added relevant documentation
- [X] follows the style guidelines of this project
- [X] I did a self-review of my code
- [ ] I made corresponding changes to the documentation
- [X] My changes generate no new warnings
- [X] I have added tests that prove my fix is effective or that my
feature works
- [ ] I filled out [the contributor form](https://tally.so/r/n9XrxK)
(see text above)
- [X] I have added relevant notes to the CHANGELOG.md file (See
https://keepachangelog.com/)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@alvarobartt alvarobartt

Labels
area: api Indicates that an issue or pull request is related to the Fast API server or REST endpoints type: bug Indicates an unexpected problem or unintended behavior
Projects
None yet
Milestone
v1.15.0
Development

Successfully merging a pull request may close this issue.

fix: add allowed_for_roles to manage RemoteFeedbackDataset permissions argilla-io/argilla
1 participant
@alvarobartt