add list users permission (#1362)

Co-authored-by: mike0sv <[email protected]>
evidentlyai · Nov 1, 2024 · 1952e06 · 1952e06
1 parent 4329352
commit 1952e06
Showing 1 changed file with 15 additions and 4 deletions.
diff --git a/src/evidently/ui/base.py b/src/evidently/ui/base.py
@@ -385,6 +385,7 @@ async def load_points_as_type(
 class Permission(Enum):
     GRANT_ROLE = "all_grant_role"
     REVOKE_ROLE = "all_revoke_role"
+    LIST_USERS = "all_list_users"
 
     ORG_READ = "org_read"
     ORG_WRITE = "org_write"
@@ -419,11 +420,13 @@ class DefaultRole(Enum):
     OWNER = "owner"
     EDITOR = "editor"
     VIEWER = "viewer"
+    DEMO_VIEWER = "demo_viewer"
 
 
 DEFAULT_ROLE_PERMISSIONS: Dict[Tuple[DefaultRole, Optional[EntityType]], Set[Permission]] = {
     (DefaultRole.OWNER, None): set(Permission),
     (DefaultRole.EDITOR, EntityType.Org): {
+        Permission.LIST_USERS,
         Permission.ORG_READ,
         Permission.ORG_CREATE_TEAM,
         Permission.TEAM_READ,
@@ -438,6 +441,7 @@ class DefaultRole(Enum):
         Permission.DATASET_DELETE,
     },
     (DefaultRole.EDITOR, EntityType.Team): {
+        Permission.LIST_USERS,
         Permission.TEAM_READ,
         Permission.TEAM_WRITE,
         Permission.TEAM_CREATE_PROJECT,
@@ -450,29 +454,36 @@ class DefaultRole(Enum):
         Permission.DATASET_DELETE,
     },
     (DefaultRole.EDITOR, EntityType.Project): {
+        Permission.LIST_USERS,
         Permission.PROJECT_READ,
         Permission.PROJECT_WRITE,
         Permission.PROJECT_SNAPSHOT_ADD,
     },
     (DefaultRole.EDITOR, EntityType.Dataset): {
+        Permission.LIST_USERS,
         Permission.DATASET_READ,
         Permission.DATASET_WRITE,
         Permission.DATASET_DELETE,
     },
     (DefaultRole.VIEWER, EntityType.Org): {
+        Permission.LIST_USERS,
         Permission.ORG_READ,
     },
     (DefaultRole.VIEWER, EntityType.Team): {
+        Permission.LIST_USERS,
         Permission.TEAM_READ,
         Permission.PROJECT_READ,
         Permission.DATASET_READ,
     },
     (DefaultRole.VIEWER, EntityType.Project): {
+        Permission.LIST_USERS,
         Permission.PROJECT_READ,
     },
     (DefaultRole.VIEWER, EntityType.Dataset): {
+        Permission.LIST_USERS,
         Permission.DATASET_READ,
     },
+    (DefaultRole.DEMO_VIEWER, None): {Permission.PROJECT_READ},
 }
 
 
@@ -659,9 +670,9 @@ async def _list_entity_users(
         raise NotImplementedError
 
     async def list_entity_users(self, user_id: UserID, entity_type: EntityType, entity_id: EntityID):
-        if not await self.check_entity_permission(user_id, entity_type, entity_id, ENTITY_READ_PERMISSION[entity_type]):
+        if not await self.check_entity_permission(user_id, entity_type, entity_id, Permission.LIST_USERS):
             raise ENTITY_NOT_FOUND_ERROR[entity_type]()
-        return await self._list_entity_users(entity_type, entity_id, ENTITY_READ_PERMISSION[entity_type])
+        return await self._list_entity_users(entity_type, entity_id, Permission.LIST_USERS)
 
     @abstractmethod
     async def _list_entity_users_with_roles(
@@ -670,9 +681,9 @@ async def _list_entity_users_with_roles(
         raise NotImplementedError
 
     async def list_entity_users_with_roles(self, user_id: UserID, entity_type: EntityType, entity_id: EntityID):
-        if not await self.check_entity_permission(user_id, entity_type, entity_id, ENTITY_READ_PERMISSION[entity_type]):
+        if not await self.check_entity_permission(user_id, entity_type, entity_id, Permission.LIST_USERS):
             raise ENTITY_NOT_FOUND_ERROR[entity_type]()
-        return await self._list_entity_users_with_roles(entity_type, entity_id, ENTITY_READ_PERMISSION[entity_type])
+        return await self._list_entity_users_with_roles(entity_type, entity_id, Permission.LIST_USERS)
 
     @abstractmethod
     async def list_user_teams(self, user_id: UserID, org_id: Optional[OrgID]) -> List[Team]: