{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":543653178,"defaultBranch":"develop","name":"cvat","ownerLogin":"SpecLad","currentUserCanPush":false,"isFork":true,"isEmpty":false,"createdAt":"2022-09-30T14:57:11.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/2391761?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1725983587.0","currentOid":""},"activityList":{"items":[{"before":"a296ee7826e28c08a38735f745e1bb40e75f0190","after":null,"ref":"refs/heads/rd/bump-actions-checkout","pushedAt":"2024-09-10T15:53:07.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"}},{"before":"f7632b3919ec8682deeb46d66e08b8b5a4f6fc32","after":null,"ref":"refs/heads/bump-actions","pushedAt":"2024-09-10T15:53:02.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"}},{"before":"c95fa3fd6b3a35ca176bab15035e51abd10f7367","after":null,"ref":"refs/heads/mandatory-scopes","pushedAt":"2024-09-10T14:24:56.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"}},{"before":"fafc4c5e7857fd2b85edb5f15120a173d8b4a2c9","after":"f7632b3919ec8682deeb46d66e08b8b5a4f6fc32","ref":"refs/heads/bump-actions","pushedAt":"2024-09-10T13:59:52.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"},"commit":{"message":"Upgrade GitHub Actions to remove dependencies on Node 12/16","shortMessageHtmlLink":"Upgrade GitHub Actions to remove dependencies on Node 12/16"}},{"before":null,"after":"c95fa3fd6b3a35ca176bab15035e51abd10f7367","ref":"refs/heads/mandatory-scopes","pushedAt":"2024-09-10T11:09:05.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"},"commit":{"message":"`*Permission.get_scopes`: don't tolerate unknown actions\n\nWith almost all of the `get_scopes` methods, an unknown (action, method)\ncombination will result in an array like `[None]` being returned (sometimes\nwith other elements as well). If that happens, the OPA input will then have\n`\"scope\": null`, and so the policy evaluation will fail, unless the user is\nan admin.\n\nBecause of this, it's really easy to accidentally make a view admin-only,\nby forgetting to add/update an entry in `get_scopes` when making changes.\n\n`TaskPermission`, `MembershipPermission` and `WebhookPermission` are even\nworse, because they will just return an empty list of scopes, which will\nlater translate to an empty list of permissions, which means that everyone\nwill be permitted to perform the action. This can lead to vulnerabilities\nlike CVE-2024-45393.\n\nFix this by replacing all `.get` calls with indexing, which will cause\na crash if the (action, method) combo is unknown. This breaks one endpoint\n(`/api/webhooks/events`), which is supposed to be publicly accessible;\nfix that by disabling authorization for it.","shortMessageHtmlLink":"<code>*Permission.get_scopes</code>: don't tolerate unknown actions"}},{"before":"d94e44067a7dc881092ae6f414c0f3d84f251971","after":null,"ref":"refs/heads/function-kind","pushedAt":"2024-09-09T12:30:06.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"}},{"before":null,"after":"d94e44067a7dc881092ae6f414c0f3d84f251971","ref":"refs/heads/function-kind","pushedAt":"2024-09-09T11:50:06.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"},"commit":{"message":"Rename and move `LambdaType`\n\nThis enum is used for a field named `kind` in a resource located at\n`/api/lambda/function`, so it seems pretty clear that it should be named\n`FunctionKind`. (Or perhaps `LambdaFunctionKind`, but I omitted the \"lambda\"\nfor consistency with views and serializers.)\n\nIn addition to renaming, move it to `models`, so that it can be used by\nserializers. No such serializers currently exist, but I'd like to add them\nlater. Turn it into a Django choice enum as well, so that `__str__` works\nout of the box.","shortMessageHtmlLink":"Rename and move <code>LambdaType</code>"}},{"before":"6b105ed1609b9086e3f0b698150ab4f88595bc6b","after":null,"ref":"refs/heads/rd/show-model-id","pushedAt":"2024-09-09T11:24:09.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"}},{"before":"eafb7e20c014bc01b60b3ed28116a86237f107b6","after":"6b105ed1609b9086e3f0b698150ab4f88595bc6b","ref":"refs/heads/rd/show-model-id","pushedAt":"2024-09-06T16:49:00.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"},"commit":{"message":"Display the ID for non-system models\n\nThis is consistent with other user-controllable objects, and when you're\ntriggering the API manually, makes it easier to determine which ID to use.","shortMessageHtmlLink":"Display the ID for non-system models"}},{"before":null,"after":"eafb7e20c014bc01b60b3ed28116a86237f107b6","ref":"refs/heads/rd/show-model-id","pushedAt":"2024-09-06T16:45:44.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"},"commit":{"message":"Display the ID for non-system models\n\nThis is consistent with other user-controllable objects, and when you're\ntriggering the API manually, makes it easier to determine which ID to use.","shortMessageHtmlLink":"Display the ID for non-system models"}},{"before":"e588def01fc814ffc600621addc98cfa7b5fe0c4","after":null,"ref":"refs/heads/lambda-error-handling","pushedAt":"2024-09-06T11:31:24.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"}},{"before":"746c49ad3a6240aecc20a1bf5fa8e3a423c41af5","after":"e588def01fc814ffc600621addc98cfa7b5fe0c4","ref":"refs/heads/lambda-error-handling","pushedAt":"2024-09-06T10:54:43.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"},"commit":{"message":"Update tests","shortMessageHtmlLink":"Update tests"}},{"before":"e6b84ba9fe9d184db7285d636bce622a94100586","after":"746c49ad3a6240aecc20a1bf5fa8e3a423c41af5","ref":"refs/heads/lambda-error-handling","pushedAt":"2024-09-05T17:33:04.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"},"commit":{"message":"lambda_manager: revamp function parsing error handling\n\nThis has several goals:\n\n* Remove `LambdaType.UNKNOWN`. Functions with this non-type are useless\n  and should not be presented to the user.\n\n* Don't return 404 from the list endpoint if one function cannot be loaded.\n  This prevents one bad function from essentially disabling the entire\n  serverless function feature. Instead, log the error and ignore the\n  function.\n\n* Don't return 404 from other endpoints either when the problem is a bad\n  function. This is not a client problem. Raise an exception and let Django\n  log it and return a 500.\n\n* Remove HTTP codes from `LambdaFunction`, to improve separation of\n  concerns.","shortMessageHtmlLink":"lambda_manager: revamp function parsing error handling"}},{"before":null,"after":"e6b84ba9fe9d184db7285d636bce622a94100586","ref":"refs/heads/lambda-error-handling","pushedAt":"2024-09-05T17:09:35.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"},"commit":{"message":"lambda_manager: revamp function parsing error handling\n\nThis has several goals:\n\n* Remove `LambdaType.UNKNOWN`. Functions with this non-type are useless\n  and should not be presented to the user.\n\n* Don't return 404 from the list endpoint if one function cannot be loaded.\n  This prevents one bad function from essentially disabling the entire\n  serverless function feature. Instead, log the error and ignore the\n  function.\n\n* Don't return 404 from other endpoints either when the problem is a bad\n  function. This is not a client problem. Raise an exception and let Django\n  log it and return a 500.\n\n* Remove HTTP codes from `LambdaFunction`, to improve separation of\n  concerns.","shortMessageHtmlLink":"lambda_manager: revamp function parsing error handling"}},{"before":"305cb3e2a812bc5696426866c7954fec95ee81b9","after":null,"ref":"refs/heads/function-events","pushedAt":"2024-09-04T12:37:35.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"}},{"before":"6966b7a54c4040aea1b66cb8f0eda8c2f5e08d09","after":"305cb3e2a812bc5696426866c7954fec95ee81b9","ref":"refs/heads/function-events","pushedAt":"2024-09-04T10:44:43.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"},"commit":{"message":"Log events for function calls\n\nNote that I would've preferred the function ID to go into the `obj_id`\nfield, but function IDs are strings, and the field is numeric.","shortMessageHtmlLink":"Log events for function calls"}},{"before":"f9ec30d4698309733053e738ef44e743dfa20906","after":null,"ref":"refs/heads/no-cleanup","pushedAt":"2024-09-03T13:48:03.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"}},{"before":"4dcd14b933a2cab93f310ff0f8031636809abe37","after":"6966b7a54c4040aea1b66cb8f0eda8c2f5e08d09","ref":"refs/heads/function-events","pushedAt":"2024-09-03T13:46:13.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"},"commit":{"message":"Log events for function calls\n\nNote that I would've preferred the function ID to go into the `obj_id`\nfield, but function IDs are strings, and the field is numeric.","shortMessageHtmlLink":"Log events for function calls"}},{"before":"18398548a4e2952c7a05167479ce063d4049c190","after":"4dcd14b933a2cab93f310ff0f8031636809abe37","ref":"refs/heads/function-events","pushedAt":"2024-09-03T13:24:45.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"},"commit":{"message":"Log events for function calls\n\nNote that I would've preferred the function ID to go into the `obj_id`\nfield, but function IDs are strings, and the field is numeric.","shortMessageHtmlLink":"Log events for function calls"}},{"before":"ea4ec5f0336290daf37c62127c5115cdd9bd167d","after":"18398548a4e2952c7a05167479ce063d4049c190","ref":"refs/heads/function-events","pushedAt":"2024-09-03T12:58:44.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"},"commit":{"message":"Log events for function calls\n\nNote that I would've preferred the function ID to go into the `obj_id`\nfield, but function IDs are strings, and the field is numeric.","shortMessageHtmlLink":"Log events for function calls"}},{"before":null,"after":"ea4ec5f0336290daf37c62127c5115cdd9bd167d","ref":"refs/heads/function-events","pushedAt":"2024-09-03T12:51:56.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"},"commit":{"message":"Log events for function calls\n\nNote that I would've preferred the function ID to go into the `obj_id` field,\nbut function IDs are strings, and the field is numeric.","shortMessageHtmlLink":"Log events for function calls"}},{"before":null,"after":"f9ec30d4698309733053e738ef44e743dfa20906","ref":"refs/heads/no-cleanup","pushedAt":"2024-09-02T16:07:54.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"},"commit":{"message":"Remove the cleanup workflow\n\nGitHub Actions artifact storage is free for public repositories, so there seems\nto be no reason to remove artifacts after builds.","shortMessageHtmlLink":"Remove the cleanup workflow"}},{"before":"19d390f83e55860c247ce0838323caeb48d525fd","after":null,"ref":"refs/heads/artifacts-v4","pushedAt":"2024-09-02T15:06:07.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"}},{"before":"3366618ebb0ebac2cea4a2b2fe3d117575b18761","after":null,"ref":"refs/heads/rm-extra-checks","pushedAt":"2024-08-30T09:36:30.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"}},{"before":"2af816c9f7069d57c9fa814a9ea1e2cdfc04b5c0","after":null,"ref":"refs/heads/dockerfile-no-binary","pushedAt":"2024-08-29T11:05:08.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"}},{"before":"4e33b4b137cfcdb4b551b19f9cdf501135e3cbe2","after":"3366618ebb0ebac2cea4a2b2fe3d117575b18761","ref":"refs/heads/rm-extra-checks","pushedAt":"2024-08-28T17:44:12.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"},"commit":{"message":"Don't check permissions for the underlying resource when canceling requests\n\nIMO, these checks are not very useful. The permission logic for requests\nalready checks that the request is being canceled by the same user that\ncreated it. Therefore, these additional checks can only fail if a user\ncreates a request for some action, loses the permissions to do the same\naction again, and then tries to cancel the request. But cancelling a request\ndoes not do anything to the target resource (in fact, it _prevents_ some\nfuture actions from taking place), so I really don't see why this shouldn't\nbe allowed.\n\nIn addition, these checks create some problems:\n\n* If the creator of the request is no longer able to cancel it, we now have\n  a request that _nobody_ is allowed to cancel. That seems wrong.\n\n* To implement these checks, `RequestPermission` has to know which actions\n  require which permissions. This creates code duplication between it and\n  the other permission classes. It also causes a dependency on those\n  classes, which could create problems if we want to use the request API for\n  actions from the Enterprise version.","shortMessageHtmlLink":"Don't check permissions for the underlying resource when canceling re…"}},{"before":"6de27fd3e3c20742e846346486ff30e1207f32c7","after":"4e33b4b137cfcdb4b551b19f9cdf501135e3cbe2","ref":"refs/heads/rm-extra-checks","pushedAt":"2024-08-28T17:37:53.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"},"commit":{"message":"Don't check permissions for the underlying resource when canceling requests\n\nIMO, these checks are not very useful. The permission logic for requests\nalready checks that the request is being canceled by the same user that\ncreated it. Therefore, these additional checks can only fail if a user\ncreates a request for some action, loses the permissions to do the same\naction again, and then tries to cancel the request. But cancelling a request\ndoes not do anything to the target resource (in fact, it _prevents_ some\nfuture actions from taking place), so I really don't see why this shouldn't\nbe allowed.\n\nIn addition, these checks create some problems:\n\n* If the creator of the request is no longer able to cancel it, we now have\n  a request that _nobody_ is allowed to cancel. That seems wrong.\n\n* To implement these checks, `RequestPermission` has to know which actions\n  require which permissions. This creates code duplication between it and\n  the other permission classes. It also causes a dependency on those\n  classes, which could create problems if we want to use the request API for\n  actions from the Enterprise version.","shortMessageHtmlLink":"Don't check permissions for the underlying resource when canceling re…"}},{"before":null,"after":"6de27fd3e3c20742e846346486ff30e1207f32c7","ref":"refs/heads/rm-extra-checks","pushedAt":"2024-08-28T17:34:56.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"},"commit":{"message":"Don't check permissions for the underlying resource when canceling requests\n\nIMO, these checks are not very useful. The permission logic for requests\nalready checks that the request is being canceled by the same user that\ncreated it. Therefore, these additional checks can only fail if a user\ncreates a request for some action, loses the permissions to do the same\naction again, and then tries to cancel the request. But cancelling a request\ndoes not do anything to the target resource (in fact, it _prevents_ some\nfuture actions from taking place), so I really don't see why this shouldn't\nbe allowed.\n\nIn addition, these checks create some problems:\n\n* If the creator of the request is no longer able to cancel it, we now have\n  a request that _nobody_ is allowed to cancel. That seems wrong.\n\n* To implement these checks, `RequestPermission` has to know which actions\n  require which permissions. This creates code duplication between it and\n  the other permission classes. It also causes a dependency on those\n  classes, which could create problems if we want to use the request API for\n  actions from the Enterprise version.","shortMessageHtmlLink":"Don't check permissions for the underlying resource when canceling re…"}},{"before":"2defaa818633c65fb9b39a875132b14e09e6f9a1","after":"f1ecb66b5ff88c5a20041fba7dda8631af317945","ref":"refs/heads/autoannotation-request-api","pushedAt":"2024-08-28T11:31:20.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"},"commit":{"message":"TEST disable the old auto-annotation request API","shortMessageHtmlLink":"TEST disable the old auto-annotation request API"}},{"before":"2a88fb0c2e68e199dc3a917ca22ff12ed2fd8126","after":"2defaa818633c65fb9b39a875132b14e09e6f9a1","ref":"refs/heads/autoannotation-request-api","pushedAt":"2024-08-28T10:37:15.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"SpecLad","name":"Roman Donchenko","path":"/SpecLad","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/2391761?s=80&v=4"},"commit":{"message":"TEST disable the old auto-annotation request API","shortMessageHtmlLink":"TEST disable the old auto-annotation request API"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOS0xMFQxNTo1MzowNy4wMDAwMDBazwAAAASyQn2f","startCursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOS0xMFQxNTo1MzowNy4wMDAwMDBazwAAAASyQn2f","endCursor":"Y3Vyc29yOnYyOpK7MjAyNC0wOC0yOFQxMDozNzoxNS4wMDAwMDBazwAAAASmXe5w"}},"title":"Activity · SpecLad/cvat"}