CatalystCode
diff --git a/‎README.md
Lines changed: 15 additions & 3 deletions b/‎README.md
Lines changed: 15 additions & 3 deletions
diff --git a/‎app/api/admin.py
Lines changed: 15 additions & 0 deletions b/‎app/api/admin.py
Lines changed: 15 additions & 0 deletions
diff --git a/‎app/api/migrations/0004_roles.py
Lines changed: 43 additions & 0 deletions b/‎app/api/migrations/0004_roles.py
Lines changed: 43 additions & 0 deletions
diff --git a/‎app/api/migrations/0005_merge_20191021_1548.py
Lines changed: 14 additions & 0 deletions b/‎app/api/migrations/0005_merge_20191021_1548.py
Lines changed: 14 additions & 0 deletions
diff --git a/‎app/api/models.py
Lines changed: 81 additions & 0 deletions b/‎app/api/models.py
Lines changed: 81 additions & 0 deletions
diff --git a/‎app/api/permissions.py
Lines changed: 65 additions & 14 deletions b/‎app/api/permissions.py
Lines changed: 65 additions & 14 deletions
@@ -150,6 +150,12 @@ Next we need to create a user who can login to the admin site. Run the following
 python manage.py create_admin --noinput --username "admin" --email "[email protected]" --password "password"
 ```
 
+Create the admin, annotator, and annotation approver roles to assign to users. Run the following command:
+
+```bash
+python manage.py create_roles
+```
+
 Developers can also validate that the project works as expected by running the tests:
 
 ```bash
@@ -184,7 +190,7 @@ Now, open a Web browser and go to <http://127.0.0.1:8000/login/>. You should see
 
 Now, try logging in with the superuser account you created in the previous step. You should see the doccano project list page:
 
-<img src="./docs/projects.png" alt="projects" width=600>
+<img src="./docs/projects.png" alt="Projects page" width=600>
 
 There is no project created yet. To create your project, make sure you’re in the project list page and select `Create Project` button. You should see the following screen:
 
@@ -235,17 +241,23 @@ Click `Labels` button in left bar to define your own labels. You should see the
 
 <img src="./docs/label_editor.png" alt="Edit label" width=600>
 
+### Assign Roles to Users
+
+Click `Users` button in left bar to assign project users to annotator, admin, or annotation approval roles.
+
+<img src="./docs/user_page.png" alt="Assign users to roles on project" width=600>
+
 ### Annotation
 
 Now, you are ready to annotate the texts. Just click the `Annotate Data` button in the navigation bar, you can start to annotate the documents you uploaded.
 
-<img src="./docs/annotation.png" alt="Edit label" width=600>
+<img src="./docs/annotation.png" alt="Annotate data" width=600>
 
 ### Export Data
 
 After the annotation step, you can download the annotated data. Click the `Edit data` button in navigation bar, and then click `Export Data`. You should see below screen:
 
-<img src="./docs/export_data.png" alt="Edit label" width=600>
+<img src="./docs/export_data.png" alt="Export data" width=600>
 
 You can export data as CSV file or JSON file by clicking the button. As for the export file format, you can check it here: [Export File Formats](https://github.com/chakki-works/doccano/wiki/Export-File-Formats). 
 
 
@@ -1,6 +1,7 @@
 from django.contrib import admin
 
 from .models import Label, Document, Project
+from .models import Role, RoleMapping
 from .models import DocumentAnnotation, SequenceAnnotation, Seq2seqAnnotation
 from .models import TextClassificationProject, SequenceLabelingProject, Seq2seqProject
 
@@ -41,6 +42,18 @@ class Seq2seqAnnotationAdmin(admin.ModelAdmin):
     search_fields = ('document',)
 
 
+class RoleAdmin(admin.ModelAdmin):
+    list_display = ('name', 'description')
+    ordering = ('name',)
+    search_fields = ('name',)
+
+
+class RoleMappingAdmin(admin.ModelAdmin):
+    list_display = ('user', 'role', 'project', )
+    ordering = ('user',)
+    search_fields = ('user',)
+
+
 admin.site.register(DocumentAnnotation, DocumentAnnotationAdmin)
 admin.site.register(SequenceAnnotation, SequenceAnnotationAdmin)
 admin.site.register(Seq2seqAnnotation, Seq2seqAnnotationAdmin)
@@ -50,3 +63,5 @@ class Seq2seqAnnotationAdmin(admin.ModelAdmin):
 admin.site.register(TextClassificationProject, ProjectAdmin)
 admin.site.register(SequenceLabelingProject, ProjectAdmin)
 admin.site.register(Seq2seqProject, ProjectAdmin)
+admin.site.register(Role, RoleAdmin)
+admin.site.register(RoleMapping, RoleMappingAdmin)
@@ -0,0 +1,43 @@
+# Generated by Django 2.1.7 on 2019-07-25 03:33
+
+from django.conf import settings
+from django.db import migrations, models
+import django.db.models.deletion
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        migrations.swappable_dependency(settings.AUTH_USER_MODEL),
+        ('api', '0003_support_sql_server'),
+    ]
+
+    operations = [
+        migrations.CreateModel(
+            name='Role',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('name', models.CharField(max_length=100, unique=True)),
+                ('description', models.TextField(default='', null=True)),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+            ],
+        ),
+        migrations.CreateModel(
+            name='RoleMapping',
+            fields=[
+                ('id', models.AutoField(auto_created=True, primary_key=True, serialize=False, verbose_name='ID')),
+                ('created_at', models.DateTimeField(auto_now_add=True)),
+                ('updated_at', models.DateTimeField(auto_now=True)),
+                ('project', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE,
+                                              related_name='role_mappings', to='api.Project')),
+                ('role', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE, to='api.Role')),
+                ('user', models.ForeignKey(on_delete=django.db.models.deletion.CASCADE,
+                                           related_name='role_mappings', to=settings.AUTH_USER_MODEL)),
+            ],
+        ),
+        migrations.AlterUniqueTogether(
+            name='rolemapping',
+            unique_together={('user', 'project', 'role')},
+        ),
+    ]
@@ -0,0 +1,14 @@
+# Generated by Django 2.1.7 on 2019-10-21 15:48
+
+from django.db import migrations
+
+
+class Migration(migrations.Migration):
+
+    dependencies = [
+        ('api', '0004_project_collaborative_annotation'),
+        ('api', '0004_roles'),
+    ]
+
+    operations = [
+    ]
@@ -1,7 +1,10 @@
 import string
 
 from django.db import models
+from django.dispatch import receiver
+from django.db.models.signals import post_save, pre_delete
 from django.urls import reverse
+from django.conf import settings
 from django.contrib.auth.models import User
 from django.contrib.staticfiles.storage import staticfiles_storage
 from django.core.exceptions import ValidationError
@@ -237,3 +240,81 @@ class Seq2seqAnnotation(Annotation):
 
     class Meta:
         unique_together = ('document', 'user', 'text')
+
+
+class Role(models.Model):
+    name = models.CharField(max_length=100, unique=True)
+    description = models.TextField(default='')
+    created_at = models.DateTimeField(auto_now_add=True)
+    updated_at = models.DateTimeField(auto_now=True)
+
+    def __str__(self):
+        return self.name
+
+
+class RoleMapping(models.Model):
+    user = models.ForeignKey(User, related_name='role_mappings', on_delete=models.CASCADE)
+    project = models.ForeignKey(Project, related_name='role_mappings', on_delete=models.CASCADE)
+    role = models.ForeignKey(Role, on_delete=models.CASCADE)
+    created_at = models.DateTimeField(auto_now_add=True)
+    updated_at = models.DateTimeField(auto_now=True)
+
+    def clean(self):
+        other_rolemappings = self.project.role_mappings.exclude(id=self.id)
+
+        if other_rolemappings.filter(user=self.user, project=self.project).exists():
+            raise ValidationError('This user is already assigned to a role in this project.')
+
+    class Meta:
+        unique_together = ("user", "project", "role")
+
+
+@receiver(post_save, sender=RoleMapping)
+def add_linked_project(sender, instance, created, **kwargs):
+    if not created:
+        return
+    userInstance = instance.user
+    projectInstance = instance.project
+    if userInstance and projectInstance:
+        user = User.objects.get(pk=userInstance.pk)
+        project = Project.objects.get(pk=projectInstance.pk)
+        user.projects.add(project)
+        user.save()
+
+
+@receiver(post_save)
+def add_superusers_to_project(sender, instance, created, **kwargs):
+    if not created:
+        return
+    if sender not in Project.__subclasses__():
+        return
+    superusers = User.objects.filter(is_superuser=True)
+    admin_role = Role.objects.filter(name=settings.ROLE_PROJECT_ADMIN).first()
+    if superusers and admin_role:
+        RoleMapping.objects.bulk_create(
+            [RoleMapping(role_id=admin_role.id, user_id=superuser.id, project_id=instance.id)
+             for superuser in superusers]
+        )
+
+
+@receiver(post_save, sender=User)
+def add_new_superuser_to_projects(sender, instance, created, **kwargs):
+    if created and instance.is_superuser:
+        admin_role = Role.objects.filter(name=settings.ROLE_PROJECT_ADMIN).first()
+        projects = Project.objects.all()
+        if admin_role and projects:
+            RoleMapping.objects.bulk_create(
+                [RoleMapping(role_id=admin_role.id, user_id=instance.id, project_id=project.id)
+                 for project in projects]
+            )
+
+
+@receiver(pre_delete, sender=RoleMapping)
+def delete_linked_project(sender, instance, using, **kwargs):
+    userInstance = instance.user
+    projectInstance = instance.project
+    if userInstance and projectInstance:
+        user = User.objects.get(pk=userInstance.pk)
+        project = Project.objects.get(pk=projectInstance.pk)
+        user.projects.remove(project)
+        user.save()
@@ -1,18 +1,16 @@
+from django.conf import settings
 from django.contrib.auth.mixins import UserPassesTestMixin
+from django.db.models import Subquery
 from django.shortcuts import get_object_or_404
 from rest_framework.permissions import BasePermission, SAFE_METHODS, IsAdminUser
 
-from .models import Project
+from .models import Project, Role, RoleMapping
 
 
-class IsProjectUser(BasePermission):
-
-    def has_permission(self, request, view):
-        user = request.user
-        project_id = view.kwargs.get('project_id') or request.query_params.get('project_id')
-        project = get_object_or_404(Project, pk=project_id)
-
-        return user in project.users.all()
+class ProjectMixin:
+    @classmethod
+    def get_project_id(self, request, view):
+        return view.kwargs.get('project_id') or request.query_params.get('project_id')
 
 
 class IsAdminUserAndWriteOnly(BasePermission):
@@ -24,19 +22,72 @@ def has_permission(self, request, view):
         return IsAdminUser().has_permission(request, view)
 
 
-class SuperUserMixin(UserPassesTestMixin):
-
+class ProjectAdminMixin(UserPassesTestMixin):
     def test_func(self):
-        return self.request.user.is_superuser
+        return self.request.user.is_superuser or is_in_role(
+            role_name=IsProjectAdmin.role_name,
+            user_id=self.request.user.id,
+            project_id=self.kwargs['project_id'],
+        )
 
 
-class IsOwnAnnotation(BasePermission):
+class IsOwnAnnotation(ProjectMixin, BasePermission):
 
     def has_permission(self, request, view):
-        project_id = view.kwargs.get('project_id')
+        project_id = self.get_project_id(request, view)
         annotation_id = view.kwargs.get('annotation_id')
         project = get_object_or_404(Project, pk=project_id)
         model = project.get_annotation_class()
         annotation = model.objects.filter(id=annotation_id, user=request.user)
 
         return annotation.exists()
+
+
+class RolePermission(ProjectMixin, BasePermission):
+    UNSAFE_METHODS = ('POST', 'PATCH', 'DELETE')
+    unsafe_methods_check = True
+    role_name = ''
+
+    def has_permission(self, request, view):
+        if request.user.is_superuser:
+            return True
+
+        if self.unsafe_methods_check and request.method in self.UNSAFE_METHODS:
+            return request.user.is_superuser
+
+        project_id = self.get_project_id(request, view)
+        if not project_id and request.method in SAFE_METHODS:
+            return True
+
+        return is_in_role(self.role_name, request.user.id, project_id)
+
+
+class IsProjectAdmin(RolePermission):
+    unsafe_methods_check = False
+    role_name = settings.ROLE_PROJECT_ADMIN
+
+
+class IsAnnotatorAndReadOnly(RolePermission):
+    role_name = settings.ROLE_ANNOTATOR
+
+
+class IsAnnotator(RolePermission):
+    unsafe_methods_check = False
+    role_name = settings.ROLE_ANNOTATOR
+
+
+class IsAnnotationApproverAndReadOnly(RolePermission):
+    role_name = settings.ROLE_ANNOTATION_APPROVER
+
+
+class IsAnnotationApprover(RolePermission):
+    unsafe_methods_check = False
+    role_name = settings.ROLE_ANNOTATION_APPROVER
+
+
+def is_in_role(role_name, user_id, project_id):
+    return RoleMapping.objects.filter(
+        user_id=user_id,
+        project_id=project_id,
+        role_id=Subquery(Role.objects.filter(name=role_name).values('id')),
+    ).exists()