Roles Permissions Matrix
Doccano relies on Django REST framework permissions (permissions.py) and also extend them permissions.py to perform user authorization. This is explained in a later section titled Authorization in Doccano
The following table represents the proposed roles and their access to the views in Doccano.
Views(V) are represented by the rows and Roles(R) by the columns.
*Not currently available but can be added.
| View ↓ / Role → | Project Admin | Annotator | Annotation Approver |
|---|---|---|---|
| Me | x | x | x |
| Features | x | x | x |
| ProjectList | x | x | x |
| ProjectDetail | x | x | x |
| StatisticsAPI | x | x | x |
| ApproveLabelsAPI | x | x | |
| LabelList | x | x | x |
| LabelDetail | x | x | x |
| DocumentList | x | x | x |
| DocumentDetail | x | x | x |
| AnnotationList | x | x | x |
| AnnotationDetail | x | x | x |
| TextUploadAPI | x | ||
| CloudUploadAPI | x | ||
| TextDownloadAPI | x |
| Permission | Condition |
|---|---|
| IsProjectUser | User has access to the project. |
| IsAdminUserAndWriteOnly | Request is of type 'GET' or 'HEAD' or 'OPTIONS'. If not then user must have is_staff level access. |
| IsOwnAnnotation | User has access to an annotation. |
| IsAuthenticated | User is authenticated. |
| IsAdminUser | Allows access only to admin users. |
| IsAuthenticatedOrReadOnly | The request is authenticated as a user or is a read-only request. |
Following is the list of views views.py in Doccano along with the authorization check(s) used. When more than one check is performed all of them need to be passed for the user to be authorized.
| View | Authorization Check(s) |
|---|---|
| Me | IsAuthenticated |
| Features | IsAuthenticated |
| ProjectList | IsAuthenticated, IsAdminUserAndWriteOnly |
| ProjectDetail | IsAuthenticated, IsProjectUser, IsAdminUserAndWriteOnly |
| StatisticsAPI | IsAuthenticated, IsAdminUserAndWriteOnly |
| ApproveLabelsAPI | IsAuthenticated, IsProjectUser, IsAdminUser |
| LabelList | IsAuthenticated, IsProjectUser, IsAdminUserAndWriteOnly |
| LabelDetail | IsAuthenticated, IsProjectUser, IsAdminUserAndWriteOnly |
| DocumentList | IsAuthenticated, IsProjectUser, IsAdminUserAndWriteOnly |
| DocumentDetail | IsAuthenticated, IsProjectUser, IsAdminUserAndWriteOnly |
| AnnotationList | IsAuthenticated, IsProjectUser |
| AnnotationDetail | IsAuthenticated, IsProjectUser, IsOwnAnnotation |
| TextUploadAPI | IsAuthenticated, IsProjectUser, IsAdminUser |
| CloudUploadAPI | IsAuthenticated, IsProjectUser, IsAdminUser |
| TextDownloadAPI | IsAuthenticated, IsProjectUser, IsAdminUser |
