)]}'
{"cyborg/common/policy.py":[{"author":{"_account_id":21672,"name":"Sundar Nadathur","email":"sundar.nadathur@intel.com","username":"nsundar"},"change_message_id":"9778a8fd7b8e974760b5b3ec17e2eac13355145f","unresolved":false,"context_lines":[{"line_number":80,"context_line":"    policy.RuleDefault(\u0027cyborg:arq:get_one\u0027,"},{"line_number":81,"context_line":"                       \u0027rule:default\u0027,"},{"line_number":82,"context_line":"                       description\u003d\u0027Get an accelerator request record.\u0027),"},{"line_number":83,"context_line":"    policy.RuleDefault(\u0027cyborg:arq:create\u0027,"},{"line_number":84,"context_line":"                       \u0027rule:allow\u0027,"},{"line_number":85,"context_line":"                       description\u003d\u0027Create accelerator request records.\u0027),"},{"line_number":86,"context_line":"    policy.RuleDefault(\u0027cyborg:arq:delete\u0027,"}],"source_content_type":"text/x-python","patch_set":1,"id":"7faddb67_f18a5aba","line":83,"range":{"start_line":83,"start_character":35,"end_line":83,"end_character":41},"updated":"2019-08-26 22:41:12.000000000","message":"So, any user can create a request for any accelerator? Once a user creates an ARQ, \u0027update\u0027 rule (line 89) allows him to program the device too.\n\nThis is the part where I wasn\u0027t sure about security implication.","commit_id":"b5bb25e8cdee48f560b3a51d4376ee23392e9ba6"},{"author":{"_account_id":17813,"name":"wangzhh","email":"wzh_1993@126.com","username":"wangzhh"},"change_message_id":"2896062e958524bc7f8e7f9ba7eb383d40c87b6b","unresolved":false,"context_lines":[{"line_number":80,"context_line":"    policy.RuleDefault(\u0027cyborg:arq:get_one\u0027,"},{"line_number":81,"context_line":"                       \u0027rule:default\u0027,"},{"line_number":82,"context_line":"                       description\u003d\u0027Get an accelerator request record.\u0027),"},{"line_number":83,"context_line":"    policy.RuleDefault(\u0027cyborg:arq:create\u0027,"},{"line_number":84,"context_line":"                       \u0027rule:allow\u0027,"},{"line_number":85,"context_line":"                       description\u003d\u0027Create accelerator request records.\u0027),"},{"line_number":86,"context_line":"    policy.RuleDefault(\u0027cyborg:arq:delete\u0027,"}],"source_content_type":"text/x-python","patch_set":1,"id":"7faddb67_02fdf0b0","line":83,"range":{"start_line":83,"start_character":35,"end_line":83,"end_character":41},"in_reply_to":"7faddb67_f18a5aba","updated":"2019-09-24 08:58:22.000000000","message":"Valid user should be allowed to create ARQ, also admin and the owner should be allowed to update. And the program is a special action, so I think  \u0027update \u0027 method should check whether it is an admin when action is program.","commit_id":"b5bb25e8cdee48f560b3a51d4376ee23392e9ba6"},{"author":{"_account_id":21672,"name":"Sundar Nadathur","email":"sundar.nadathur@intel.com","username":"nsundar"},"change_message_id":"9778a8fd7b8e974760b5b3ec17e2eac13355145f","unresolved":false,"context_lines":[{"line_number":99,"context_line":"                       \u0027rule:default\u0027,"},{"line_number":100,"context_line":"                       description\u003d\u0027Get a device_profile record.\u0027),"},{"line_number":101,"context_line":"    policy.RuleDefault(\u0027cyborg:device_profile:create\u0027,"},{"line_number":102,"context_line":"                       \u0027rule:allow\u0027,"},{"line_number":103,"context_line":"                       description\u003d\u0027Create device_profile records.\u0027),"},{"line_number":104,"context_line":"    policy.RuleDefault(\u0027cyborg:device_profile:delete\u0027,"},{"line_number":105,"context_line":"                       \u0027rule:default\u0027,"}],"source_content_type":"text/x-python","patch_set":1,"id":"7faddb67_d1e15e9d","line":102,"range":{"start_line":102,"start_character":29,"end_line":102,"end_character":34},"updated":"2019-08-26 22:41:12.000000000","message":"Only admin can create device profiles, just like only admins create flavors.","commit_id":"b5bb25e8cdee48f560b3a51d4376ee23392e9ba6"},{"author":{"_account_id":17813,"name":"wangzhh","email":"wzh_1993@126.com","username":"wangzhh"},"change_message_id":"2896062e958524bc7f8e7f9ba7eb383d40c87b6b","unresolved":false,"context_lines":[{"line_number":99,"context_line":"                       \u0027rule:default\u0027,"},{"line_number":100,"context_line":"                       description\u003d\u0027Get a device_profile record.\u0027),"},{"line_number":101,"context_line":"    policy.RuleDefault(\u0027cyborg:device_profile:create\u0027,"},{"line_number":102,"context_line":"                       \u0027rule:allow\u0027,"},{"line_number":103,"context_line":"                       description\u003d\u0027Create device_profile records.\u0027),"},{"line_number":104,"context_line":"    policy.RuleDefault(\u0027cyborg:device_profile:delete\u0027,"},{"line_number":105,"context_line":"                       \u0027rule:default\u0027,"}],"source_content_type":"text/x-python","patch_set":1,"id":"7faddb67_1d6555af","line":102,"range":{"start_line":102,"start_character":29,"end_line":102,"end_character":34},"in_reply_to":"7faddb67_d1e15e9d","updated":"2019-09-24 08:58:22.000000000","message":"Done","commit_id":"b5bb25e8cdee48f560b3a51d4376ee23392e9ba6"},{"author":{"_account_id":21672,"name":"Sundar Nadathur","email":"sundar.nadathur@intel.com","username":"nsundar"},"change_message_id":"9778a8fd7b8e974760b5b3ec17e2eac13355145f","unresolved":false,"context_lines":[{"line_number":157,"context_line":""},{"line_number":158,"context_line":"def list_policies():"},{"line_number":159,"context_line":"    return default_policies \\"},{"line_number":160,"context_line":"        + accelerator_policies \\"},{"line_number":161,"context_line":"        + deployable_policies \\"},{"line_number":162,"context_line":"        + fpga_policies \\"},{"line_number":163,"context_line":"        + accelerator_request_policies \\"}],"source_content_type":"text/x-python","patch_set":1,"id":"7faddb67_f147baa2","line":160,"range":{"start_line":160,"start_character":10,"end_line":160,"end_character":30},"updated":"2019-08-26 22:41:12.000000000","message":"We don\u0027t need these any more, right?","commit_id":"b5bb25e8cdee48f560b3a51d4376ee23392e9ba6"},{"author":{"_account_id":17813,"name":"wangzhh","email":"wzh_1993@126.com","username":"wangzhh"},"change_message_id":"2896062e958524bc7f8e7f9ba7eb383d40c87b6b","unresolved":false,"context_lines":[{"line_number":157,"context_line":""},{"line_number":158,"context_line":"def list_policies():"},{"line_number":159,"context_line":"    return default_policies \\"},{"line_number":160,"context_line":"        + accelerator_policies \\"},{"line_number":161,"context_line":"        + deployable_policies \\"},{"line_number":162,"context_line":"        + fpga_policies \\"},{"line_number":163,"context_line":"        + accelerator_request_policies \\"}],"source_content_type":"text/x-python","patch_set":1,"id":"7faddb67_9d5945fe","line":160,"range":{"start_line":160,"start_character":10,"end_line":160,"end_character":30},"in_reply_to":"7faddb67_f147baa2","updated":"2019-09-24 08:58:22.000000000","message":"Done","commit_id":"b5bb25e8cdee48f560b3a51d4376ee23392e9ba6"},{"author":{"_account_id":21672,"name":"Sundar Nadathur","email":"sundar.nadathur@intel.com","username":"nsundar"},"change_message_id":"9778a8fd7b8e974760b5b3ec17e2eac13355145f","unresolved":false,"context_lines":[{"line_number":158,"context_line":"def list_policies():"},{"line_number":159,"context_line":"    return default_policies \\"},{"line_number":160,"context_line":"        + accelerator_policies \\"},{"line_number":161,"context_line":"        + deployable_policies \\"},{"line_number":162,"context_line":"        + fpga_policies \\"},{"line_number":163,"context_line":"        + accelerator_request_policies \\"},{"line_number":164,"context_line":"        + device_profile_policies"}],"source_content_type":"text/x-python","patch_set":1,"id":"7faddb67_91c44610","line":161,"range":{"start_line":161,"start_character":10,"end_line":161,"end_character":29},"updated":"2019-08-26 22:41:12.000000000","message":"Do we need/support these?","commit_id":"b5bb25e8cdee48f560b3a51d4376ee23392e9ba6"},{"author":{"_account_id":17813,"name":"wangzhh","email":"wzh_1993@126.com","username":"wangzhh"},"change_message_id":"2896062e958524bc7f8e7f9ba7eb383d40c87b6b","unresolved":false,"context_lines":[{"line_number":158,"context_line":"def list_policies():"},{"line_number":159,"context_line":"    return default_policies \\"},{"line_number":160,"context_line":"        + accelerator_policies \\"},{"line_number":161,"context_line":"        + deployable_policies \\"},{"line_number":162,"context_line":"        + fpga_policies \\"},{"line_number":163,"context_line":"        + accelerator_request_policies \\"},{"line_number":164,"context_line":"        + device_profile_policies"}],"source_content_type":"text/x-python","patch_set":1,"id":"7faddb67_7d09e9d9","line":161,"range":{"start_line":161,"start_character":10,"end_line":161,"end_character":29},"in_reply_to":"7faddb67_91c44610","updated":"2019-09-24 08:58:22.000000000","message":"Done","commit_id":"b5bb25e8cdee48f560b3a51d4376ee23392e9ba6"},{"author":{"_account_id":25738,"name":"Xinran WANG","email":"xin-ran.wang@intel.com","username":"Xinran"},"change_message_id":"aa80eb6670f0c5208679946c9daa527cabf469f2","unresolved":false,"context_lines":[{"line_number":80,"context_line":"    policy.RuleDefault(\u0027cyborg:arq:get_one\u0027,"},{"line_number":81,"context_line":"                       \u0027rule:default\u0027,"},{"line_number":82,"context_line":"                       description\u003d\u0027Get an accelerator request record.\u0027),"},{"line_number":83,"context_line":"    policy.RuleDefault(\u0027cyborg:arq:create\u0027,"},{"line_number":84,"context_line":"                       \u0027rule:allow\u0027,"},{"line_number":85,"context_line":"                       description\u003d\u0027Create accelerator request records.\u0027),"},{"line_number":86,"context_line":"    policy.RuleDefault(\u0027cyborg:arq:delete\u0027,"},{"line_number":87,"context_line":"                       \u0027rule:default\u0027,"},{"line_number":88,"context_line":"                       description\u003d\u0027Delete accelerator request records.\u0027),"},{"line_number":89,"context_line":"    policy.RuleDefault(\u0027cyborg:arq:update\u0027,"},{"line_number":90,"context_line":"                       \u0027rule:default\u0027,"},{"line_number":91,"context_line":"                       description\u003d\u0027Update accelerator request records.\u0027),"},{"line_number":92,"context_line":"]"},{"line_number":93,"context_line":""}],"source_content_type":"text/x-python","patch_set":3,"id":"3fa7e38b_beba5f07","line":90,"range":{"start_line":83,"start_character":0,"end_line":90,"end_character":38},"updated":"2019-09-20 07:13:34.000000000","message":"IMHO,  I don\u0027t think anyone can create/delete/update ARQ.Maybe admin or owner is better here.","commit_id":"7bed69c0e1105f086fcea6aaf4309a0e26cc7fa3"}]}