forked from lix-project/hydra
Add a restart-jobs role
Frequently users want Hydra access just to restart jobs. However, prior to this commit the only way to grant that access was by giving them full Admin access which isn't necessarily what we want to do. By having a restart-jobs role, we can grant this privilege to users who are known to the community and want to help, but aren't long-time members. I haven't tested this commit, but it looks good to me...
This commit is contained in:
parent
8913c682cf
commit
83a48d2d4f
3 changed files with 23 additions and 4 deletions
src
|
@ -188,7 +188,7 @@ sub cancel : Chained('evalChain') PathPart('cancel') Args(0) {
|
|||
|
||||
sub restart {
|
||||
my ($self, $c, $condition) = @_;
|
||||
requireProjectOwner($c, $c->stash->{eval}->project);
|
||||
requireRestartPrivileges($c, $c->stash->{eval}->project);
|
||||
my $builds = $c->stash->{eval}->builds->search({ finished => 1, buildstatus => $condition });
|
||||
my $n = restartBuilds($c->model('DB')->schema, $builds);
|
||||
$c->flash->{successMsg} = "$n builds have been restarted.";
|
||||
|
|
|
@ -12,7 +12,7 @@ our @EXPORT = qw(
|
|||
getBuild getPreviousBuild getNextBuild getPreviousSuccessfulBuild
|
||||
searchBuildsAndEvalsForJobset
|
||||
error notFound gone accessDenied
|
||||
forceLogin requireUser requireProjectOwner requireAdmin requirePost isAdmin isProjectOwner
|
||||
forceLogin requireUser requireProjectOwner requireRestartPrivileges requireAdmin requirePost isAdmin isProjectOwner
|
||||
trim
|
||||
getLatestFinishedEval getFirstEval
|
||||
paramToList
|
||||
|
@ -172,7 +172,6 @@ sub requireUser {
|
|||
forceLogin($c) if !$c->user_exists;
|
||||
}
|
||||
|
||||
|
||||
sub isProjectOwner {
|
||||
my ($c, $project) = @_;
|
||||
return
|
||||
|
@ -182,6 +181,26 @@ sub isProjectOwner {
|
|||
defined $c->model('DB::ProjectMembers')->find({ project => $project, userName => $c->user->username }));
|
||||
}
|
||||
|
||||
sub hasRestartJobsRole {
|
||||
my ($c) = @_;
|
||||
return $c->user_exists && $c->check_user_roles('restart-jobs');
|
||||
}
|
||||
|
||||
sub mayRestartJobs {
|
||||
my ($c, $project) = @_;
|
||||
return
|
||||
$c->user_exists &&
|
||||
(isAdmin($c) ||
|
||||
hasRestartJobsRole($c) ||
|
||||
isProjectOwner($c, $project));
|
||||
}
|
||||
|
||||
sub requireRestartPrivileges {
|
||||
my ($c, $project) = @_;
|
||||
requireUser($c);
|
||||
accessDenied($c, "Only the project members, administrators, and accounts with restart-jobs privileges can perform this operation.")
|
||||
unless mayRestartJobs($c, $project);
|
||||
}
|
||||
|
||||
sub requireProjectOwner {
|
||||
my ($c, $project) = @_;
|
||||
|
@ -196,7 +215,6 @@ sub isAdmin {
|
|||
return $c->user_exists && $c->check_user_roles('admin');
|
||||
}
|
||||
|
||||
|
||||
sub requireAdmin {
|
||||
my ($c) = @_;
|
||||
requireUser($c);
|
||||
|
|
|
@ -80,6 +80,7 @@
|
|||
<select multiple="multiple" name="roles" class="span3" [% IF !c.check_user_roles('admin') %]disabled="disabled"[% END %]>
|
||||
[% INCLUDE roleoption role="admin" %]
|
||||
[% INCLUDE roleoption role="create-projects" %]
|
||||
[% INCLUDE roleoption role="restart-jobs" %]
|
||||
</select>
|
||||
</div>
|
||||
</div>
|
||||
|
|
Loading…
Reference in a new issue