lix-project/hydra
3
0
Fork 6
Code Issues Pull requests 1 Packages Projects Releases Wiki Activity

Merge pull request #687 from andir/more-roles

Browse source 
Add `cancel-build` & `bump-to-front` roles
This commit is contained in:
Graham Christensen 2019-11-07 17:52:58 +01:00 committed by GitHub
parent 45f8a0ef66 841a47cabe
commit e89ea733d0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
4 changed files with 50 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
src/lib/Hydra/Controller/Build.pm
View file

@ -504,7 +504,7 @@ sub restart : Chained('buildChain') PathPart Args(0) {
sub cancel : Chained('buildChain') PathPart Args(0) { sub cancel : Chained('buildChain') PathPart Args(0) {
my ($self, $c) = @_; my ($self, $c) = @_;
my $build = $c->stash->{build}; my $build = $c->stash->{build};
requireProjectOwner($c, $build->project); requireCancelBuildPrivileges($c, $build->project);
my $n = cancelBuilds($c->model('DB')->schema, $c->model('DB::Builds')->search({ id => $build->id })); my $n = cancelBuilds($c->model('DB')->schema, $c->model('DB::Builds')->search({ id => $build->id }));
error($c, "This build cannot be cancelled.") if $n != 1; error($c, "This build cannot be cancelled.") if $n != 1;
$c->flash->{successMsg} = "Build has been cancelled."; $c->flash->{successMsg} = "Build has been cancelled.";
@ -540,7 +540,7 @@ sub bump : Chained('buildChain') PathPart('bump') {
my $build = $c->stash->{build}; my $build = $c->stash->{build};
requireProjectOwner($c, $build->project); # FIXME: require admin? requireBumpPrivileges($c, $build->project);
$c->model('DB')->schema->txn_do(sub { $c->model('DB')->schema->txn_do(sub {
$build->update({globalpriority => time()}); $build->update({globalpriority => time()});

4
src/lib/Hydra/Controller/JobsetEval.pm
View file

@ -179,7 +179,7 @@ sub create_jobset : Chained('evalChain') PathPart('create-jobset') Args(0) {
sub cancel : Chained('evalChain') PathPart('cancel') Args(0) { sub cancel : Chained('evalChain') PathPart('cancel') Args(0) {
my ($self, $c) = @_; my ($self, $c) = @_;
requireProjectOwner($c, $c->stash->{eval}->project); requireCancelBuildPrivileges($c, $c->stash->{eval}->project);
my $n = cancelBuilds($c->model('DB')->schema, $c->stash->{eval}->builds); my $n = cancelBuilds($c->model('DB')->schema, $c->stash->{eval}->builds);
$c->flash->{successMsg} = "$n builds have been cancelled."; $c->flash->{successMsg} = "$n builds have been cancelled.";
$c->res->redirect($c->uri_for($c->controller('JobsetEval')->action_for('view'), $c->req->captures)); $c->res->redirect($c->uri_for($c->controller('JobsetEval')->action_for('view'), $c->req->captures));
@ -210,7 +210,7 @@ sub restart_failed : Chained('evalChain') PathPart('restart-failed') Args(0) {
sub bump : Chained('evalChain') PathPart('bump') Args(0) { sub bump : Chained('evalChain') PathPart('bump') Args(0) {
my ($self, $c) = @_; my ($self, $c) = @_;
requireProjectOwner($c, $c->stash->{eval}->project); # FIXME: require admin? requireBumpPrivileges($c, $c->stash->{eval}->project); # FIXME: require admin?
my $builds = $c->stash->{eval}->builds->search({ finished => 0 }); my $builds = $c->stash->{eval}->builds->search({ finished => 0 });
my $n = $builds->count(); my $n = $builds->count();
$c->model('DB')->schema->txn_do(sub { $c->model('DB')->schema->txn_do(sub {

44
src/lib/Hydra/Helper/CatalystUtils.pm
View file

@ -13,6 +13,8 @@ our @EXPORT = qw(
searchBuildsAndEvalsForJobset searchBuildsAndEvalsForJobset
error notFound gone accessDenied error notFound gone accessDenied
forceLogin requireUser requireProjectOwner requireRestartPrivileges requireAdmin requirePost isAdmin isProjectOwner forceLogin requireUser requireProjectOwner requireRestartPrivileges requireAdmin requirePost isAdmin isProjectOwner
requireBumpPrivileges
requireCancelBuildPrivileges
trim trim
getLatestFinishedEval getFirstEval getLatestFinishedEval getFirstEval
paramToList paramToList
@ -181,6 +183,48 @@ sub isProjectOwner {
defined $c->model('DB::ProjectMembers')->find({ project => $project, userName => $c->user->username })); defined $c->model('DB::ProjectMembers')->find({ project => $project, userName => $c->user->username }));
} }
sub hasCancelBuildRole {
my ($c) = @_;
return $c->user_exists && $c->check_user_roles('cancel-build');
}
sub mayCancelBuild {
my ($c, $project) = @_;
return
$c->user_exists &&
(isAdmin($c) ||
hasCancelBuildRole($c) ||
isProjectOwner($c, $project));
}
sub requireCancelBuildPrivileges {
my ($c, $project) = @_;
requireUser($c);
accessDenied($c, "Only the project members, administrators, and accounts with cancel-build privileges can perform this operation.")
unless mayCancelBuild($c, $project);
}
sub hasBumpJobsRole {
my ($c) = @_;
return $c->user_exists && $c->check_user_roles('bump-to-front');
}
sub mayBumpJobs {
my ($c, $project) = @_;
return
$c->user_exists &&
(isAdmin($c) ||
hasBumpJobsRole($c) ||
isProjectOwner($c, $project));
}
sub requireBumpPrivileges {
my ($c, $project) = @_;
requireUser($c);
accessDenied($c, "Only the project members, administrators, and accounts with bump-to-front privileges can perform this operation.")
unless mayBumpJobs($c, $project);
}
sub hasRestartJobsRole { sub hasRestartJobsRole {
my ($c) = @_; my ($c) = @_;
return $c->user_exists && $c->check_user_roles('restart-jobs'); return $c->user_exists && $c->check_user_roles('restart-jobs');

2
src/root/user.tt
View file

@ -81,6 +81,8 @@
[% INCLUDE roleoption role="admin" %] [% INCLUDE roleoption role="admin" %]
[% INCLUDE roleoption role="create-projects" %] [% INCLUDE roleoption role="create-projects" %]
[% INCLUDE roleoption role="restart-jobs" %] [% INCLUDE roleoption role="restart-jobs" %]
[% INCLUDE roleoption role="bump-to-front" %]
[% INCLUDE roleoption role="cancel-build" %]
</select> </select>
</div> </div>
</div> </div>