From 841a47cabed81299dea0972312216dfdfdb6d896 Mon Sep 17 00:00:00 2001 From: Andreas Rammhold Date: Tue, 5 Nov 2019 19:29:36 +0100 Subject: [PATCH] Add cancel-build role --- src/lib/Hydra/Controller/Build.pm | 2 +- src/lib/Hydra/Controller/JobsetEval.pm | 2 +- src/lib/Hydra/Helper/CatalystUtils.pm | 22 ++++++++++++++++++++++ src/root/user.tt | 1 + 4 files changed, 25 insertions(+), 2 deletions(-) diff --git a/src/lib/Hydra/Controller/Build.pm b/src/lib/Hydra/Controller/Build.pm index b62b4994..22bfd98e 100644 --- a/src/lib/Hydra/Controller/Build.pm +++ b/src/lib/Hydra/Controller/Build.pm @@ -504,7 +504,7 @@ sub restart : Chained('buildChain') PathPart Args(0) { sub cancel : Chained('buildChain') PathPart Args(0) { my ($self, $c) = @_; my $build = $c->stash->{build}; - requireProjectOwner($c, $build->project); + requireCancelBuildPrivileges($c, $build->project); my $n = cancelBuilds($c->model('DB')->schema, $c->model('DB::Builds')->search({ id => $build->id })); error($c, "This build cannot be cancelled.") if $n != 1; $c->flash->{successMsg} = "Build has been cancelled."; diff --git a/src/lib/Hydra/Controller/JobsetEval.pm b/src/lib/Hydra/Controller/JobsetEval.pm index 31d5d4c4..62c655e7 100644 --- a/src/lib/Hydra/Controller/JobsetEval.pm +++ b/src/lib/Hydra/Controller/JobsetEval.pm @@ -179,7 +179,7 @@ sub create_jobset : Chained('evalChain') PathPart('create-jobset') Args(0) { sub cancel : Chained('evalChain') PathPart('cancel') Args(0) { my ($self, $c) = @_; - requireProjectOwner($c, $c->stash->{eval}->project); + requireCancelBuildPrivileges($c, $c->stash->{eval}->project); my $n = cancelBuilds($c->model('DB')->schema, $c->stash->{eval}->builds); $c->flash->{successMsg} = "$n builds have been cancelled."; $c->res->redirect($c->uri_for($c->controller('JobsetEval')->action_for('view'), $c->req->captures)); diff --git a/src/lib/Hydra/Helper/CatalystUtils.pm b/src/lib/Hydra/Helper/CatalystUtils.pm index fa88aacb..d363f966 100644 --- a/src/lib/Hydra/Helper/CatalystUtils.pm +++ b/src/lib/Hydra/Helper/CatalystUtils.pm @@ -14,6 +14,7 @@ our @EXPORT = qw( error notFound gone accessDenied forceLogin requireUser requireProjectOwner requireRestartPrivileges requireAdmin requirePost isAdmin isProjectOwner requireBumpPrivileges + requireCancelBuildPrivileges trim getLatestFinishedEval getFirstEval paramToList @@ -182,6 +183,27 @@ sub isProjectOwner { defined $c->model('DB::ProjectMembers')->find({ project => $project, userName => $c->user->username })); } +sub hasCancelBuildRole { + my ($c) = @_; + return $c->user_exists && $c->check_user_roles('cancel-build'); +} + +sub mayCancelBuild { + my ($c, $project) = @_; + return + $c->user_exists && + (isAdmin($c) || + hasCancelBuildRole($c) || + isProjectOwner($c, $project)); +} + +sub requireCancelBuildPrivileges { + my ($c, $project) = @_; + requireUser($c); + accessDenied($c, "Only the project members, administrators, and accounts with cancel-build privileges can perform this operation.") + unless mayCancelBuild($c, $project); +} + sub hasBumpJobsRole { my ($c) = @_; return $c->user_exists && $c->check_user_roles('bump-to-front'); diff --git a/src/root/user.tt b/src/root/user.tt index 86f35916..d489d338 100644 --- a/src/root/user.tt +++ b/src/root/user.tt @@ -82,6 +82,7 @@ [% INCLUDE roleoption role="create-projects" %] [% INCLUDE roleoption role="restart-jobs" %] [% INCLUDE roleoption role="bump-to-front" %] + [% INCLUDE roleoption role="cancel-build" %]