snaakey/hydra
0
0
Fork 0
forked from lix-project/hydra
Code Pull requests Activity

Merge pull request #526 from grahamc/add-restart-jobs-role

Browse source 
Add a restart-jobs role
This commit is contained in:
Eelco Dolstra 2018-01-02 11:27:33 +01:00 committed by GitHub
parent 8913c682cf 83a48d2d4f
commit a4fc292c83
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 23 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/lib/Hydra/Controller/JobsetEval.pm
View file

@ -188,7 +188,7 @@ sub cancel : Chained('evalChain') PathPart('cancel') Args(0) {
sub restart { sub restart {
my ($self, $c, $condition) = @_; my ($self, $c, $condition) = @_;
requireProjectOwner($c, $c->stash->{eval}->project); requireRestartPrivileges($c, $c->stash->{eval}->project);
my $builds = $c->stash->{eval}->builds->search({ finished => 1, buildstatus => $condition }); my $builds = $c->stash->{eval}->builds->search({ finished => 1, buildstatus => $condition });
my $n = restartBuilds($c->model('DB')->schema, $builds); my $n = restartBuilds($c->model('DB')->schema, $builds);
$c->flash->{successMsg} = "$n builds have been restarted."; $c->flash->{successMsg} = "$n builds have been restarted.";

24
src/lib/Hydra/Helper/CatalystUtils.pm
View file

@ -12,7 +12,7 @@ our @EXPORT = qw(
getBuild getPreviousBuild getNextBuild getPreviousSuccessfulBuild getBuild getPreviousBuild getNextBuild getPreviousSuccessfulBuild
searchBuildsAndEvalsForJobset searchBuildsAndEvalsForJobset
error notFound gone accessDenied error notFound gone accessDenied
forceLogin requireUser requireProjectOwner requireAdmin requirePost isAdmin isProjectOwner forceLogin requireUser requireProjectOwner requireRestartPrivileges requireAdmin requirePost isAdmin isProjectOwner
trim trim
getLatestFinishedEval getFirstEval getLatestFinishedEval getFirstEval
paramToList paramToList
@ -172,7 +172,6 @@ sub requireUser {
forceLogin($c) if !$c->user_exists; forceLogin($c) if !$c->user_exists;
} }
sub isProjectOwner { sub isProjectOwner {
my ($c, $project) = @_; my ($c, $project) = @_;
return return
@ -182,6 +181,26 @@ sub isProjectOwner {
defined $c->model('DB::ProjectMembers')->find({ project => $project, userName => $c->user->username })); defined $c->model('DB::ProjectMembers')->find({ project => $project, userName => $c->user->username }));
} }
sub hasRestartJobsRole {
my ($c) = @_;
return $c->user_exists && $c->check_user_roles('restart-jobs');
}
sub mayRestartJobs {
my ($c, $project) = @_;
return
$c->user_exists &&
(isAdmin($c) ||
hasRestartJobsRole($c) ||
isProjectOwner($c, $project));
}
sub requireRestartPrivileges {
my ($c, $project) = @_;
requireUser($c);
accessDenied($c, "Only the project members, administrators, and accounts with restart-jobs privileges can perform this operation.")
unless mayRestartJobs($c, $project);
}
sub requireProjectOwner { sub requireProjectOwner {
my ($c, $project) = @_; my ($c, $project) = @_;
@ -196,7 +215,6 @@ sub isAdmin {
return $c->user_exists && $c->check_user_roles('admin'); return $c->user_exists && $c->check_user_roles('admin');
} }
sub requireAdmin { sub requireAdmin {
my ($c) = @_; my ($c) = @_;
requireUser($c); requireUser($c);

1
src/root/user.tt
View file

@ -80,6 +80,7 @@
<select multiple="multiple" name="roles" class="span3" [% IF !c.check_user_roles('admin') %]disabled="disabled"[% END %]> <select multiple="multiple" name="roles" class="span3" [% IF !c.check_user_roles('admin') %]disabled="disabled"[% END %]>
[% INCLUDE roleoption role="admin" %] [% INCLUDE roleoption role="admin" %]
[% INCLUDE roleoption role="create-projects" %] [% INCLUDE roleoption role="create-projects" %]
[% INCLUDE roleoption role="restart-jobs" %]
</select> </select>
</div> </div>
</div> </div>