Merge pull request #526 from grahamc/add-restart-jobs-role

Add a restart-jobs role
2018-01-02 11:27:33 +01:00 · 2018-01-02 11:27:33 +01:00 · a4fc292c83
parent 8913c682cf 83a48d2d4f
commit a4fc292c83
3 changed files with 23 additions and 4 deletions
--- a/src/lib/Hydra/Controller/JobsetEval.pm
+++ b/src/lib/Hydra/Controller/JobsetEval.pm
@ -188,7 +188,7 @@ sub cancel : Chained('evalChain') PathPart('cancel') Args(0) {

 sub restart {
    my ($self, $c, $condition) = @_;
-    requireProjectOwner($c, $c->stash->{eval}->project);
+    requireRestartPrivileges($c, $c->stash->{eval}->project);
    my $builds = $c->stash->{eval}->builds->search({ finished => 1, buildstatus => $condition });
    my $n = restartBuilds($c->model('DB')->schema, $builds);
    $c->flash->{successMsg} = "$n builds have been restarted.";
--- a/src/lib/Hydra/Helper/CatalystUtils.pm
+++ b/src/lib/Hydra/Helper/CatalystUtils.pm
@ -12,7 +12,7 @@ our @EXPORT = qw(
    getBuild getPreviousBuild getNextBuild getPreviousSuccessfulBuild
    searchBuildsAndEvalsForJobset
    error notFound gone accessDenied
-    forceLogin requireUser requireProjectOwner requireAdmin requirePost isAdmin isProjectOwner
+    forceLogin requireUser requireProjectOwner requireRestartPrivileges requireAdmin requirePost isAdmin isProjectOwner
    trim
    getLatestFinishedEval getFirstEval
    paramToList
@ -172,7 +172,6 @@ sub requireUser {
    forceLogin($c) if !$c->user_exists;
 }

-
 sub isProjectOwner {
    my ($c, $project) = @_;
    return
@ -182,6 +181,26 @@ sub isProjectOwner {
         defined $c->model('DB::ProjectMembers')->find({ project => $project, userName => $c->user->username }));
 }

+sub hasRestartJobsRole {
+    my ($c) = @_;
+    return $c->user_exists && $c->check_user_roles('restart-jobs');
+}
+
+sub mayRestartJobs {
+    my ($c, $project) = @_;
+    return
+        $c->user_exists &&
+        (isAdmin($c) ||
+         hasRestartJobsRole($c) ||
+         isProjectOwner($c, $project));
+}
+
+sub requireRestartPrivileges {
+    my ($c, $project) = @_;
+    requireUser($c);
+    accessDenied($c, "Only the project members, administrators, and accounts with restart-jobs privileges can perform this operation.")
+        unless mayRestartJobs($c, $project);
+}

 sub requireProjectOwner {
    my ($c, $project) = @_;
@ -196,7 +215,6 @@ sub isAdmin {
    return $c->user_exists && $c->check_user_roles('admin');
 }

-
 sub requireAdmin {
    my ($c) = @_;
    requireUser($c);
--- a/src/root/user.tt
+++ b/src/root/user.tt
@ -80,6 +80,7 @@
          <select multiple="multiple" name="roles" class="span3" [% IF !c.check_user_roles('admin') %]disabled="disabled"[% END %]>
            [% INCLUDE roleoption role="admin" %]
            [% INCLUDE roleoption role="create-projects" %]
+            [% INCLUDE roleoption role="restart-jobs" %]
          </select>
        </div>
      </div>