Commit 56ea7a0c authored by Lin Jen-Shin's avatar Lin Jen-Shin

Merge allowed_to_create? into CreatePipelineService

parent d89277c3
...@@ -164,20 +164,6 @@ module Ci ...@@ -164,20 +164,6 @@ module Ci
where.not(duration: nil).sum(:duration) where.not(duration: nil).sum(:duration)
end end
def self.allowed_to_create?(user, project, ref)
repo = project.repository
access = Gitlab::UserAccess.new(user, project: project)
Ability.allowed?(user, :create_pipeline, project) &&
if repo.ref_exists?("#{Gitlab::Git::BRANCH_REF_PREFIX}#{ref}")
access.can_push_or_merge_to_branch?(ref)
elsif repo.ref_exists?("#{Gitlab::Git::TAG_REF_PREFIX}#{ref}")
access.can_create_tag?(ref)
else
false
end
end
def self.internal_sources def self.internal_sources
sources.reject { |source| source == "external" }.values sources.reject { |source| source == "external" }.values
end end
......
...@@ -36,10 +36,6 @@ module Ci ...@@ -36,10 +36,6 @@ module Ci
update_attribute(:active, false) update_attribute(:active, false)
end end
def runnable_by_owner?
Ci::Pipeline.allowed_to_create?(owner, project, ref)
end
def set_next_run_at def set_next_run_at
self.next_run_at = Gitlab::Ci::CronParser.new(cron, cron_timezone).next_time_from(Time.now) self.next_run_at = Gitlab::Ci::CronParser.new(cron, cron_timezone).next_time_from(Time.now)
end end
......
...@@ -27,7 +27,7 @@ module Ci ...@@ -27,7 +27,7 @@ module Ci
return error('Reference not found') return error('Reference not found')
end end
unless triggering_user_allowed_for_ref?(trigger_request, ref) unless triggering_user_allowed_for_ref?(trigger_request)
return error("Insufficient permissions for protected #{ref}") return error("Insufficient permissions for protected #{ref}")
end end
...@@ -74,14 +74,26 @@ module Ci ...@@ -74,14 +74,26 @@ module Ci
pipeline.tap(&:process!) pipeline.tap(&:process!)
end end
def triggering_user_allowed_for_ref?(trigger_request, ref) def triggering_user_allowed_for_ref?(trigger_request)
triggering_user = current_user || trigger_request.trigger.owner triggering_user = current_user || trigger_request.trigger.owner
(triggering_user && (triggering_user && allowed_to_create?(triggering_user)) ||
Ci::Pipeline.allowed_to_create?(triggering_user, project, ref)) ||
!project.protected_for?(ref) !project.protected_for?(ref)
end end
def allowed_to_create?(triggering_user)
access = Gitlab::UserAccess.new(triggering_user, project: project)
Ability.allowed?(triggering_user, :create_pipeline, project) &&
if branch?
access.can_push_or_merge_to_branch?(ref)
elsif tag?
access.can_create_tag?(ref)
else
false
end
end
def update_merge_requests_head_pipeline def update_merge_requests_head_pipeline
return unless pipeline.latest? return unless pipeline.latest?
...@@ -145,7 +157,7 @@ module Ci ...@@ -145,7 +157,7 @@ module Ci
end end
def ref def ref
Gitlab::Git.ref_name(origin_ref) @ref ||= Gitlab::Git.ref_name(origin_ref)
end end
def valid_sha? def valid_sha?
......
...@@ -6,15 +6,12 @@ class PipelineScheduleWorker ...@@ -6,15 +6,12 @@ class PipelineScheduleWorker
Ci::PipelineSchedule.active.where("next_run_at < ?", Time.now) Ci::PipelineSchedule.active.where("next_run_at < ?", Time.now)
.preload(:owner, :project).find_each do |schedule| .preload(:owner, :project).find_each do |schedule|
begin begin
unless schedule.runnable_by_owner? pipeline = Ci::CreatePipelineService.new(schedule.project,
schedule.deactivate!
next
end
Ci::CreatePipelineService.new(schedule.project,
schedule.owner, schedule.owner,
ref: schedule.ref) ref: schedule.ref)
.execute(:schedule, save_on_errors: false, schedule: schedule) .execute(:schedule, save_on_errors: false, schedule: schedule)
schedule.deactivate! unless pipeline.persisted?
rescue => e rescue => e
Rails.logger.error "#{schedule.id}: Failed to create a scheduled pipeline: #{e.message}" Rails.logger.error "#{schedule.id}: Failed to create a scheduled pipeline: #{e.message}"
ensure ensure
......
...@@ -28,103 +28,6 @@ describe Ci::Pipeline, models: true do ...@@ -28,103 +28,6 @@ describe Ci::Pipeline, models: true do
it { is_expected.to respond_to :git_author_email } it { is_expected.to respond_to :git_author_email }
it { is_expected.to respond_to :short_sha } it { is_expected.to respond_to :short_sha }
describe '.allowed_to_create?' do
let(:user) { create(:user) }
let(:project) { create(:project, :repository) }
let(:ref) { 'master' }
subject { described_class.allowed_to_create?(user, project, ref) }
context 'when user is a developer' do
before do
project.add_developer(user)
end
it { is_expected.to be_truthy }
context 'when the branch is protected' do
let!(:protected_branch) do
create(:protected_branch, project: project, name: ref)
end
it { is_expected.to be_falsey }
context 'when developers are allowed to merge' do
let!(:protected_branch) do
create(:protected_branch,
:developers_can_merge,
project: project,
name: ref)
end
it { is_expected.to be_truthy }
end
end
context 'when the tag is protected' do
let(:ref) { 'v1.0.0' }
let!(:protected_tag) do
create(:protected_tag, project: project, name: ref)
end
it { is_expected.to be_falsey }
context 'when developers are allowed to create the tag' do
let!(:protected_tag) do
create(:protected_tag,
:developers_can_create,
project: project,
name: ref)
end
it { is_expected.to be_truthy }
end
end
end
context 'when user is a master' do
before do
project.add_master(user)
end
it { is_expected.to be_truthy }
context 'when the branch is protected' do
let!(:protected_branch) do
create(:protected_branch, project: project, name: ref)
end
it { is_expected.to be_truthy }
end
context 'when the tag is protected' do
let(:ref) { 'v1.0.0' }
let!(:protected_tag) do
create(:protected_tag, project: project, name: ref)
end
it { is_expected.to be_truthy }
context 'when no one can create the tag' do
let!(:protected_tag) do
create(:protected_tag,
:no_one_can_create,
project: project,
name: ref)
end
it { is_expected.to be_falsey }
end
end
end
context 'when owner cannot create pipeline' do
it { is_expected.to be_falsey }
end
end
describe '#source' do describe '#source' do
context 'when creating new pipeline' do context 'when creating new pipeline' do
let(:pipeline) do let(:pipeline) do
......
...@@ -432,4 +432,104 @@ describe Ci::CreatePipelineService, :services do ...@@ -432,4 +432,104 @@ describe Ci::CreatePipelineService, :services do
end end
end end
end end
describe '#allowed_to_create?' do
let(:user) { create(:user) }
let(:project) { create(:project, :repository) }
let(:ref) { 'master' }
subject do
described_class.new(project, user, ref: ref)
.send(:allowed_to_create?, user)
end
context 'when user is a developer' do
before do
project.add_developer(user)
end
it { is_expected.to be_truthy }
context 'when the branch is protected' do
let!(:protected_branch) do
create(:protected_branch, project: project, name: ref)
end
it { is_expected.to be_falsey }
context 'when developers are allowed to merge' do
let!(:protected_branch) do
create(:protected_branch,
:developers_can_merge,
project: project,
name: ref)
end
it { is_expected.to be_truthy }
end
end
context 'when the tag is protected' do
let(:ref) { 'v1.0.0' }
let!(:protected_tag) do
create(:protected_tag, project: project, name: ref)
end
it { is_expected.to be_falsey }
context 'when developers are allowed to create the tag' do
let!(:protected_tag) do
create(:protected_tag,
:developers_can_create,
project: project,
name: ref)
end
it { is_expected.to be_truthy }
end
end
end
context 'when user is a master' do
before do
project.add_master(user)
end
it { is_expected.to be_truthy }
context 'when the branch is protected' do
let!(:protected_branch) do
create(:protected_branch, project: project, name: ref)
end
it { is_expected.to be_truthy }
end
context 'when the tag is protected' do
let(:ref) { 'v1.0.0' }
let!(:protected_tag) do
create(:protected_tag, project: project, name: ref)
end
it { is_expected.to be_truthy }
context 'when no one can create the tag' do
let!(:protected_tag) do
create(:protected_tag,
:no_one_can_create,
project: project,
name: ref)
end
it { is_expected.to be_falsey }
end
end
end
context 'when owner cannot create pipeline' do
it { is_expected.to be_falsey }
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment