Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
9b58b8e3
Commit
9b58b8e3
authored
7 years ago
by
Shinya Maeda
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Do not allow jobs to be erased
parent
d4ceec9d
No related merge requests found
Changes
8
Hide whitespace changes
Inline
Side-by-side
Showing
8 changed files
with
60 additions
and
4 deletions
+60
-4
app/controllers/projects/jobs_controller.rb
app/controllers/projects/jobs_controller.rb
+5
-0
app/models/ci/build.rb
app/models/ci/build.rb
+4
-0
app/policies/ci/build_policy.rb
app/policies/ci/build_policy.rb
+5
-0
app/serializers/build_details_entity.rb
app/serializers/build_details_entity.rb
+1
-1
app/views/projects/jobs/show.html.haml
app/views/projects/jobs/show.html.haml
+1
-1
lib/api/jobs.rb
lib/api/jobs.rb
+1
-1
lib/api/v3/builds.rb
lib/api/v3/builds.rb
+1
-1
spec/policies/ci/build_policy_spec.rb
spec/policies/ci/build_policy_spec.rb
+42
-0
No files found.
app/controllers/projects/jobs_controller.rb
View file @
9b58b8e3
...
...
@@ -5,6 +5,7 @@ class Projects::JobsController < Projects::ApplicationController
only:
[
:index
,
:show
,
:status
,
:raw
,
:trace
]
before_action
:authorize_update_build!
,
except:
[
:index
,
:show
,
:status
,
:raw
,
:trace
,
:cancel_all
]
before_action
:authorize_erase_build!
,
only:
[
:erase
]
layout
'project'
...
...
@@ -131,6 +132,10 @@ class Projects::JobsController < Projects::ApplicationController
return
access_denied!
unless
can?
(
current_user
,
:update_build
,
build
)
end
def
authorize_erase_build!
return
access_denied!
unless
can?
(
current_user
,
:erase_build
,
build
)
end
def
build
@build
||=
project
.
builds
.
find
(
params
[
:id
])
.
present
(
current_user:
current_user
)
...
...
This diff is collapsed.
Click to expand it.
app/models/ci/build.rb
View file @
9b58b8e3
...
...
@@ -192,6 +192,10 @@ module Ci
project
.
build_timeout
end
def
owned_by?
(
current_user
)
user
==
current_user
end
# A slugified version of the build ref, suitable for inclusion in URLs and
# domain names. Rules:
#
...
...
This diff is collapsed.
Click to expand it.
app/policies/ci/build_policy.rb
View file @
9b58b8e3
...
...
@@ -10,6 +10,11 @@ module Ci
end
end
condition
(
:owner_of_build
)
do
can?
(
:developer_access
)
&&
@subject
.
owned_by?
(
@user
)
end
rule
{
protected_ref
}.
prevent
:update_build
rule
{
can?
(
:master_access
)
|
owner_of_build
}.
enable
:erase_build
end
end
This diff is collapsed.
Click to expand it.
app/serializers/build_details_entity.rb
View file @
9b58b8e3
...
...
@@ -6,7 +6,7 @@ class BuildDetailsEntity < JobEntity
expose
:pipeline
,
using:
PipelineEntity
expose
:erased_by
,
if:
->
(
*
)
{
build
.
erased?
},
using:
UserEntity
expose
:erase_path
,
if:
->
(
*
)
{
build
.
erasable?
&&
can?
(
current_user
,
:
update_build
,
project
)
}
do
|
build
|
expose
:erase_path
,
if:
->
(
*
)
{
build
.
erasable?
&&
can?
(
current_user
,
:
erase_build
,
build
)
}
do
|
build
|
erase_project_job_path
(
project
,
build
)
end
...
...
This diff is collapsed.
Click to expand it.
app/views/projects/jobs/show.html.haml
View file @
9b58b8e3
...
...
@@ -71,7 +71,7 @@
class:
'js-raw-link-controller has-tooltip controllers-buttons'
do
=
icon
(
'file-text-o'
)
-
if
can?
(
current_user
,
:update_build
,
@project
)
&&
@build
.
erasable?
-
if
@build
.
erasable?
&&
can?
(
current_user
,
:erase_build
,
@build
)
=
link_to
erase_project_job_path
(
@project
,
@build
),
method: :post
,
data:
{
confirm:
'Are you sure you want to erase this build?'
,
placement:
'top'
,
container:
'body'
},
...
...
This diff is collapsed.
Click to expand it.
lib/api/jobs.rb
View file @
9b58b8e3
...
...
@@ -136,7 +136,7 @@ module API
authorize_update_builds!
build
=
find_build!
(
params
[
:job_id
])
authorize!
(
:
updat
e_build
,
build
)
authorize!
(
:
eras
e_build
,
build
)
return
forbidden!
(
'Job is not erasable!'
)
unless
build
.
erasable?
build
.
erase
(
erased_by:
current_user
)
...
...
This diff is collapsed.
Click to expand it.
lib/api/v3/builds.rb
View file @
9b58b8e3
...
...
@@ -169,7 +169,7 @@ module API
authorize_update_builds!
build
=
get_build!
(
params
[
:build_id
])
authorize!
(
:
updat
e_build
,
build
)
authorize!
(
:
eras
e_build
,
build
)
return
forbidden!
(
'Build is not erasable!'
)
unless
build
.
erasable?
build
.
erase
(
erased_by:
current_user
)
...
...
This diff is collapsed.
Click to expand it.
spec/policies/ci/build_policy_spec.rb
View file @
9b58b8e3
...
...
@@ -150,5 +150,47 @@ describe Ci::BuildPolicy do
end
end
end
# TODO: Finish spec
describe
'rules for erase build'
do
let
(
:project
)
{
create
(
:project
,
:repository
)
}
let
(
:another_user
)
{
create
(
:user
)
}
context
'when developer created a build'
do
before
do
project
.
add_developer
(
user
)
end
context
'when the build was created by the user'
do
let
(
:build
)
{
create
(
:ci_build
,
user:
user
)
}
it
{
expect
(
policy
).
to
be_allowed
:erase_build
}
end
context
'when the build was created by others'
do
let
(
:build
)
{
create
(
:ci_build
,
user:
another_user
)
}
it
{
expect
(
policy
).
to
be_disallowed
:erase_build
}
end
end
context
'when master erases a build'
do
before
do
project
.
add_master
(
user
)
end
context
'when the build was created by the user'
do
let
(
:build
)
{
create
(
:ci_build
,
user:
user
)
}
it
{
expect
(
policy
).
to
be_allowed
:erase_build
}
end
context
'when the build was created by others'
do
let
(
:build
)
{
create
(
:ci_build
,
user:
another_user
)
}
it
{
expect
(
policy
).
to
be_allowed
:erase_build
}
end
end
end
end
end
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment