Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Tatuya Kamada
gitlab-ce
Commits
b58744cd
Commit
b58744cd
authored
8 years ago
by
Tomasz Maczukin
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Modify authentication check methods in runners API
parent
553bac57
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
22 additions
and
24 deletions
+22
-24
lib/api/runners.rb
lib/api/runners.rb
+22
-24
No files found.
lib/api/runners.rb
View file @
b58744cd
...
@@ -31,7 +31,7 @@ module API
...
@@ -31,7 +31,7 @@ module API
# GET /runners/:id
# GET /runners/:id
get
':id'
do
get
':id'
do
runner
=
get_runner
(
params
[
:id
])
runner
=
get_runner
(
params
[
:id
])
can_show_runner?
(
runner
)
unless
current_user
.
is_admin?
authenticate_show_runner!
(
runner
)
present
runner
,
with:
Entities
::
RunnerDetails
,
user_is_admin:
current_user
.
is_admin?
present
runner
,
with:
Entities
::
RunnerDetails
,
user_is_admin:
current_user
.
is_admin?
end
end
...
@@ -47,7 +47,7 @@ module API
...
@@ -47,7 +47,7 @@ module API
# PUT /runners/:id
# PUT /runners/:id
put
':id'
do
put
':id'
do
runner
=
get_runner
(
params
[
:id
])
runner
=
get_runner
(
params
[
:id
])
can_update_runner?
(
runner
)
unless
current_user
.
is_admin?
authenticate_update_runner!
(
runner
)
attrs
=
attributes_for_keys
[
:description
,
:active
,
:tag_list
]
attrs
=
attributes_for_keys
[
:description
,
:active
,
:tag_list
]
if
runner
.
update
(
attrs
)
if
runner
.
update
(
attrs
)
...
@@ -65,7 +65,7 @@ module API
...
@@ -65,7 +65,7 @@ module API
# DELETE /runners/:id
# DELETE /runners/:id
delete
':id'
do
delete
':id'
do
runner
=
get_runner
(
params
[
:id
])
runner
=
get_runner
(
params
[
:id
])
can_delete_runner?
(
runner
)
authenticate_delete_runner!
(
runner
)
runner
.
destroy!
runner
.
destroy!
present
runner
,
with:
Entities
::
RunnerDetails
present
runner
,
with:
Entities
::
RunnerDetails
...
@@ -93,7 +93,7 @@ module API
...
@@ -93,7 +93,7 @@ module API
# POST /projects/:id/runners/:runner_id
# POST /projects/:id/runners/:runner_id
post
':id/runners/:runner_id'
do
post
':id/runners/:runner_id'
do
runner
=
get_runner
(
params
[
:runner_id
])
runner
=
get_runner
(
params
[
:runner_id
])
can_enable_runner?
(
runner
)
authenticate_enable_runner!
(
runner
)
Ci
::
RunnerProject
.
create
(
runner:
runner
,
project:
user_project
)
Ci
::
RunnerProject
.
create
(
runner:
runner
,
project:
user_project
)
present
runner
,
with:
Entities
::
Runner
present
runner
,
with:
Entities
::
Runner
...
@@ -111,7 +111,7 @@ module API
...
@@ -111,7 +111,7 @@ module API
not_found!
(
'Runner'
)
unless
runner_project
not_found!
(
'Runner'
)
unless
runner_project
runner
=
runner_project
.
runner
runner
=
runner_project
.
runner
forbidden!
(
"
Can't disable runner - only one project associated with it. Please remov
e runner instead"
)
if
runner
.
projects
.
count
==
1
forbidden!
(
"
Only one project associated with the runner. Please remove th
e runner instead"
)
if
runner
.
projects
.
count
==
1
runner_project
.
destroy
runner_project
.
destroy
...
@@ -137,34 +137,32 @@ module API
...
@@ -137,34 +137,32 @@ module API
runner
runner
end
end
def
can_show_runner?
(
runner
)
def
authenticate_show_runner!
(
runner
)
return
true
if
runner
.
is_shared
return
if
runner
.
is_shared
||
current_user
.
is_admin?
forbidden!
(
"
Can't show runner's details - n
o access granted"
)
unless
user_can_access_runner?
(
runner
)
forbidden!
(
"
N
o access granted"
)
unless
user_can_access_runner?
(
runner
)
end
end
def
can_update_runner?
(
runner
)
def
authenticate_update_runner!
(
runner
)
return
true
if
current_user
.
is_admin?
return
if
current_user
.
is_admin?
forbidden!
(
"
Can't update shared runner
"
)
if
runner
.
is_shared?
forbidden!
(
"
Runner is shared
"
)
if
runner
.
is_shared?
forbidden!
(
"
Can't update runner - n
o access granted"
)
unless
user_can_access_runner?
(
runner
)
forbidden!
(
"
N
o access granted"
)
unless
user_can_access_runner?
(
runner
)
end
end
def
can_delete_runner?
(
runner
)
def
authenticate_delete_runner!
(
runner
)
return
true
if
current_user
.
is_admin?
return
if
current_user
.
is_admin?
forbidden!
(
"
Can't delete shared runner
"
)
if
runner
.
is_shared?
forbidden!
(
"
Runner is shared
"
)
if
runner
.
is_shared?
forbidden!
(
"
Can't delete runner -
associated with more than one project"
)
if
runner
.
projects
.
count
>
1
forbidden!
(
"
Runner
associated with more than one project"
)
if
runner
.
projects
.
count
>
1
forbidden!
(
"
Can't delete runner - n
o access granted"
)
unless
user_can_access_runner?
(
runner
)
forbidden!
(
"
N
o access granted"
)
unless
user_can_access_runner?
(
runner
)
end
end
def
can_enable_runner?
(
runner
)
def
authenticate_enable_runner!
(
runner
)
forbidden!
(
"
Can't enable shared runner directly
"
)
if
runner
.
is_shared?
forbidden!
(
"
Runner is shared
"
)
if
runner
.
is_shared?
return
true
if
current_user
.
is_admin?
return
if
current_user
.
is_admin?
forbidden!
(
"
Can't update runner - n
o access granted"
)
unless
user_can_access_runner?
(
runner
)
forbidden!
(
"
N
o access granted"
)
unless
user_can_access_runner?
(
runner
)
end
end
def
user_can_access_runner?
(
runner
)
def
user_can_access_runner?
(
runner
)
runner
.
projects
.
inject
(
false
)
do
|
final
,
project
|
current_user
.
ci_authorized_runners
.
exists?
(
runner
.
id
)
final
||
abilities
.
allowed?
(
current_user
,
:admin_project
,
project
)
end
end
end
end
end
end
end
...
...
This diff is collapsed.
Click to expand it.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment