rosa-build/app/policies/build_list_policy.rb

159 lines
4.6 KiB
Ruby
Raw Normal View History

2015-03-12 22:43:13 +00:00
class BuildListPolicy < ApplicationPolicy
2015-03-19 23:31:41 +00:00
def index?
true
end
def show?
record.user_id == user.id || ProjectPolicy.new(user, record.project).show?
end
alias_method :read?, :show?
alias_method :log?, :show?
alias_method :everything?, :show?
alias_method :owned?, :show?
alias_method :everything?, :show?
alias_method :list?, :show?
def create?
return false unless record.project.is_package
return false unless ProjectPolicy.new(user, record.project).write?
record.build_for_platform.blank? || PlatformPolicy.new(user, record.build_for_platform).show?
end
alias_method :rerun_tests?, :create?
def dependent_projects?
record.save_to_platform.main? && create?
end
def publish_into_testing?
return false unless record.can_publish_into_testing?
create? || ( record.save_to_platform.main? && publish? )
end
def publish?
return false unless record.can_publish?
if record.build_published?
local_admin?(record.save_to_platform) || record.save_to_repository.members.exists?(id: user.id)
else
record.save_to_repository.publish_without_qa ?
ProjectPolicy.new(user, record.project).write? : local_admin?(record.save_to_platform)
end
end
def create_container?
ProjectPolicy.new(user, record.project).write? || local_admin?(record.save_to_platform)
end
def reject_publish?
record.save_to_repository.publish_without_qa ?
ProjectPolicy.new(user, record.project).write? : local_admin?(record.save_to_platform)
end
def cancel?
ProjectPolicy.new(user, record.project).write?
end
# Public: Get list of parameters that the user is allowed to alter.
#
# Returns Array
def permitted_attributes
pa = %i(
arch_id
auto_create_container
auto_publish
auto_publish_status
build_for_platform_id
commit_hash
external_nodes
include_testing_subrepository
project_id
project_version
native_build
save_buildroot
save_to_platform_id
save_to_repository_id
use_cached_chroot
use_extra_tests
enable_32bit
)
pa << {
include_repos: [],
extra_build_lists: [],
extra_repositories: [],
extra_params: BuildList::EXTRA_PARAMS,
}
pa
end
2015-03-19 23:31:41 +00:00
class Scope < Scope
def read
scope.joins(:project).where <<-SQL, { user_id: policy.user.id, user_group_ids: policy.user_group_ids }
2015-03-19 23:31:41 +00:00
(
build_lists.user_id = :user_id
) OR (
projects.visibility = 'open'
) OR (
projects.owner_type = 'User' AND projects.owner_id = :user_id
) OR (
projects.owner_type = 'Group' AND projects.owner_id IN (:user_group_ids)
) OR (
projects.id = ANY (
ARRAY (
SELECT target_id
FROM relations
INNER JOIN projects ON projects.id = relations.target_id
WHERE relations.target_type = 'Project' AND
(
projects.owner_type = 'User' AND projects.owner_id != :user_id OR
projects.owner_type = 'Group' AND projects.owner_id NOT IN (:user_group_ids)
) AND (
relations.actor_type = 'User' AND relations.actor_id = :user_id OR
relations.actor_type = 'Group' AND relations.actor_id IN (:user_group_ids)
)
)
)
)
SQL
end
alias_method :everything, :read
def related
scope.joins(:project).where <<-SQL, { user_id: policy.user.id, user_group_ids: policy.user_group_ids }
(
build_lists.user_id = :user_id
) OR (
projects.owner_type = 'User' AND projects.owner_id = :user_id
) OR (
projects.owner_type = 'Group' AND projects.owner_id IN (:user_group_ids)
) OR (
projects.id = ANY (
ARRAY (
SELECT target_id
FROM relations
INNER JOIN projects ON projects.id = relations.target_id
WHERE relations.target_type = 'Project' AND
(
projects.owner_type = 'User' AND projects.owner_id != :user_id OR
projects.owner_type = 'Group' AND projects.owner_id NOT IN (:user_group_ids)
) AND (
relations.actor_type = 'User' AND relations.actor_id = :user_id OR
relations.actor_type = 'Group' AND relations.actor_id IN (:user_group_ids)
)
)
)
)
SQL
end
def owned
scope.joins(:project).where(user_id: policy.user)
end
def policy
@policy ||= Pundit.policy!(user, :build_list)
end
2015-03-19 23:31:41 +00:00
end
2015-03-12 22:43:13 +00:00
end