diff --git a/app/controllers/api/v1/platforms_controller.rb b/app/controllers/api/v1/platforms_controller.rb index d8b8c2b53..52bc77c46 100644 --- a/app/controllers/api/v1/platforms_controller.rb +++ b/app/controllers/api/v1/platforms_controller.rb @@ -1,14 +1,14 @@ class Api::V1::PlatformsController < Api::V1::BaseController before_filter :authenticate_user! skip_before_filter :authenticate_user!, only: :allowed - skip_before_filter :authenticate_user!, only: %i(show platforms_for_build members cached_chroot) if APP_CONFIG['anonymous_access'] - before_filter :set_token, only: %i(allowed cached_chroot) - - load_and_authorize_resource except: %i(allowed cached_chroot) - load_resource only: :cached_chroot + skip_before_filter :authenticate_user!, only: [:show, :platforms_for_build, :members] if APP_CONFIG['anonymous_access'] + load_and_authorize_resource except: :allowed def allowed - if Platform.allowed?(params[:path] || '', @token) + if request.authorization.present? + token, pass = *ActionController::HttpAuthentication::Basic::user_name_and_password(request) + end + if Platform.allowed?(params[:path] || '', token) render nothing: true else render nothing: true, status: 403 @@ -23,14 +23,6 @@ class Api::V1::PlatformsController < Api::V1::BaseController def show end - def cached_chroot - if sha1 = @platform.cached_chroot(@token, params[:arch]) - redirect_to "#{APP_CONFIG['file_store_url']}/api/v1/file_stores/#{sha1}" - else - render nothing: true, status: 403 - end - end - def platforms_for_build @platforms = Platform.main.opened.paginate(paginate_params) render :index @@ -82,12 +74,4 @@ class Api::V1::PlatformsController < Api::V1::BaseController destroy_subject @platform end - protected - - def set_token - if request.authorization.present? - @token, pass = *ActionController::HttpAuthentication::Basic::user_name_and_password(request) - end - end - end diff --git a/app/models/build_list.rb b/app/models/build_list.rb index 9ac0694ec..08fca978d 100644 --- a/app/models/build_list.rb +++ b/app/models/build_list.rb @@ -513,15 +513,20 @@ class BuildList < ActiveRecord::Base git_project_address = project.git_project_address user # git_project_address.gsub!(/^http:\/\/(0\.0\.0\.0|localhost)\:[\d]+/, 'https://abf.rosalinux.ru') unless Rails.env.production? + cmd_params = { 'GIT_PROJECT_ADDRESS' => git_project_address, 'COMMIT_HASH' => commit_hash, - 'USE_CACHED_CHROOT' => use_cached_chroot?, 'EXTRA_CFG_OPTIONS' => extra_params['cfg_options'], 'EXTRA_CFG_URPM_OPTIONS' => extra_params['cfg_urpm_options'], 'EXTRA_BUILD_SRC_RPM_OPTIONS' => extra_params['build_src_rpm'], 'EXTRA_BUILD_RPM_OPTIONS' => extra_params['build_rpm'] - }.map{ |k, v| "#{k}='#{v}'" }.join(' ') + } + if use_cached_chroot? + sha1 = build_for_platform.cached_chroot(arch.name) + cmd_params.merge!('CACHED_CHROOT_SHA1' => sha1) if sha1.present? + end + cmd_params = cmd_params.map{ |k, v| "#{k}='#{v}'" }.join(' ') { id: id, diff --git a/app/models/platform.rb b/app/models/platform.rb index 467466fe6..c3af78768 100644 --- a/app/models/platform.rb +++ b/app/models/platform.rb @@ -223,30 +223,26 @@ class Platform < ActiveRecord::Base platform = Platform.find_by name: platform_name next false unless platform next true unless platform.hidden? - platform.has_access?(token) + return false if token.blank? + return true if platform.tokens.by_active.where(authentication_token: token).exists? + user = User.find_by(authentication_token: token) + current_ability = Ability.new(user) + user && current_ability.can?(:show, platform) ? true : false end end - def cached_chroot(token, arch) + def cached_chroot(arch) return false if personal? - Rails.cache.fetch([:cached_chroot, token, name, arch], expires_in: 10.minutes) do + Rails.cache.fetch([:cached_chroot, name, arch], expires_in: 10.minutes) do product = products.where(name: CACHED_CHROOT_PRODUCT_NAME).first next false unless product pbl = product.product_build_lists.for_status(ProductBuildList::BUILD_COMPLETED).recent.first next false unless pbl - next false if hidden? && !has_access?(token) - pbl.results.results.find{ |r| r['file_name'] =~ /^cached-chroot-#{arch}/ } || false + result = pbl.results.results.find{ |r| r['file_name'] =~ /-#{arch}.tar.gz$/ } + result.present? ? result['sha1'] : false end end - def has_access?(token) - return false if token.blank? - return true if tokens.by_active.where(authentication_token: token).exists? - user = User.find_by(authentication_token: token) - current_ability = Ability.new(user) - user && current_ability.can?(:show, self) ? true : false - end - def self.autostart_metadata_regeneration(value) Platform.main.where(automatic_metadata_regeneration: value).each(&:regenerate) end diff --git a/config/routes.rb b/config/routes.rb index 96c4bda6b..52b31fc5b 100644 --- a/config/routes.rb +++ b/config/routes.rb @@ -34,13 +34,12 @@ Rosa::Application.routes.draw do } end resources :arches, only: :index - resources :platforms, only: %i(index show update destroy create), constraints: { id: Platform::NAME_PATTERN } do + resources :platforms, only: %i(index show update destroy create) do collection { get :platforms_for_build get :allowed } member { - get :cached_chroot get :members put :add_member delete :remove_member diff --git a/spec/controllers/api/v1/platforms_controller_spec.rb b/spec/controllers/api/v1/platforms_controller_spec.rb index 68735259f..f4096a858 100644 --- a/spec/controllers/api/v1/platforms_controller_spec.rb +++ b/spec/controllers/api/v1/platforms_controller_spec.rb @@ -193,12 +193,6 @@ shared_examples_for 'api platform user without reader rights for hidden platform response.body.should == {"message" => "Access violation to this page!"}.to_json end end - - it "should not be able to perform cached_chroot action" do - get :cached_chroot, id: @platform.id, format: :json - response.status.should == 403 - end - end shared_examples_for "api platform user with show rights" do @@ -207,13 +201,6 @@ shared_examples_for "api platform user with show rights" do response.should render_template(:show) end - it 'should be able to perform cached_chroot action' do - Rails.stub_chain(:cache, :fetch).and_return('sha1') - http_login (@admin || @user).authentication_token, '' if @platform.hidden? - get :cached_chroot, id: @platform.id, format: :json - response.should redirect_to("#{APP_CONFIG['file_store_url']}/api/v1/file_stores/sha1") - end - it 'should be able to perform platforms_for_build action' do get :platforms_for_build, format: :json response.should render_template(:index)