From 7535fc124a0f518e5dc4ffb0eabd18e5d111b875 Mon Sep 17 00:00:00 2001
From: Pavel Chipiga <pavel.chipiga@gmail.com>
Date: Wed, 30 Nov 2011 02:56:57 +0200
Subject: [PATCH] Skip authorization for callback actions during project build.
 Refactor. Refs #2261

---
 app/controllers/build_lists_controller.rb | 16 +++++++++-------
 app/models/ability.rb                     |  3 ++-
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/app/controllers/build_lists_controller.rb b/app/controllers/build_lists_controller.rb
index 147b6abf8..56703ebbd 100644
--- a/app/controllers/build_lists_controller.rb
+++ b/app/controllers/build_lists_controller.rb
@@ -1,12 +1,14 @@
 class BuildListsController < ApplicationController
-	before_filter :authenticate_user!, :except => [:status_build, :pre_build, :post_build, :circle_build, :new_bbdt]
-	before_filter :authenticate_build_service!, :only => [:status_build, :pre_build, :post_build, :circle_build, :new_bbdt]
-	before_filter :find_project, :only => [:index, :filter, :show, :publish]
-	before_filter :find_arches, :only => [:index, :filter, :all]
-	before_filter :find_project_versions, :only => [:index, :filter]
-	before_filter :find_build_list_by_bs, :only => [:status_build, :pre_build, :post_build]
+  CALLBACK_ACTIONS = [:status_build, :pre_build, :post_build, :circle_build, :new_bbdt]
 
-  load_and_authorize_resource
+  before_filter :authenticate_user!, :except => CALLBACK_ACTIONS
+  before_filter :authenticate_build_service!, :only => CALLBACK_ACTIONS
+  before_filter :find_project, :only => [:index, :filter, :show, :publish]
+  before_filter :find_arches, :only => [:index, :filter, :all]
+  before_filter :find_project_versions, :only => [:index, :filter]
+  before_filter :find_build_list_by_bs, :only => [:status_build, :pre_build, :post_build]
+
+  load_and_authorize_resource :except => CALLBACK_ACTIONS
 
 	def all
     if params[:filter]
diff --git a/app/models/ability.rb b/app/models/ability.rb
index 3a89b9c1f..0f1bc65ec 100644
--- a/app/models/ability.rb
+++ b/app/models/ability.rb
@@ -14,7 +14,8 @@ class Ability
       can :forbidden, Platform
 
       can :read, [Repository, Platform], :visibility => 'open'
-      can :auto_build, Project # TODO: This needs to be checked!
+      # TODO remove because auth callbacks skipped
+      can :auto_build, Project
       can [:status_build, :pre_build, :post_build, :circle_build, :new_bbdt], BuildList
 
       # Guest rights