#312: added checking access rights

2013-10-17 22:22:40 +04:00 · 2013-10-17 22:22:40 +04:00 · ab05bdbc7a
parent 0dc1b63623
commit ab05bdbc7a
2 changed files with 19 additions and 5 deletions
--- a/app/controllers/api/v1/jobs_controller.rb
+++ b/app/controllers/api/v1/jobs_controller.rb
@ -1,7 +1,9 @@
 # -*- encoding : utf-8 -*-
 class Api::V1::JobsController < Api::V1::BaseController
-  QUEUES = %w(iso_worker_observer publish_observer rpm_worker_observer)
-  QUEUE_CLASSES = %w(AbfWorker::IsoWorkerObserver AbfWorker::PublishObserver AbfWorker::RpmWorkerObserver)
+  # QUEUES = %w(iso_worker_observer publish_observer rpm_worker_observer)
+  # QUEUE_CLASSES = %w(AbfWorker::IsoWorkerObserver AbfWorker::PublishObserver AbfWorker::RpmWorkerObserver)
+  QUEUES = %w(rpm_worker_observer)
+  QUEUE_CLASSES = %w(AbfWorker::RpmWorkerObserver)

  before_filter :authenticate_user!

@ -10,12 +12,18 @@ class Api::V1::JobsController < Api::V1::BaseController
      build_lists = BuildList.for_status(BuildList::BUILD_PENDING).oldest.order(:create_at)
      if current_user.system?
        build_list = build_lists.not_owned_external_nodes.first
+
+        build_list.touch if build_list
      else
        build_list = build_lists.external_nodes(:owned).for_user(current_user).first
        build_list ||= build_lists.external_nodes(:everything).
          accessible_by(current_ability, :everything).first
+
+        if build_list
+          build_list.builder = current_user
+          build_list.save
+        end
      end
-      build_list.touch if build_list
    end

    if build_list
@ -35,8 +43,10 @@ class Api::V1::JobsController < Api::V1::BaseController
  def feedback
    worker_queue = params[:worker_queue]
    worker_class = params[:worker_class]
-    if QUEUES.include?(worker_queue) && QUEUE_CLASSES.include?(worker_class)
-      Resque.push worker_queue, 'class' => worker_class, 'args'  => params[:worker_args]
+    if  QUEUES.include?(worker_queue) && QUEUE_CLASSES.include?(worker_class)
+      worker_args = (params[:worker_args] || []).first || {}
+      worker_args = worker_args.merge(:feedback_from_user => current_user.id)
+      Resque.push worker_queue, 'class' => worker_class, 'args'  => [worker_args]
      render :nothing => true
    else
      render :nothing => true, :status => 403
--- a/lib/abf_worker/rpm_worker_observer.rb
+++ b/lib/abf_worker/rpm_worker_observer.rb
@ -10,6 +10,10 @@ module AbfWorker

    def perform
      return if restart_task
+      if options['feedback_from_user']
+        user = User.find options['feedback_from_user']
+        return if !user.system? && subject.builder != user
+      end

      item = find_or_create_item
      fill_container_data if status != STARTED