158 lines
4.6 KiB
Ruby
158 lines
4.6 KiB
Ruby
class BuildListPolicy < ApplicationPolicy
|
|
|
|
def index?
|
|
true
|
|
end
|
|
|
|
def show?
|
|
record.user_id == user.id || ProjectPolicy.new(user, record.project).show?
|
|
end
|
|
alias_method :read?, :show?
|
|
alias_method :log?, :show?
|
|
alias_method :everything?, :show?
|
|
alias_method :owned?, :show?
|
|
alias_method :everything?, :show?
|
|
alias_method :list?, :show?
|
|
|
|
def create?
|
|
return false unless record.project.is_package
|
|
return false unless ProjectPolicy.new(user, record.project).write?
|
|
record.build_for_platform.blank? || PlatformPolicy.new(user, record.build_for_platform).show?
|
|
end
|
|
alias_method :rerun_tests?, :create?
|
|
|
|
def dependent_projects?
|
|
record.save_to_platform.main? && create?
|
|
end
|
|
|
|
def publish_into_testing?
|
|
return false unless record.can_publish_into_testing?
|
|
create? || ( record.save_to_platform.main? && publish? )
|
|
end
|
|
|
|
def publish?
|
|
return false unless record.can_publish?
|
|
if record.build_published?
|
|
local_admin?(record.save_to_platform) || record.save_to_repository.members.exists?(id: user.id)
|
|
else
|
|
record.save_to_repository.publish_without_qa ?
|
|
ProjectPolicy.new(user, record.project).write? : local_admin?(record.save_to_platform)
|
|
end
|
|
end
|
|
|
|
def create_container?
|
|
ProjectPolicy.new(user, record.project).write? || local_admin?(record.save_to_platform)
|
|
end
|
|
|
|
def reject_publish?
|
|
record.save_to_repository.publish_without_qa ?
|
|
ProjectPolicy.new(user, record.project).write? : local_admin?(record.save_to_platform)
|
|
end
|
|
|
|
def cancel?
|
|
ProjectPolicy.new(user, record.project).write?
|
|
end
|
|
|
|
# Public: Get list of parameters that the user is allowed to alter.
|
|
#
|
|
# Returns Array
|
|
def permitted_attributes
|
|
pa = %i(
|
|
arch_id
|
|
auto_create_container
|
|
auto_publish
|
|
auto_publish_status
|
|
build_for_platform_id
|
|
commit_hash
|
|
external_nodes
|
|
include_testing_subrepository
|
|
project_id
|
|
project_version
|
|
native_build
|
|
save_buildroot
|
|
save_to_platform_id
|
|
save_to_repository_id
|
|
use_cached_chroot
|
|
use_extra_tests
|
|
)
|
|
pa << {
|
|
include_repos: [],
|
|
extra_build_lists: [],
|
|
extra_repositories: [],
|
|
extra_params: BuildList::EXTRA_PARAMS,
|
|
}
|
|
pa
|
|
end
|
|
|
|
class Scope < Scope
|
|
|
|
def read
|
|
scope.joins(:project).where <<-SQL, { user_id: policy.user.id, user_group_ids: policy.user_group_ids }
|
|
(
|
|
build_lists.user_id = :user_id
|
|
) OR (
|
|
projects.visibility = 'open'
|
|
) OR (
|
|
projects.owner_type = 'User' AND projects.owner_id = :user_id
|
|
) OR (
|
|
projects.owner_type = 'Group' AND projects.owner_id IN (:user_group_ids)
|
|
) OR (
|
|
projects.id = ANY (
|
|
ARRAY (
|
|
SELECT target_id
|
|
FROM relations
|
|
INNER JOIN projects ON projects.id = relations.target_id
|
|
WHERE relations.target_type = 'Project' AND
|
|
(
|
|
projects.owner_type = 'User' AND projects.owner_id != :user_id OR
|
|
projects.owner_type = 'Group' AND projects.owner_id NOT IN (:user_group_ids)
|
|
) AND (
|
|
relations.actor_type = 'User' AND relations.actor_id = :user_id OR
|
|
relations.actor_type = 'Group' AND relations.actor_id IN (:user_group_ids)
|
|
)
|
|
)
|
|
)
|
|
)
|
|
SQL
|
|
end
|
|
alias_method :everything, :read
|
|
|
|
def related
|
|
scope.joins(:project).where <<-SQL, { user_id: policy.user.id, user_group_ids: policy.user_group_ids }
|
|
(
|
|
build_lists.user_id = :user_id
|
|
) OR (
|
|
projects.owner_type = 'User' AND projects.owner_id = :user_id
|
|
) OR (
|
|
projects.owner_type = 'Group' AND projects.owner_id IN (:user_group_ids)
|
|
) OR (
|
|
projects.id = ANY (
|
|
ARRAY (
|
|
SELECT target_id
|
|
FROM relations
|
|
INNER JOIN projects ON projects.id = relations.target_id
|
|
WHERE relations.target_type = 'Project' AND
|
|
(
|
|
projects.owner_type = 'User' AND projects.owner_id != :user_id OR
|
|
projects.owner_type = 'Group' AND projects.owner_id NOT IN (:user_group_ids)
|
|
) AND (
|
|
relations.actor_type = 'User' AND relations.actor_id = :user_id OR
|
|
relations.actor_type = 'Group' AND relations.actor_id IN (:user_group_ids)
|
|
)
|
|
)
|
|
)
|
|
)
|
|
SQL
|
|
end
|
|
|
|
def owned
|
|
scope.joins(:project).where(user_id: policy.user)
|
|
end
|
|
|
|
def policy
|
|
@policy ||= Pundit.policy!(user, :build_list)
|
|
end
|
|
end
|
|
|
|
end
|