rosa-build/app/policies/build_list_policy.rb

130 lines
4.1 KiB
Ruby

class BuildListPolicy < ApplicationPolicy
def index?
true
end
def show?
record.user_id == user.id || ProjectPolicy.new(user, record.project).show?
end
alias_method :read?, :show?
alias_method :log?, :show?
alias_method :everything?, :show?
alias_method :owned?, :show?
alias_method :everything?, :show?
alias_method :list?, :show?
def create?
return false unless record.project.is_package
return false unless ProjectPolicy.new(user, record.project).write?
record.build_for_platform.blank? || PlatformPolicy.new(user, record.build_for_platform).show?
end
alias_method :rerun_tests?, :create?
def dependent_projects?
record.save_to_platform.main? && create?
end
def publish_into_testing?
return false unless record.new_core?
return false unless record.can_publish_into_testing?
create? || ( record.save_to_platform.main? && publish? )
end
def publish?
return false unless record.new_core?
return false unless record.can_publish?
if record.build_published?
local_admin?(record.save_to_platform) || record.save_to_repository.members.exists?(id: user.id)
else
record.save_to_repository.publish_without_qa ?
ProjectPolicy.new(user, record.project).write? : local_admin?(record.save_to_platform)
end
end
def create_container?
return false unless record.new_core?
ProjectPolicy.new(user, record.project).write? || local_admin?(record.save_to_platform)
end
def reject_publish?
record.save_to_repository.publish_without_qa ?
ProjectPolicy.new(user, record.project).write? : local_admin?(record.save_to_platform)
end
def cancel?
ProjectPolicy.new(user, record.project).write?
end
class Scope < Scope
def read
scope.joins(:project).where <<-SQL, { user_id: policy.user.id, user_group_ids: policy.user_group_ids }
(
build_lists.user_id = :user_id
) OR (
projects.visibility = 'open'
) OR (
projects.owner_type = 'User' AND projects.owner_id = :user_id
) OR (
projects.owner_type = 'Group' AND projects.owner_id IN (:user_group_ids)
) OR (
projects.id = ANY (
ARRAY (
SELECT target_id
FROM relations
INNER JOIN projects ON projects.id = relations.target_id
WHERE relations.target_type = 'Project' AND
(
projects.owner_type = 'User' AND projects.owner_id != :user_id OR
projects.owner_type = 'Group' AND projects.owner_id NOT IN (:user_group_ids)
) AND (
relations.actor_type = 'User' AND relations.actor_id = :user_id OR
relations.actor_type = 'Group' AND relations.actor_id IN (:user_group_ids)
)
)
)
)
SQL
end
alias_method :everything, :read
def related
scope.joins(:project).where <<-SQL, { user_id: policy.user.id, user_group_ids: policy.user_group_ids }
(
build_lists.user_id = :user_id
) OR (
projects.owner_type = 'User' AND projects.owner_id = :user_id
) OR (
projects.owner_type = 'Group' AND projects.owner_id IN (:user_group_ids)
) OR (
projects.id = ANY (
ARRAY (
SELECT target_id
FROM relations
INNER JOIN projects ON projects.id = relations.target_id
WHERE relations.target_type = 'Project' AND
(
projects.owner_type = 'User' AND projects.owner_id != :user_id OR
projects.owner_type = 'Group' AND projects.owner_id NOT IN (:user_group_ids)
) AND (
relations.actor_type = 'User' AND relations.actor_id = :user_id OR
relations.actor_type = 'Group' AND relations.actor_id IN (:user_group_ids)
)
)
)
)
SQL
end
def owned
scope.joins(:project).where(user_id: policy.user)
end
def policy
@policy ||= Pundit.policy!(user, :build_list)
end
end
end