suzanne.soy/travis-api
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

move cron jobs feature flag to permissions

Browse Source
This commit is contained in:
Jonas Chromik 2016-03-22 13:48:51 +01:00
parent c037ec7aa3
commit ca82725e5e
17 changed files with 83 additions and 62 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/travis/api/v3/access_control/generic.rb
View File

@ -60,11 +60,11 @@ module Travis::API::V3
end end
def cron_visible?(cron) def cron_visible?(cron)
visible? cron.branch.repository Travis::Features.owner_active?(:cron, cron.branch.repository.owner) and visible? cron.branch.repository
end end
def cron_writable?(cron) def cron_writable?(cron)
writable? cron.branch.repository Travis::Features.owner_active?(:cron, cron.branch.repository.owner) and writable? cron.branch.repository
end end
def job_visible?(job) def job_visible?(job)

6
lib/travis/api/v3/permissions/cron.rb
View File

@ -3,7 +3,11 @@ require 'travis/api/v3/permissions/generic'
module Travis::API::V3 module Travis::API::V3
class Permissions::Cron < Permissions::Generic class Permissions::Cron < Permissions::Generic
def delete? def delete?
write? write? and Travis::Features.owner_active?(:cron, object.branch.repository.owner)
end
def start?
Travis::Features.owner_active?(:cron, object.branch.repository.owner)
end end
end end
end end

2
lib/travis/api/v3/permissions/repository.rb
View File

@ -23,7 +23,7 @@ module Travis::API::V3
end end
def create_cron? def create_cron?
write? Travis::Features.owner_active?(:cron, object.owner) and write?
end end
end end
end end

6
lib/travis/api/v3/queries/crons.rb
View File

@ -10,7 +10,7 @@ module Travis::API::V3
Models::Cron.all.each do |cron| Models::Cron.all.each do |cron|
if cron.next_enqueuing <= Time.now if cron.next_enqueuing <= Time.now
start(cron.branch) start(cron)
started.push cron started.push cron
end end
end end
@ -18,8 +18,10 @@ module Travis::API::V3
started started
end end
def start(branch) def start(cron)
branch = cron.branch
raise ServerError, 'repository does not have a github_id'.freeze unless branch.repository.github_id raise ServerError, 'repository does not have a github_id'.freeze unless branch.repository.github_id
access_control.permissions(cron).start!
user_id = branch.repository.users.detect { |u| u.github_oauth_token }.id user_id = branch.repository.users.detect { |u| u.github_oauth_token }.id

1
lib/travis/api/v3/services/cron/create.rb
View File

@ -5,7 +5,6 @@ module Travis::API::V3
def run! def run!
raise LoginRequired unless access_control.logged_in? or access_control.full_access? raise LoginRequired unless access_control.logged_in? or access_control.full_access?
raise InsufficientAccess unless Travis::Features.feature_active?(:cron)
raise NotFound unless repository = find(:repository) raise NotFound unless repository = find(:repository)
raise NotFound unless branch = find(:branch, repository) raise NotFound unless branch = find(:branch, repository)
raise Error.new('Invalid value for interval. Interval must be "daily", "weekly" or "monthly"!', status: 422) unless ["daily", "weekly", "monthly"].include?(params["interval"]) raise Error.new('Invalid value for interval. Interval must be "daily", "weekly" or "monthly"!', status: 422) unless ["daily", "weekly", "monthly"].include?(params["interval"])

1
lib/travis/api/v3/services/cron/delete.rb
View File

@ -4,7 +4,6 @@ module Travis::API::V3
def run! def run!
raise LoginRequired unless access_control.logged_in? or access_control.full_access? raise LoginRequired unless access_control.logged_in? or access_control.full_access?
raise InsufficientAccess unless Travis::Features.feature_active?(:cron)
cron = find cron = find
access_control.permissions(cron).delete! access_control.permissions(cron).delete!
cron.destroy cron.destroy

1
lib/travis/api/v3/services/cron/find.rb
View File

@ -3,7 +3,6 @@ module Travis::API::V3
#params :id #params :id
def run! def run!
raise InsufficientAccess unless Travis::Features.feature_active?(:cron)
find find
end end
end end

1
lib/travis/api/v3/services/cron/for_branch.rb
View File

@ -2,7 +2,6 @@ module Travis::API::V3
class Services::Cron::ForBranch < Service class Services::Cron::ForBranch < Service
def run! def run!
raise InsufficientAccess unless Travis::Features.feature_active?(:cron)
query.find_for_branch(find(:branch, find(:repository))) query.find_for_branch(find(:branch, find(:repository)))
end end
end end

5
lib/travis/api/v3/services/crons/for_repository.rb
View File

@ -3,8 +3,9 @@ module Travis::API::V3
paginate paginate
def run! def run!
raise InsufficientAccess unless Travis::Features.feature_active?(:cron) repo = find(:repository)
query.find(find(:repository)) raise InsufficientAccess unless Travis::Features.owner_active?(:cron, repo.owner)
query.find(repo)
end end
end end
end end

1
lib/travis/api/v3/services/crons/start.rb
View File

@ -2,7 +2,6 @@ module Travis::API::V3
class Services::Crons::Start < Service class Services::Crons::Start < Service
def run! def run!
raise InsufficientAccess unless Travis::Features.feature_active?(:cron)
query.start_all() query.start_all()
end end

28
spec/v3/services/cron/create_spec.rb
View File

@ -12,17 +12,26 @@ describe Travis::API::V3::Services::Cron::Create do
let(:parsed_body) { JSON.load(body) } let(:parsed_body) { JSON.load(body) }
before do before do
Travis::Features.enable_for_all(:cron) Travis::Features.activate_owner(:cron, repo.owner)
end end
describe "no Feature enabled" do describe "creating a cron job with feature flag disabled" do
before { Travis::Features.disable_for_all(:cron) } before { Travis::Features.deactivate_owner(:cron, repo.owner) }
before { post("/v3/repo/#{repo.id}/branch/#{branch.name}/cron", options, headers)} before { post("/v3/repo/#{repo.id}/branch/#{branch.name}/cron", options, headers)}
example { expect(parsed_body).to be == { example { expect(parsed_body).to be == {
"@type"=> "error", "@type" => "error",
"error_type"=> "insufficient_access", "error_type" => "insufficient_access",
"error_message"=> "forbidden" "error_message" => "operation requires create_cron access to repository",
}} "resource_type" => "repository",
"permission" => "create_cron",
"repository" => {
"@type" => "repository",
"@href" => "/repo/#{repo.id}", # should be /v3/repo/#{repo.id}
"@representation" => "minimal",
"id" => repo.id,
"name" => "minimal",
"slug" => "svenfuchs/minimal" }
}}
end end
describe "creating a cron job" do describe "creating a cron job" do
@ -37,7 +46,8 @@ describe Travis::API::V3::Services::Cron::Create do
"@representation" => "standard", "@representation" => "standard",
"@permissions" => { "@permissions" => {
"read" => true, "read" => true,
"delete" => true }, "delete" => true,
"start" => true },
"id" => current_cron.id, "id" => current_cron.id,
"repository" => { "repository" => {
"@type" => "repository", "@type" => "repository",

21
spec/v3/services/cron/delete_spec.rb
View File

@ -9,17 +9,19 @@ describe Travis::API::V3::Services::Cron::Delete do
let(:parsed_body) { JSON.load(body) } let(:parsed_body) { JSON.load(body) }
before do before do
Travis::Features.enable_for_all(:cron) Travis::Features.activate_owner(:cron, repo.owner)
end end
describe "no Feature enabled" do describe "deleting cron jobs with feature disabled" do
before { Travis::Features.disable_for_all(:cron) } before { Travis::API::V3::Models::Permission.create(repository: repo, user: repo.owner, push: true) }
before { Travis::Features.deactivate_owner(:cron, repo.owner) }
before { delete("/v3/cron/#{cron.id}", {}, headers)} before { delete("/v3/cron/#{cron.id}", {}, headers)}
example { expect(parsed_body).to be == { example { expect(parsed_body).to be == {
"@type"=> "error", "@type" => "error",
"error_type"=> "insufficient_access", "error_type" => "not_found",
"error_message"=> "forbidden" "error_message" => "cron not found (or insufficient access)",
}} "resource_type" => "cron"
}}
end end
describe "deleting a cron job by id" do describe "deleting a cron job by id" do
@ -33,7 +35,8 @@ describe Travis::API::V3::Services::Cron::Delete do
"@representation" => "standard", "@representation" => "standard",
"@permissions" => { "@permissions" => {
"read" => true, "read" => true,
"delete" => true }, "delete" => true,
"start" => true },
"id" => cron.id, "id" => cron.id,
"repository" => { "repository" => {
"@type" => "repository", "@type" => "repository",

23
spec/v3/services/cron/find_spec.rb
View File

@ -7,17 +7,18 @@ describe Travis::API::V3::Services::Cron::Find do
let(:parsed_body) { JSON.load(body) } let(:parsed_body) { JSON.load(body) }
before do before do
Travis::Features.enable_for_all(:cron) Travis::Features.activate_owner(:cron, repo.owner)
end end
describe "no Feature enabled" do describe "find cron job with feature disabled" do
before { Travis::Features.disable_for_all(:cron) } before { Travis::Features.deactivate_owner(:cron, repo.owner) }
before { get("/v3/cron/#{cron.id}") } before { get("/v3/cron/#{cron.id}") }
example { expect(parsed_body).to be == { example { expect(parsed_body).to be == {
"@type"=> "error", "@type" => "error",
"error_type"=> "insufficient_access", "error_type" => "not_found",
"error_message"=> "forbidden" "error_message" => "cron not found (or insufficient access)",
}} "resource_type" => "cron"
}}
end end
describe "fetching a cron job by id" do describe "fetching a cron job by id" do
@ -29,7 +30,8 @@ describe Travis::API::V3::Services::Cron::Find do
"@representation" => "standard", "@representation" => "standard",
"@permissions" => { "@permissions" => {
"read" => true, "read" => true,
"delete" => false }, "delete" => false,
"start" => true },
"id" => cron.id, "id" => cron.id,
"repository" => { "repository" => {
"@type" => "repository", "@type" => "repository",
@ -87,7 +89,8 @@ describe Travis::API::V3::Services::Cron::Find do
"@representation" => "standard", "@representation" => "standard",
"@permissions" => { "@permissions" => {
"read" => true, "read" => true,
"delete" => false }, "delete" => false,
"start" => true },
"id" => cron.id, "id" => cron.id,
"repository" => { "repository" => {
"@type" => "repository", "@type" => "repository",

18
spec/v3/services/cron/for_branch_spec.rb
View File

@ -7,17 +7,18 @@ describe Travis::API::V3::Services::Cron::ForBranch do
let(:parsed_body) { JSON.load(body) } let(:parsed_body) { JSON.load(body) }
before do before do
Travis::Features.enable_for_all(:cron) Travis::Features.activate_owner(:cron, repo.owner)
end end
describe "no Feature enabled" do describe "find cron job for branch with feature disabled" do
before { Travis::Features.disable_for_all(:cron) } before { Travis::Features.deactivate_owner(:cron, repo.owner) }
before { get("/v3/repo/#{repo.id}/branch/#{branch.name}/cron") } before { get("/v3/repo/#{repo.id}/branch/#{branch.name}/cron") }
example { expect(parsed_body).to be == { example { expect(parsed_body).to be == {
"@type"=> "error", "@type" => "error",
"error_type"=> "insufficient_access", "error_type" => "not_found",
"error_message"=> "forbidden" "error_message" => "cron not found (or insufficient access)",
}} "resource_type" => "cron"
}}
end end
describe "fetching all crons by repo id" do describe "fetching all crons by repo id" do
@ -30,7 +31,8 @@ describe Travis::API::V3::Services::Cron::ForBranch do
"@representation" => "standard", "@representation" => "standard",
"@permissions" => { "@permissions" => {
"read" => true, "read" => true,
"delete" => false }, "delete" => false,
"start" => true },
"id" => cron.id, "id" => cron.id,
"repository" => { "repository" => {
"@type" => "repository", "@type" => "repository",

17
spec/v3/services/crons/for_repository_spec.rb
View File

@ -7,17 +7,17 @@ describe Travis::API::V3::Services::Crons::ForRepository do
let(:parsed_body) { JSON.load(body) } let(:parsed_body) { JSON.load(body) }
before do before do
Travis::Features.enable_for_all(:cron) Travis::Features.activate_owner(:cron, repo.owner)
end end
describe "no Feature enabled" do describe "fetching all crons by repo id with feature disabled" do
before { Travis::Features.disable_for_all(:cron) } before { Travis::Features.deactivate_owner(:cron, repo.owner) }
before { get("/v3/repo/#{repo.id}/crons") } before { get("/v3/repo/#{repo.id}/crons") }
example { expect(parsed_body).to be == { example { expect(parsed_body).to be == {
"@type"=> "error", "@type" => "error",
"error_type"=> "insufficient_access", "error_type" => "insufficient_access",
"error_message"=> "forbidden" "error_message" => "forbidden"
}} }}
end end
describe "fetching all crons by repo id" do describe "fetching all crons by repo id" do
@ -51,7 +51,8 @@ describe Travis::API::V3::Services::Crons::ForRepository do
"@representation" => "standard", "@representation" => "standard",
"@permissions" => { "@permissions" => {
"read" => true, "read" => true,
"delete" => false }, "delete" => false,
"start" => true },
"id" => cron.id, "id" => cron.id,
"repository" => { "repository" => {
"@type" => "repository", "@type" => "repository",

2
spec/v3/services/repositories/for_current_user_spec.rb
View File

@ -45,7 +45,7 @@ describe Travis::API::V3::Services::Repositories::ForCurrentUser do
"star" => true, "star" => true,
"unstar" => true, "unstar" => true,
"create_request" => true, "create_request" => true,
"create_cron" => true}, "create_cron" => false},
"id" => repo.id, "id" => repo.id,
"name" => "minimal", "name" => "minimal",
"slug" => "svenfuchs/minimal", "slug" => "svenfuchs/minimal",

8
spec/v3/services/repository/find_spec.rb
View File

@ -152,7 +152,7 @@ describe Travis::API::V3::Services::Repository::Find do
}} }}
end end
describe "private repository, authenticated as internal application with full access" do describe "private repository without cron feature, authenticated as internal application with full access" do
let(:app_name) { 'travis-example' } let(:app_name) { 'travis-example' }
let(:app_secret) { '12345678' } let(:app_secret) { '12345678' }
let(:sign_opts) { "a=#{app_name}" } let(:sign_opts) { "a=#{app_name}" }
@ -178,7 +178,7 @@ describe Travis::API::V3::Services::Repository::Find do
"star" => true, "star" => true,
"unstar" => true, "unstar" => true,
"create_request" => true, "create_request" => true,
"create_cron" => true}, "create_cron" => false},
"id" => repo.id, "id" => repo.id,
"name" => "minimal", "name" => "minimal",
"slug" => "svenfuchs/minimal", "slug" => "svenfuchs/minimal",
@ -221,7 +221,7 @@ describe Travis::API::V3::Services::Repository::Find do
}} }}
end end
describe "private repository, authenticated as internal application with full access, scoped to the right org" do describe "private repository without cron feature, authenticated as internal application with full access, scoped to the right org" do
let(:app_name) { 'travis-example' } let(:app_name) { 'travis-example' }
let(:app_secret) { '12345678' } let(:app_secret) { '12345678' }
let(:sign_opts) { "a=#{app_name}:s=#{repo.owner_name}" } let(:sign_opts) { "a=#{app_name}:s=#{repo.owner_name}" }
@ -247,7 +247,7 @@ describe Travis::API::V3::Services::Repository::Find do
"star" => true, "star" => true,
"unstar" => true, "unstar" => true,
"create_request" => true, "create_request" => true,
"create_cron" => true}, "create_cron" => false},
"id" => repo.id, "id" => repo.id,
"name" => "minimal", "name" => "minimal",
"slug" => "svenfuchs/minimal", "slug" => "svenfuchs/minimal",