gitlab-org--gitlab-foss/lib/api/runners.rb

module API
  # Runners API
  class Runners < Grape::API
    before { authenticate! }

    resource :runners do
      # Get runners available for user
      #
      # Example Request:
      #   GET /runners
      get do
        runners = filter_runners(current_user.ci_authorized_runners, params[:scope])
        present paginate(runners), with: Entities::Runner
      end

      # Get all runners - shared and specific
      #
      # Example Request:
      #   GET /runners/all
      get 'all' do
        authenticated_as_admin!
        runners = filter_runners(Ci::Runner.all, params[:scope])
        present paginate(runners), with: Entities::Runner
      end

      # Get runner's details
      #
      # Parameters:
      #   id (required) - The ID of ther runner
      # Example Request:
      #   GET /runners/:id
      get ':id' do
        runner = get_runner(params[:id])
        can_show_runner?(runner) unless current_user.is_admin?

        present runner, with: Entities::RunnerDetails, user_is_admin: current_user.is_admin?
      end

      # Update runner's details
      #
      # Parameters:
      #   id (required) - The ID of ther runner
      #   description (optional) - Runner's description
      #   active (optional) - Runner's status
      #   tag_list (optional) - Array of tags for runner
      # Example Request:
      #   PUT /runners/:id
      put ':id' do
        runner = get_runner(params[:id])
        can_update_runner?(runner) unless current_user.is_admin?

        attrs = attributes_for_keys [:description, :active, :tag_list]
        if runner.update(attrs)
          present runner, with: Entities::RunnerDetails
        else
          render_validation_error!(runner)
        end
      end

      # Remove runner
      #
      # Parameters:
      #   id (required) - The ID of ther runner
      # Example Request:
      #   DELETE /runners/:id
      delete ':id' do
        runner = get_runner(params[:id])
        can_delete_runner?(runner)
        runner.destroy!

        present runner, with: Entities::RunnerDetails
      end
    end

    resource :projects do
      before { authorize_admin_project }

      # Get runners available for project
      #
      # Example Request:
      #   GET /projects/:id/runners
      get ':id/runners' do
        runners = filter_runners(Ci::Runner.owned_or_shared(user_project.id), params[:scope])
        present paginate(runners), with: Entities::Runner
      end

      # Enable runner for project
      #
      # Parameters:
      #   id (required) - The ID of the project
      #   runner_id (required) - The ID of the runner
      # Example Request:
      #   POST /projects/:id/runners/:runner_id
      post ':id/runners/:runner_id' do
        runner = get_runner(params[:runner_id])
        can_enable_runner?(runner)
        Ci::RunnerProject.create(runner: runner, project: user_project)

        present runner, with: Entities::Runner
      end

      # Disable project's runner
      #
      # Parameters:
      #   id (required) - The ID of the project
      #   runner_id (required) - The ID of the runner
      # Example Request:
      #   DELETE /projects/:id/runners/:runner_id
      delete ':id/runners/:runner_id' do
        runner_project = user_project.runner_projects.find_by(runner_id: params[:runner_id])
        not_found!('Runner') unless runner_project

        runner = runner_project.runner
        forbidden!("Can't disable runner - only one project associated with it. Please remove runner instead") if runner.projects.count == 1

        runner_project.destroy

        present runner, with: Entities::Runner
      end
    end

    helpers do
      def filter_runners(runners, scope)
        return runners unless scope.present?

        available_scopes = ::Ci::Runner::AVAILABLE_SCOPES
        if (available_scopes & [scope]).empty?
          render_api_error!('Scope contains invalid value', 400)
        end

        runners.send(scope)
      end

      def get_runner(id)
        runner = Ci::Runner.find(id)
        not_found!('Runner') unless runner
        runner
      end

      def can_show_runner?(runner)
        return true if runner.is_shared
        forbidden!("Can't show runner's details - no access granted") unless user_can_access_runner?(runner)
      end

      def can_update_runner?(runner)
        return true if current_user.is_admin?
        forbidden!("Can't update shared runner") if runner.is_shared?
        forbidden!("Can't update runner - no access granted") unless user_can_access_runner?(runner)
      end

      def can_delete_runner?(runner)
        return true if current_user.is_admin?
        forbidden!("Can't delete shared runner") if runner.is_shared?
        forbidden!("Can't delete runner - associated with more than one project") if runner.projects.count > 1
        forbidden!("Can't delete runner - no access granted") unless user_can_access_runner?(runner)
      end

      def can_enable_runner?(runner)
        forbidden!("Can't enable shared runner directly") if runner.is_shared?
        return true if current_user.is_admin?
        forbidden!("Can't update runner - no access granted") unless user_can_access_runner?(runner)
      end

      def user_can_access_runner?(runner)
        runner.projects.inject(false) do |final, project|
          final || abilities.allowed?(current_user, :admin_project, project)
        end
      end
    end
  end
end
Add basic runners management API - add feature to list runners - add feature to show runners details - add feature to delete runner - add feature to update runner 2016-01-26 16:03:38 +00:00			`module API`
			`# Runners API`
			`class Runners < Grape::API`
			`before { authenticate! }`

			`resource :runners do`
Split `/runners` entrypoint to `/runners` and `/runners/all` 2016-02-02 14:52:02 +00:00			`# Get runners available for user`
Add basic runners management API - add feature to list runners - add feature to show runners details - add feature to delete runner - add feature to update runner 2016-01-26 16:03:38 +00:00			`#`
			`# Example Request:`
			`# GET /runners`
			`get do`
Split `/runners` entrypoint to `/runners` and `/runners/all` 2016-02-02 14:52:02 +00:00			`runners = filter_runners(current_user.ci_authorized_runners, params[:scope])`
			`present paginate(runners), with: Entities::Runner`
			`end`
Add basic runners management API - add feature to list runners - add feature to show runners details - add feature to delete runner - add feature to update runner 2016-01-26 16:03:38 +00:00
Split `/runners` entrypoint to `/runners` and `/runners/all` 2016-02-02 14:52:02 +00:00			`# Get all runners - shared and specific`
			`#`
			`# Example Request:`
			`# GET /runners/all`
			`get 'all' do`
			`authenticated_as_admin!`
			`runners = filter_runners(Ci::Runner.all, params[:scope])`
Add basic runners management API - add feature to list runners - add feature to show runners details - add feature to delete runner - add feature to update runner 2016-01-26 16:03:38 +00:00			`present paginate(runners), with: Entities::Runner`
			`end`

Add missing methods documentation; fix rubocop reported violation 2016-01-29 15:11:48 +00:00			`# Get runner's details`
			`#`
			`# Parameters:`
			`# id (required) - The ID of ther runner`
			`# Example Request:`
			`# GET /runners/:id`
Add basic runners management API - add feature to list runners - add feature to show runners details - add feature to delete runner - add feature to update runner 2016-01-26 16:03:38 +00:00			`get ':id' do`
			`runner = get_runner(params[:id])`
			`can_show_runner?(runner) unless current_user.is_admin?`

Add token to runner details output in API 2016-02-04 09:33:29 +00:00			`present runner, with: Entities::RunnerDetails, user_is_admin: current_user.is_admin?`
Add basic runners management API - add feature to list runners - add feature to show runners details - add feature to delete runner - add feature to update runner 2016-01-26 16:03:38 +00:00			`end`

Add missing methods documentation; fix rubocop reported violation 2016-01-29 15:11:48 +00:00			`# Update runner's details`
			`#`
			`# Parameters:`
			`# id (required) - The ID of ther runner`
			`# description (optional) - Runner's description`
			`# active (optional) - Runner's status`
			`# tag_list (optional) - Array of tags for runner`
			`# Example Request:`
			`# PUT /runners/:id`
Add basic runners management API - add feature to list runners - add feature to show runners details - add feature to delete runner - add feature to update runner 2016-01-26 16:03:38 +00:00			`put ':id' do`
			`runner = get_runner(params[:id])`
			`can_update_runner?(runner) unless current_user.is_admin?`

			`attrs = attributes_for_keys [:description, :active, :tag_list]`
			`if runner.update(attrs)`
			`present runner, with: Entities::RunnerDetails`
			`else`
			`render_validation_error!(runner)`
			`end`
			`end`

Add missing methods documentation; fix rubocop reported violation 2016-01-29 15:11:48 +00:00			`# Remove runner`
			`#`
			`# Parameters:`
			`# id (required) - The ID of ther runner`
			`# Example Request:`
			`# DELETE /runners/:id`
Add basic runners management API - add feature to list runners - add feature to show runners details - add feature to delete runner - add feature to update runner 2016-01-26 16:03:38 +00:00			`delete ':id' do`
			`runner = get_runner(params[:id])`
			`can_delete_runner?(runner)`
			`runner.destroy!`

			`present runner, with: Entities::RunnerDetails`
			`end`
			`end`

			`resource :projects do`
			`before { authorize_admin_project }`

			`# Get runners available for project`
			`#`
			`# Example Request:`
			`# GET /projects/:id/runners`
			`get ':id/runners' do`
			`runners = filter_runners(Ci::Runner.owned_or_shared(user_project.id), params[:scope])`
			`present paginate(runners), with: Entities::Runner`
			`end`
Add feature to enable/disable runner in project 2016-01-29 14:40:25 +00:00
Add missing methods documentation; fix rubocop reported violation 2016-01-29 15:11:48 +00:00			`# Enable runner for project`
			`#`
			`# Parameters:`
			`# id (required) - The ID of the project`
			`# runner_id (required) - The ID of the runner`
			`# Example Request:`
Add some fixes in runners API documentation 2016-02-02 13:52:33 +00:00			`# POST /projects/:id/runners/:runner_id`
			`post ':id/runners/:runner_id' do`
Add feature to enable/disable runner in project 2016-01-29 14:40:25 +00:00			`runner = get_runner(params[:runner_id])`
			`can_enable_runner?(runner)`
			`Ci::RunnerProject.create(runner: runner, project: user_project)`

			`present runner, with: Entities::Runner`
			`end`

Add missing methods documentation; fix rubocop reported violation 2016-01-29 15:11:48 +00:00			`# Disable project's runner`
			`#`
			`# Parameters:`
			`# id (required) - The ID of the project`
			`# runner_id (required) - The ID of the runner`
			`# Example Request:`
			`# DELETE /projects/:id/runners/:runner_id`
Add feature to enable/disable runner in project 2016-01-29 14:40:25 +00:00			`delete ':id/runners/:runner_id' do`
			`runner_project = user_project.runner_projects.find_by(runner_id: params[:runner_id])`
			`not_found!('Runner') unless runner_project`

			`runner = runner_project.runner`
			`forbidden!("Can't disable runner - only one project associated with it. Please remove runner instead") if runner.projects.count == 1`

			`runner_project.destroy`

			`present runner, with: Entities::Runner`
			`end`
Add basic runners management API - add feature to list runners - add feature to show runners details - add feature to delete runner - add feature to update runner 2016-01-26 16:03:38 +00:00			`end`

			`helpers do`
			`def filter_runners(runners, scope)`
			`return runners unless scope.present?`

			`available_scopes = ::Ci::Runner::AVAILABLE_SCOPES`
Fix runners filtering in API 2016-01-29 15:44:29 +00:00			`if (available_scopes & [scope]).empty?`
Add basic runners management API - add feature to list runners - add feature to show runners details - add feature to delete runner - add feature to update runner 2016-01-26 16:03:38 +00:00			`render_api_error!('Scope contains invalid value', 400)`
			`end`
Fix runners filtering in API 2016-01-29 15:44:29 +00:00
			`runners.send(scope)`
Add basic runners management API - add feature to list runners - add feature to show runners details - add feature to delete runner - add feature to update runner 2016-01-26 16:03:38 +00:00			`end`

			`def get_runner(id)`
			`runner = Ci::Runner.find(id)`
			`not_found!('Runner') unless runner`
			`runner`
			`end`

			`def can_show_runner?(runner)`
			`return true if runner.is_shared`
			`forbidden!("Can't show runner's details - no access granted") unless user_can_access_runner?(runner)`
			`end`

			`def can_update_runner?(runner)`
			`return true if current_user.is_admin?`
			`forbidden!("Can't update shared runner") if runner.is_shared?`
			`forbidden!("Can't update runner - no access granted") unless user_can_access_runner?(runner)`
			`end`

			`def can_delete_runner?(runner)`
			`return true if current_user.is_admin?`
			`forbidden!("Can't delete shared runner") if runner.is_shared?`
			`forbidden!("Can't delete runner - associated with more than one project") if runner.projects.count > 1`
			`forbidden!("Can't delete runner - no access granted") unless user_can_access_runner?(runner)`
			`end`

Add feature to enable/disable runner in project 2016-01-29 14:40:25 +00:00			`def can_enable_runner?(runner)`
			`forbidden!("Can't enable shared runner directly") if runner.is_shared?`
			`return true if current_user.is_admin?`
			`forbidden!("Can't update runner - no access granted") unless user_can_access_runner?(runner)`
			`end`

Add basic runners management API - add feature to list runners - add feature to show runners details - add feature to delete runner - add feature to update runner 2016-01-26 16:03:38 +00:00			`def user_can_access_runner?(runner)`
			`runner.projects.inject(false) do \|final, project\|`
Add missing methods documentation; fix rubocop reported violation 2016-01-29 15:11:48 +00:00			`final \|\| abilities.allowed?(current_user, :admin_project, project)`
Add basic runners management API - add feature to list runners - add feature to show runners details - add feature to delete runner - add feature to update runner 2016-01-26 16:03:38 +00:00			`end`
			`end`
			`end`
			`end`
			`end`