Use build policy to determine if user can play build

2017-04-12 13:48:43 +02:00 · 2017-04-12 13:48:43 +02:00 · 2aa211fa69
parent 55aa727eff
commit 2aa211fa69
9 changed files with 6 additions and 69 deletions
--- a/app/models/ci/build.rb
+++ b/app/models/ci/build.rb
@ -115,12 +115,6 @@ module Ci
      commands.present?
    end

-    def can_play?(current_user)
-      ::Gitlab::UserAccess
-        .new(current_user, project: project)
-        .can_push_to_branch?(ref)
-    end
-
    def play(current_user)
      Ci::PlayBuildService
        .new(project, current_user)
--- a/app/models/environment.rb
+++ b/app/models/environment.rb
@ -122,12 +122,6 @@ class Environment < ActiveRecord::Base
    available? && stop_action.present?
  end

-  def can_trigger_stop_action?(current_user)
-    return false unless stop_action?
-
-    stop_action.can_play?(current_user)
-  end
-
  def stop_with_action!(current_user)
    return unless available?

--- a/app/serializers/build_action_entity.rb
+++ b/app/serializers/build_action_entity.rb
@ -19,6 +19,6 @@ class BuildActionEntity < Grape::Entity
  alias_method :build, :object

  def playable?
-    build.playable? && build.can_play?(request.user)
+    can?(request.user, :play_build, build) && build.playable?
  end
 end
--- a/app/serializers/build_entity.rb
+++ b/app/serializers/build_entity.rb
@ -26,7 +26,7 @@ class BuildEntity < Grape::Entity
  alias_method :build, :object

  def playable?
-    build.playable? && build.can_play?(request.user)
+    can?(request.user, :play_build, build) && build.playable?
  end

  def detailed_status
--- a/app/services/ci/stop_environments_service.rb
+++ b/app/services/ci/stop_environments_service.rb
@ -9,7 +9,8 @@ module Ci
      return unless can?(current_user, :create_deployment, project)

      environments.each do |environment|
-        next unless environment.can_trigger_stop_action?(current_user)
+        next unless environment.stop_action?
+        next unless can?(current_user, :play_build, environment.stop_action)

        environment.stop_with_action!(current_user)
      end
--- a/app/views/projects/ci/builds/_build.html.haml
+++ b/app/views/projects/ci/builds/_build.html.haml
@ -101,7 +101,7 @@
          = link_to cancel_namespace_project_build_path(build.project.namespace, build.project, build, return_to: request.original_url), method: :post, title: 'Cancel', class: 'btn btn-build' do
            = icon('remove', class: 'cred')
        - elsif allow_retry
-          - if build.playable? && !admin && build.can_play?(current_user)
+          - if build.playable? && !admin && can?(current_user, :play_build, build)
            = link_to play_namespace_project_build_path(build.project.namespace, build.project, build, return_to: request.original_url), method: :post, title: 'Play', class: 'btn btn-build' do
              = custom_icon('icon_play')
          - elsif build.retryable?
--- a/lib/gitlab/ci/status/build/play.rb
+++ b/lib/gitlab/ci/status/build/play.rb
@ -10,7 +10,7 @@ module Gitlab
          end

          def has_action?
-            can?(user, :update_build, subject) && subject.can_play?(user)
+            can?(user, :play_build, subject)
          end

          def action_icon
--- a/spec/models/ci/build_spec.rb
+++ b/spec/models/ci/build_spec.rb
@ -925,33 +925,6 @@ describe Ci::Build, :models do
    end
  end

-  describe '#can_play?' do
-    before do
-      project.add_developer(user)
-    end
-
-    let(:build) do
-      create(:ci_build, ref: 'some-ref', pipeline: pipeline)
-    end
-
-    context 'when branch build is running for is protected' do
-      before do
-        create(:protected_branch, :no_one_can_push,
-               name: 'some-ref', project: project)
-      end
-
-      it 'indicates that user can not trigger an action' do
-        expect(build.can_play?(user)).to be_falsey
-      end
-    end
-
-    context 'when branch build is running for is not protected' do
-      it 'indicates that user can trigger an action' do
-        expect(build.can_play?(user)).to be_truthy
-      end
-    end
-  end
-
  describe '#play' do
    let(:build) { create(:ci_build, :manual, pipeline: pipeline) }

--- a/spec/models/environment_spec.rb
+++ b/spec/models/environment_spec.rb
@ -155,31 +155,6 @@ describe Environment, models: true do
    end
  end

-  describe '#can_trigger_stop_action?' do
-    let(:user) { create(:user) }
-    let(:project) { create(:project) }
-
-    let(:environment) do
-      create(:environment, :with_review_app, project: project)
-    end
-
-    context 'when user can trigger stop action' do
-      before do
-        project.add_developer(user)
-      end
-
-      it 'returns value that evaluates to true' do
-        expect(environment.can_trigger_stop_action?(user)).to be_truthy
-      end
-    end
-
-    context 'when user is not allowed to trigger stop action' do
-      it 'returns value that evaluates to false' do
-        expect(environment.can_trigger_stop_action?(user)).to be_falsey
-      end
-    end
-  end
-
  describe '#stop_with_action!' do
    let(:user) { create(:admin) }