Take branch access into account when stopping environment
This commit is contained in:
Grzegorz Bizon
parent
e533d43a8c
commit
6c0fc62ef5
6 changed files with 58 additions and 7 deletions
|
|
@ -85,8 +85,8 @@ class Deployment < ActiveRecord::Base
|
||||||
end
|
end
|
||||||
|
|
||||||
def stop_action
|
def stop_action
|
||||||
return nil unless on_stop.present?
|
return unless on_stop.present?
|
||||||
return nil unless manual_actions
|
return unless manual_actions
|
||||||
|
|
||||||
@stop_action ||= manual_actions.find_by(name: on_stop)
|
@stop_action ||= manual_actions.find_by(name: on_stop)
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -122,6 +122,12 @@ class Environment < ActiveRecord::Base
|
||||||
available? && stop_action.present?
|
available? && stop_action.present?
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def can_trigger_stop_action?(current_user)
|
||||||
|
return false unless stop_action?
|
||||||
|
|
||||||
|
stop_action.can_play?(current_user)
|
||||||
|
end
|
||||||
|
|
||||||
def stop_with_action!(current_user)
|
def stop_with_action!(current_user)
|
||||||
return unless available?
|
return unless available?
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -6,9 +6,10 @@ module Ci
|
||||||
@ref = branch_name
|
@ref = branch_name
|
||||||
|
|
||||||
return unless has_ref?
|
return unless has_ref?
|
||||||
|
return unless can?(current_user, :create_deployment, project)
|
||||||
|
|
||||||
environments.each do |environment|
|
environments.each do |environment|
|
||||||
next unless can?(current_user, :create_deployment, project)
|
next unless environment.can_trigger_stop_action?(current_user)
|
||||||
|
|
||||||
environment.stop_with_action!(current_user)
|
environment.stop_with_action!(current_user)
|
||||||
end
|
end
|
||||||
|
|
@ -21,8 +22,9 @@ module Ci
|
||||||
end
|
end
|
||||||
|
|
||||||
def environments
|
def environments
|
||||||
@environments ||=
|
@environments ||= EnvironmentsFinder
|
||||||
EnvironmentsFinder.new(project, current_user, ref: @ref, recently_updated: true).execute
|
.new(project, current_user, ref: @ref, recently_updated: true)
|
||||||
|
.execute
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -20,14 +20,18 @@ FactoryGirl.define do
|
||||||
after(:create) do |environment, evaluator|
|
after(:create) do |environment, evaluator|
|
||||||
pipeline = create(:ci_pipeline, project: environment.project)
|
pipeline = create(:ci_pipeline, project: environment.project)
|
||||||
|
|
||||||
|
deployable = create(:ci_build, name: "#{environment.name}:deploy",
|
||||||
|
pipeline: pipeline)
|
||||||
|
|
||||||
deployment = create(:deployment,
|
deployment = create(:deployment,
|
||||||
environment: environment,
|
environment: environment,
|
||||||
project: environment.project,
|
project: environment.project,
|
||||||
|
deployable: deployable,
|
||||||
ref: evaluator.ref,
|
ref: evaluator.ref,
|
||||||
sha: environment.project.commit(evaluator.ref).id)
|
sha: environment.project.commit(evaluator.ref).id)
|
||||||
|
|
||||||
teardown_build = create(:ci_build, :manual,
|
teardown_build = create(:ci_build, :manual,
|
||||||
name: "#{deployment.environment.name}:teardown",
|
name: "#{environment.name}:teardown",
|
||||||
pipeline: pipeline)
|
pipeline: pipeline)
|
||||||
|
|
||||||
deployment.update_column(:on_stop, teardown_build.name)
|
deployment.update_column(:on_stop, teardown_build.name)
|
||||||
|
|
|
||||||
|
|
@ -155,6 +155,31 @@ describe Environment, models: true do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe '#can_trigger_stop_action?' do
|
||||||
|
let(:user) { create(:user) }
|
||||||
|
let(:project) { create(:project) }
|
||||||
|
|
||||||
|
let(:environment) do
|
||||||
|
create(:environment, :with_review_app, project: project)
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when user can trigger stop action' do
|
||||||
|
before do
|
||||||
|
project.add_developer(user)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'returns value that evaluates to true' do
|
||||||
|
expect(environment.can_trigger_stop_action?(user)).to be_truthy
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when user is not allowed to trigger stop action' do
|
||||||
|
it 'returns value that evaluates to false' do
|
||||||
|
expect(environment.can_trigger_stop_action?(user)).to be_falsey
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe '#stop_with_action!' do
|
describe '#stop_with_action!' do
|
||||||
let(:user) { create(:admin) }
|
let(:user) { create(:admin) }
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -55,8 +55,22 @@ describe Ci::StopEnvironmentsService, services: true do
|
||||||
end
|
end
|
||||||
|
|
||||||
context 'when user does not have permission to stop environment' do
|
context 'when user does not have permission to stop environment' do
|
||||||
|
context 'when user has no access to manage deployments' do
|
||||||
|
before do
|
||||||
|
project.team << [user, :guest]
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'does not stop environment' do
|
||||||
|
expect_environment_not_stopped_on('master')
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
context 'when branch for stop action is protected' do
|
||||||
before do
|
before do
|
||||||
project.team << [user, :guest]
|
project.add_developer(user)
|
||||||
|
create(:protected_branch, :no_one_can_push,
|
||||||
|
name: 'master', project: project)
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'does not stop environment' do
|
it 'does not stop environment' do
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue