summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorKamil Trzciński <ayufan@ayufan.eu>2018-05-16 20:28:42 +0000
committerKamil Trzciński <ayufan@ayufan.eu>2018-05-16 20:28:42 +0000
commitbd0a12be77840ca49cdd296e4a6d701df99024b4 (patch)
tree1dd558f653a37ec30e7302c66424163bdf9e41ee /lib
parent357aaafb73a6d8c4e0185f193d67a06ed1b79832 (diff)
parent1cfa5ed07065f04531900fe0931deaaaef3e69d2 (diff)
downloadgitlab-ce-bd0a12be77840ca49cdd296e4a6d701df99024b4.tar.gz
Merge branch '46010-allow-managing-group-runners-via-api' into 'master'
API support + Improved policies for group runners Closes #45894 and #38979 See merge request gitlab-org/gitlab-ce!18851
Diffstat (limited to 'lib')
-rw-r--r--lib/api/runners.rb23
-rw-r--r--lib/api/v3/runners.rb2
2 files changed, 10 insertions, 15 deletions
diff --git a/lib/api/runners.rb b/lib/api/runners.rb
index 5f2a9567605..5cb96d467c0 100644
--- a/lib/api/runners.rb
+++ b/lib/api/runners.rb
@@ -14,7 +14,7 @@ module API
use :pagination
end
get do
- runners = filter_runners(current_user.ci_authorized_runners, params[:scope], without: %w(specific shared))
+ runners = filter_runners(current_user.ci_owned_runners, params[:scope], without: %w(specific shared))
present paginate(runners), with: Entities::Runner
end
@@ -184,40 +184,35 @@ module API
def authenticate_show_runner!(runner)
return if runner.is_shared || current_user.admin?
- forbidden!("No access granted") unless user_can_access_runner?(runner)
+ forbidden!("No access granted") unless can?(current_user, :read_runner, runner)
end
def authenticate_update_runner!(runner)
return if current_user.admin?
- forbidden!("Runner is shared") if runner.is_shared?
- forbidden!("No access granted") unless user_can_access_runner?(runner)
+ forbidden!("No access granted") unless can?(current_user, :update_runner, runner)
end
def authenticate_delete_runner!(runner)
return if current_user.admin?
- forbidden!("Runner is shared") if runner.is_shared?
forbidden!("Runner associated with more than one project") if runner.projects.count > 1
- forbidden!("No access granted") unless user_can_access_runner?(runner)
+ forbidden!("No access granted") unless can?(current_user, :delete_runner, runner)
end
def authenticate_enable_runner!(runner)
- forbidden!("Runner is shared") if runner.is_shared?
- forbidden!("Runner is locked") if runner.locked?
+ forbidden!("Runner is a group runner") if runner.group_type?
+
return if current_user.admin?
- forbidden!("No access granted") unless user_can_access_runner?(runner)
+ forbidden!("Runner is locked") if runner.locked?
+ forbidden!("No access granted") unless can?(current_user, :assign_runner, runner)
end
def authenticate_list_runners_jobs!(runner)
return if current_user.admin?
- forbidden!("No access granted") unless user_can_access_runner?(runner)
- end
-
- def user_can_access_runner?(runner)
- current_user.ci_authorized_runners.exists?(runner.id)
+ forbidden!("No access granted") unless can?(current_user, :read_runner, runner)
end
end
end
diff --git a/lib/api/v3/runners.rb b/lib/api/v3/runners.rb
index c6d9957d452..8a5c46805bd 100644
--- a/lib/api/v3/runners.rb
+++ b/lib/api/v3/runners.rb
@@ -58,7 +58,7 @@ module API
end
def user_can_access_runner?(runner)
- current_user.ci_authorized_runners.exists?(runner.id)
+ current_user.ci_owned_runners.exists?(runner.id)
end
end
end
View Lorry Controller Status