configstore: add ability to org members to restart stop cancel a project run #446
Conversation
There was a problem hiding this comment.
@alessandro-sorint Thanks for the PR.
-
The commit title and description aren't detailing what it does (do not write the code changes, but the new behavior with more details).
-
Tests for this new behavior aren't implemented.
| SkipSSHHostKeyCheck bool | ||
| PassVarsToForkedPR bool | ||
| DefaultBranch string | ||
| CanMembersPerformRunActions bool |
| SkipSSHHostKeyCheck bool | ||
| PassVarsToForkedPR bool | ||
| DefaultBranch string | ||
| CanMembersPerformRunActions bool |
|
|
||
| func (d *DB) migrateV3(tx *sql.Tx) error { | ||
| var ddlPostgres = []string{ | ||
| "CREATE TABLE new_project (id varchar NOT NULL, revision bigint NOT NULL, creation_time timestamptz NOT NULL, update_time timestamptz NOT NULL, name varchar NOT NULL, parent_kind varchar NOT NULL, parent_id varchar NOT NULL, secret varchar NOT NULL, visibility varchar NOT NULL, remote_repository_config_type varchar NOT NULL, remote_source_id varchar NOT NULL, linked_account_id varchar NOT NULL, repository_id varchar NOT NULL, repository_path varchar NOT NULL, ssh_private_key varchar NOT NULL, skip_ssh_host_key_check boolean NOT NULL, webhook_secret varchar NOT NULL, pass_vars_to_forked_pr boolean NOT NULL, default_branch varchar NOT NULL, can_members_perform_run_actions boolean NOT NULL, PRIMARY KEY (id))", |
There was a problem hiding this comment.
Is a new table creation and copy really needed for postgres?
| func (h *ActionHandler) CanAuthUserDeleteLogs(ctx context.Context, groupType scommon.GroupType, ref string) (bool, string, error) { | ||
| var ownerType cstypes.ObjectKind | ||
| var refID string | ||
| var ownerID string | ||
| switch groupType { | ||
| case scommon.GroupTypeProject: | ||
| p, _, err := h.configstoreClient.GetProject(ctx, ref) | ||
| if err != nil { | ||
| return false, "", util.NewAPIError(util.KindFromRemoteError(err), err) | ||
| } | ||
| refID = p.ID | ||
| ownerType = p.OwnerType | ||
| ownerID = p.OwnerID | ||
| case scommon.GroupTypeUser: | ||
| u, _, err := h.configstoreClient.GetUser(ctx, ref) | ||
| if err != nil { | ||
| return false, "", util.NewAPIError(util.KindFromRemoteError(err), err) | ||
| } | ||
|
|
||
| // user direct runs | ||
| refID = u.ID | ||
| ownerType = cstypes.ObjectKindUser | ||
| ownerID = u.ID | ||
| } | ||
|
|
||
| isProjectOwner, err := h.IsAuthUserProjectOwner(ctx, ownerType, ownerID) | ||
| if err != nil { | ||
| return false, "", errors.Wrapf(err, "failed to determine ownership") | ||
| } | ||
| if !isProjectOwner { | ||
| return false, "", nil | ||
| } | ||
| return true, refID, nil | ||
| } | ||
|
|
||
| func (h *ActionHandler) CanAuthUserDoRunActions(ctx context.Context, groupType scommon.GroupType, ref string) (bool, string, error) { | ||
| var ownerType cstypes.ObjectKind | ||
| var refID string | ||
| var ownerID string | ||
| var p *csapitypes.Project | ||
| switch groupType { | ||
| case scommon.GroupTypeProject: | ||
| var err error | ||
| p, _, err = h.configstoreClient.GetProject(ctx, ref) | ||
| if err != nil { | ||
| return false, "", util.NewAPIError(util.KindFromRemoteError(err), err) | ||
| } | ||
| refID = p.ID | ||
| ownerType = p.OwnerType | ||
| ownerID = p.OwnerID | ||
| case scommon.GroupTypeUser: | ||
| u, _, err := h.configstoreClient.GetUser(ctx, ref) | ||
| if err != nil { | ||
| return false, "", util.NewAPIError(util.KindFromRemoteError(err), err) | ||
| } | ||
|
|
||
| // user direct runs | ||
| refID = u.ID | ||
| ownerType = cstypes.ObjectKindUser | ||
| ownerID = u.ID | ||
| } | ||
|
|
||
| isAdmin := common.IsUserAdmin(ctx) | ||
| if isAdmin { | ||
| return true, refID, nil | ||
| } | ||
|
|
||
| if ownerType == cstypes.ObjectKindOrg && p.CanMembersPerformRunActions { | ||
| userID := common.CurrentUserID(ctx) | ||
| isUserMember, err := h.IsUserOrgMember(ctx, userID, ownerID) | ||
| if err != nil { | ||
| return false, "", errors.Wrapf(err, "failed to determine ownership") | ||
| } | ||
| return isUserMember, "", nil | ||
| } | ||
|
|
||
| isProjectOwner, err := h.IsAuthUserProjectOwner(ctx, ownerType, ownerID) | ||
| if err != nil { | ||
| return false, "", errors.Wrapf(err, "failed to determine ownership") | ||
| } | ||
| if !isProjectOwner { | ||
| return false, "", nil | ||
| } | ||
| return true, refID, nil | ||
| } |
There was a problem hiding this comment.
Is it really needed to duplicate all of this code?
| @@ -167,7 +167,7 @@ type DeleteLogsRequest struct { | |||
| } | |||
|
|
|||
| func (h *ActionHandler) DeleteLogs(ctx context.Context, req *DeleteLogsRequest) error { | |||
| canDoRunActions, groupID, err := h.CanAuthUserDoRunActions(ctx, req.GroupType, req.Ref) | |||
| canDoRunActions, groupID, err := h.CanAuthUserDeleteLogs(ctx, req.GroupType, req.Ref) | |||
There was a problem hiding this comment.
Why have you split CanAuthUserDoRunActions in two functions if they do the same thing?
There was a problem hiding this comment.
You should test the migration to v3. So at least explicitly define the new field added with the default value.
alessandro-sorint
changed the title
alessandro-sorint
force-pushed
the
issue-428
branch
from
eaf1329
to
a017f67
Compare
@sgotti I implemented TestProjectRunActions in integration test, do you mean other? |
tests/setup_test.go
Outdated
| @@ -1080,7 +1081,7 @@ func TestUpdateProject(t *testing.T) { | |||
| } | |||
| } | |||
|
|
|||
| func createProject(ctx context.Context, t *testing.T, giteaClient *gitea.Client, gwClient *gwclient.Client) (*gitea.Repository, *gwapitypes.ProjectResponse) { | |||
| func createProject(ctx context.Context, t *testing.T, giteaClient *gitea.Client, gwClient *gwclient.Client, parentRef string, membersCanPerformRunActions bool) (*gitea.Repository, *gwapitypes.ProjectResponse) { | |||
There was a problem hiding this comment.
Instead of increasing the number of function arguments I'll use the With... pattern
| func (d *DB) migrateV3(tx *sql.Tx) error { | ||
| var ddlPostgres = []string{ | ||
| "ALTER TABLE project ADD COLUMN members_can_perform_run_actions boolean NOT NULL DEFAULT false", | ||
| "ALTER TABLE project ALTER COLUMN members_can_perform_run_actions DROP DEFAULT", |
There was a problem hiding this comment.
Is this statement really needed?
There was a problem hiding this comment.
@sgotti in the first statement if I remove DEFAULT false the error is pq: column "can_members_perform_run_actions" of relation "project" contains null values, because we have already sono project rows in db.
In the second statement I remove DEFAULT to have the same shema of V3.
There was a problem hiding this comment.
Ok, It just doesn't looks very clear. I'll prefer to do this in the standard 3 ways steps: Add column without non null constraint, update column with default values, add null constraint to the column.
|
|
||
| var ddlSqlite3 = []string{ | ||
| "CREATE TABLE new_project (id varchar NOT NULL, revision bigint NOT NULL, creation_time timestamp NOT NULL, update_time timestamp NOT NULL, name varchar NOT NULL, parent_kind varchar NOT NULL, parent_id varchar NOT NULL, secret varchar NOT NULL, visibility varchar NOT NULL, remote_repository_config_type varchar NOT NULL, remote_source_id varchar NOT NULL, linked_account_id varchar NOT NULL, repository_id varchar NOT NULL, repository_path varchar NOT NULL, ssh_private_key varchar NOT NULL, skip_ssh_host_key_check integer NOT NULL, webhook_secret varchar NOT NULL, pass_vars_to_forked_pr integer NOT NULL, default_branch varchar NOT NULL, members_can_perform_run_actions integer NOT NULL, PRIMARY KEY (id))", | ||
| "INSERT INTO new_project SELECT *,0 AS members_can_perform_run_actions FROM project", |
There was a problem hiding this comment.
sqlite3 should also recognize true and false.
|
|
||
| var ddlSqlite3 = []string{ | ||
| "CREATE TABLE new_project (id varchar NOT NULL, revision bigint NOT NULL, creation_time timestamp NOT NULL, update_time timestamp NOT NULL, name varchar NOT NULL, parent_kind varchar NOT NULL, parent_id varchar NOT NULL, secret varchar NOT NULL, visibility varchar NOT NULL, remote_repository_config_type varchar NOT NULL, remote_source_id varchar NOT NULL, linked_account_id varchar NOT NULL, repository_id varchar NOT NULL, repository_path varchar NOT NULL, ssh_private_key varchar NOT NULL, skip_ssh_host_key_check integer NOT NULL, webhook_secret varchar NOT NULL, pass_vars_to_forked_pr integer NOT NULL, default_branch varchar NOT NULL, members_can_perform_run_actions integer NOT NULL, PRIMARY KEY (id))", | ||
| "INSERT INTO new_project SELECT *,0 AS members_can_perform_run_actions FROM project", |
Sorry, I missed them. Can you also add something in configstore tests for TestProjectUpdate (also once the behavior of an user project has been clarified)? |
| @@ -207,6 +218,22 @@ func (h *ActionHandler) CanAuthUserDoRunActions(ctx context.Context, groupType s | |||
| ownerID = u.ID | |||
| } | |||
|
|
|||
| if authType == authTypeRunAction { | |||
There was a problem hiding this comment.
you aren't checking the other action types
| isAdmin := common.IsUserAdmin(ctx) | ||
| if isAdmin { | ||
| return true, refID, nil | ||
| } | ||
|
|
||
| if ownerType == cstypes.ObjectKindOrg && p.MembersCanPerformRunActions { | ||
| userID := common.CurrentUserID(ctx) | ||
| isUserMember, err := h.IsUserOrgMember(ctx, userID, ownerID) | ||
| if err != nil { | ||
| return false, "", errors.Wrapf(err, "failed to determine ownership") | ||
| } | ||
| return isUserMember, "", nil | ||
| } | ||
| } |
There was a problem hiding this comment.
This logic is creating its own branch, but the branch can continue. It also uses IsUserAdmin instead of IsAuthUserProjectOwner like done after. So it looks confusing and wrong.
Why don't you just use this check? `isProjectOwner || (isUserOrgMember && p.MembersCanPerformRunActions) when the actionType is RunAction?
| @@ -182,13 +183,23 @@ func (h *ActionHandler) CanAuthUserGetRun(ctx context.Context, groupType scommon | |||
| return true, refID, nil | |||
| } | |||
|
|
|||
| func (h *ActionHandler) CanAuthUserDoRunActions(ctx context.Context, groupType scommon.GroupType, ref string) (bool, string, error) { | |||
| type authType string | |||
alessandro-sorint
force-pushed
the
issue-428
branch
from
a017f67
to
90db6db
Compare
Yes, let's avoid changing this to true for user projects. |
alessandro-sorint
force-pushed
the
issue-428
branch
from
90db6db
to
adf13b6
Compare
| @@ -59,6 +59,29 @@ func (h *ActionHandler) ValidateProjectReq(ctx context.Context, req *CreateUpdat | |||
| return util.NewAPIError(util.ErrBadRequest, errors.Errorf("empty remote repository path")) | |||
| } | |||
| } | |||
|
|
|||
| err := h.d.Do(ctx, func(tx *sql.Tx) error { | |||
There was a problem hiding this comment.
This shouldn't be done here creating an additional transaction but inside Create and Update project.
| } | ||
|
|
||
| if p.OwnerType == cstypes.ObjectKindUser && p.MembersCanPerformRunActions { | ||
| return nil, util.NewAPIError(util.ErrBadRequest, errors.Errorf("can't set MembersCanPerformRunActions true for user projects")) |
There was a problem hiding this comment.
This check should be done in the configstore. (Like already done above in this patch, also if in the wrong place).
| return errors.WithStack(err) | ||
| } | ||
| if ownerType == types.ObjectKindUser && req.MembersCanPerformRunActions { | ||
| return util.NewAPIError(util.ErrBadRequest, errors.Errorf("can't set MembersCanPerformRunActions true for user projects")) |
There was a problem hiding this comment.
Cannot set MembersCanPerformRunActions on an user project.
| @@ -93,6 +116,8 @@ type CreateUpdateProjectRequest struct { | |||
| SkipSSHHostKeyCheck bool | |||
| PassVarsToForkedPR bool | |||
| DefaultBranch string | |||
| //MembersCanPerformRunActions define if users of the organization can restart stop cancel a project run | |||
There was a problem hiding this comment.
MembersCanPerformRunActions defines if project organization members can restart/stop/cancel a project run
tests/setup_test.go
Outdated
| remoteErrorBadRequest = "remote error badrequest" | ||
| remoteErrorNotExist = "remote error notexist" | ||
| remoteErrorBadRequest = "remote error badrequest" | ||
| remoteErrorForbiddenRequest = "remote error forbidden" |
There was a problem hiding this comment.
Also change the already existing inline strings.
| } else { | ||
| if !isProjectOwner { | ||
| return false, "", nil | ||
| } | ||
| } | ||
| return true, refID, nil |
There was a problem hiding this comment.
You have both a default return and a return at the end of the first branch
You should remove the default return or remove the return at the of the first branch.
alessandro-sorint
force-pushed
the
issue-428
branch
from
adf13b6
to
6cee32d
Compare
| @@ -93,6 +93,8 @@ type CreateUpdateProjectRequest struct { | |||
| SkipSSHHostKeyCheck bool | |||
| PassVarsToForkedPR bool | |||
| DefaultBranch string | |||
| //MembersCanPerformRunActions define if users of the organization can restart/stop/cancel a project run | |||
There was a problem hiding this comment.
// MembersCanPerformRunActions defines if project organization members can restart/stop/cancel a project run
| return errors.WithStack(err) | ||
| } | ||
| if ownerType == types.ObjectKindUser && req.MembersCanPerformRunActions { | ||
| return util.NewAPIError(util.ErrBadRequest, errors.Errorf("Cannot set MembersCanPerformRunActions on an user project.")) |
There was a problem hiding this comment.
obviously the first letter of errors has never been capital so
s/Cannot/cannot/
tests/setup_test.go
Outdated
| remoteErrorUnauthorized = "remote error unauthorized" | ||
| remoteErrorUnknown = "unknown api error (status: 403)" | ||
| remoteErrorInternal = "remote error internal" |
There was a problem hiding this comment.
I meant only the strings for the remoteErrorForbidden you added. The others should be done in another PR...
tests/setup_test.go
Outdated
| remoteErrorBadRequest = "remote error badrequest" | ||
| remoteErrorNotExist = "remote error notexist" | ||
| remoteErrorBadRequest = "remote error badrequest" | ||
| remoteErrorForbiddenRequest = "remote error forbidden" |
tests/setup_test.go
Outdated
|
|
||
| push(t, config, giteaRepo.CloneURL, giteaToken, "commit", false) | ||
|
|
||
| // test org run actions user owner |
There was a problem hiding this comment.
// test org run actions executed by an user that's organization owner
tests/setup_test.go
Outdated
| t.Fatalf("unexpected err: %v", err) | ||
| } | ||
|
|
||
| // test org run actions user member |
There was a problem hiding this comment.
// test org run actions executed by an user that's organization moember with project MembersCanPerformRunActions set to true
tests/setup_test.go
Outdated
| t.Fatalf("unexpected err: %v", err) | ||
| } | ||
|
|
||
| // test org run actions user not member |
There was a problem hiding this comment.
// test org run actions executed by an user that isn't organization member
tests/setup_test.go
Outdated
| ` | ||
| expectedErr := remoteErrorForbiddenRequest | ||
|
|
||
| t.Run("test org run actions", func(t *testing.T) { |
There was a problem hiding this comment.
// test run actions on org's project
tests/setup_test.go
Outdated
| } | ||
| }) | ||
|
|
||
| t.Run("test user run actions", func(t *testing.T) { |
There was a problem hiding this comment.
// test run actions on user's project
|
@alessandro-sorint |
alessandro-sorint
force-pushed
the
issue-428
branch
3 times, most recently
from
06ad852
to
93fd5d1
Compare
tests/setup_test.go
Outdated
| tests := []struct { | ||
| name string | ||
| passVarsToForkedPR bool | ||
| expectedPre bool | ||
| expectedPost bool | ||
| name string | ||
| passVarsToForkedPR bool | ||
| expectedPre bool | ||
| expectedPost bool | ||
| membersCanPerformRunActions bool | ||
| }{ | ||
| { | ||
| name: "test project update with pass-vars-to-forked-pr true", | ||
| passVarsToForkedPR: true, | ||
| expectedPre: false, | ||
| expectedPost: true, | ||
| name: "test project update with pass-vars-to-forked-pr true and membersCanPerformRunActions false ", | ||
| passVarsToForkedPR: true, | ||
| expectedPre: false, | ||
| expectedPost: true, | ||
| membersCanPerformRunActions: false, | ||
| }, | ||
| { | ||
| name: "test project update with pass-vars-to-forked-pr false", | ||
| passVarsToForkedPR: false, | ||
| expectedPre: false, | ||
| expectedPost: false, | ||
| name: "test project update with pass-vars-to-forked-pr false and membersCanPerformRunActions false", | ||
| passVarsToForkedPR: false, | ||
| expectedPre: false, | ||
| expectedPost: false, | ||
| membersCanPerformRunActions: false, | ||
| }, | ||
| } | ||
|
|
||
| for _, tt := range tests { | ||
| t.Run(tt.name, func(t *testing.T) { | ||
| dir := t.TempDir() | ||
|
|
||
| ctx, cancel := context.WithCancel(context.Background()) | ||
| defer cancel() | ||
|
|
||
| sc := setup(ctx, t, dir, withGitea(true)) | ||
| defer sc.stop() | ||
|
|
||
| giteaAPIURL := fmt.Sprintf("http://%s:%s", sc.gitea.HTTPListenAddress, sc.gitea.HTTPPort) | ||
|
|
||
| giteaToken, token := createLinkedAccount(ctx, t, sc.gitea, sc.config) | ||
|
|
||
| giteaClient, err := gitea.NewClient(giteaAPIURL, gitea.SetToken(giteaToken)) | ||
| if err != nil { | ||
| t.Fatalf("unexpected err: %v", err) | ||
| } | ||
|
|
||
| gwClient := gwclient.NewClient(sc.config.Gateway.APIExposedURL, token) | ||
|
|
||
| _, project := createProject(ctx, t, giteaClient, gwClient) | ||
| if project.PassVarsToForkedPR != tt.expectedPre { | ||
| t.Fatalf("expected PassVarsToForkedPR %v, got %v (pre-update)", tt.expectedPre, project.PassVarsToForkedPR) | ||
| } | ||
| if project.MembersCanPerformRunActions != tt.membersCanPerformRunActions { | ||
| t.Fatalf("expected MembersCanPerformRunActions %v, got %v (pre-update)", tt.membersCanPerformRunActions, project.MembersCanPerformRunActions) | ||
| } | ||
| project = updateProject(ctx, t, giteaClient, gwClient, project.ID, tt.passVarsToForkedPR) | ||
| if project.PassVarsToForkedPR != tt.expectedPost { | ||
| t.Fatalf("expected PassVarsToForkedPR %v, got %v (port-update)", tt.expectedPost, project.PassVarsToForkedPR) | ||
| } | ||
| if project.MembersCanPerformRunActions != tt.membersCanPerformRunActions { | ||
| t.Fatalf("expected MembersCanPerformRunActions %v, got %v (port-update)", tt.membersCanPerformRunActions, project.MembersCanPerformRunActions) | ||
| } | ||
| }) | ||
| } |
There was a problem hiding this comment.
This mix of tests matrix and single sub tests is confusing. Also the pre/post stuff could be removed. Probably the 2 tests in the matrix could be just changed to standard sub tests.
tests/setup_test.go
Outdated
| t.Fatalf("unexpected err: %v", err) | ||
| } | ||
|
|
||
| // test org run actions executed by an user that's organization moember with project MembersCanPerformRunActions set to true |
tests/setup_test.go
Outdated
| t.Fatalf("expected err %v, got err: %v", expectedErr, err) | ||
| } | ||
|
|
||
| // test MembersCanPerformRunActions false user member |
tests/setup_test.go
Outdated
| } | ||
| }) | ||
|
|
||
| t.Run("// test run actions on user's project", func(t *testing.T) { |
tests/setup_test.go
Outdated
| _, _, err = gwAdminClient.CreateUser(ctx, &gwapitypes.CreateUserRequest{UserName: agolaUser03}) | ||
| if err != nil { | ||
| t.Fatalf("unexpected err: %v", err) | ||
| } | ||
|
|
||
| token, _, err = gwAdminClient.CreateUserToken(ctx, agolaUser03, &gwapitypes.CreateUserTokenRequest{TokenName: "testtoken"}) | ||
| if err != nil { | ||
| t.Fatalf("unexpected err: %v", err) | ||
| } | ||
|
|
||
| gwUser03Client := gwclient.NewClient(sc.config.Gateway.APIExposedURL, token.Token) |
There was a problem hiding this comment.
users's creation and related stuffs at the start of the test.
tests/setup_test.go
Outdated
| _, _, err = gwAdminClient.CreateUser(ctx, &gwapitypes.CreateUserRequest{UserName: agolaUser02}) | ||
| if err != nil { | ||
| t.Fatalf("unexpected err: %v", err) | ||
| } | ||
|
|
||
| token, _, err := gwAdminClient.CreateUserToken(ctx, agolaUser02, &gwapitypes.CreateUserTokenRequest{TokenName: "testtoken"}) | ||
| if err != nil { | ||
| t.Fatalf("unexpected err: %v", err) | ||
| } | ||
|
|
||
| gwUser02Client := gwclient.NewClient(sc.config.Gateway.APIExposedURL, token.Token) |
There was a problem hiding this comment.
users's creation and related stuffs at the start of the test.
tests/setup_test.go
Outdated
| gwAdminClient := gwclient.NewClient(sc.config.Gateway.APIExposedURL, sc.config.Gateway.AdminToken) | ||
| if err != nil { | ||
| t.Fatalf("unexpected err: %v", err) | ||
| } | ||
|
|
There was a problem hiding this comment.
users's creation and related stuffs at the start of the test.
alessandro-sorint
force-pushed
the
issue-428
branch
from
93fd5d1
to
6c40d49
Compare
tests/setup_test.go
Outdated
|
|
||
| _, project := createProject(ctx, t, giteaClient, gwClient) | ||
| if project.PassVarsToForkedPR != false { | ||
| t.Fatalf("expected PassVarsToForkedPR false, got %v (pre-update)", project.PassVarsToForkedPR) |
tests/setup_test.go
Outdated
|
|
||
| project = updateProject(ctx, t, giteaClient, gwClient, project.ID, false) | ||
| if project.PassVarsToForkedPR != false { | ||
| t.Fatalf("expected PassVarsToForkedPR false, got %v (pre-update)", project.PassVarsToForkedPR) |
tests/setup_test.go
Outdated
|
|
||
| project = updateProject(ctx, t, giteaClient, gwClient, project.ID, true) | ||
| if project.PassVarsToForkedPR != true { | ||
| t.Fatalf("expected PassVarsToForkedPR false, got %v (pre-update)", project.PassVarsToForkedPR) |
tests/setup_test.go
Outdated
| if project.PassVarsToForkedPR != tt.expectedPre { | ||
| t.Fatalf("expected PassVarsToForkedPR %v, got %v (pre-update)", tt.expectedPre, project.PassVarsToForkedPR) | ||
| if project.MembersCanPerformRunActions != false { | ||
| t.Fatalf("expected MembersCanPerformRunActions false, got %v (pre-update)", project.MembersCanPerformRunActions) |
tests/setup_test.go
Outdated
| t.Fatalf("expected PassVarsToForkedPR false, got %v (pre-update)", project.PassVarsToForkedPR) | ||
| } | ||
|
|
||
| project = updateProject(ctx, t, giteaClient, gwClient, project.ID, true) |
There was a problem hiding this comment.
remove updateProject function and directly call the api here as done in other tests.
…ect run This patch adds a project option to permit org members to execute run actions (restart/stop/cancel) The `MembersCanPerformRunActions` option has been added to the project type. The API will permit to set it to true on project create/update only for projects belonging to an organization and will return an error when on user's projects.
alessandro-sorint
force-pushed
the
issue-428
branch
from
6c40d49
to
987c613
Compare
add an ui checkbox to let the project owner enable the project option to let members perform run actions as implemented in agola-io/agola#446
add an ui checkbox to let the project owner enable the project option to let members perform run actions as implemented in agola-io/agola#446
add an ui checkbox to let the project owner enable the project option to let members perform run actions as implemented in agola-io/agola#446
add an ui checkbox to let the project owner enable the project option to let members perform run actions as implemented in agola-io/agola#446
add an ui checkbox to let the project owner enable the project option to let members perform run actions as implemented in agola-io/agola#446
add an ui checkbox to let the project owner enable the project option to let members perform run actions as implemented in agola-io/agola#446
add an ui checkbox to let the project owner enable the project option to let members perform run actions as implemented in agola-io/agola#446
add an ui checkbox to let the project owner enable the project option to let members perform run actions as implemented in agola-io/agola#446
add an ui checkbox to let the project owner enable the project option to let members perform run actions as implemented in agola-io/agola#446
add an ui checkbox to let the project owner enable the project option to let members perform run actions as implemented in agola-io/agola#446
add an ui checkbox to let the project owner enable the project option to let members perform run actions as implemented in agola-io/agola#446
add an ui checkbox to let the project owner enable the project option to let members perform run actions as implemented in agola-io/agola#446
This patch adds a project option to permit org members to execute run actions (restart/stop/cancel)
The
MembersCanPerformRunActionsoption has been added to the project type. The API will permit to set it to true on project create/update only for projects belonging to an organization and will return an error when on user's projects.fix #428