Implement rebuild token policy

openSUSE · Apr 26, 2021 · 1e94668 · 1e94668
1 parent 026b699
commit 1e94668
Show file tree

Hide file tree

Showing 6 changed files with 24 additions and 10 deletions.
diff --git a/src/api/app/controllers/trigger_controller.rb b/src/api/app/controllers/trigger_controller.rb
@@ -31,21 +31,27 @@ def create
     # authentication   # Done
     # get token        # Done
     # pundit           # TODO
-
     authorize @token
+    params[:project]
+    rebuild_trigger = PackageControllerService::RebuildTrigger.new(package: @pkg, project: @prj, params: params)
+    authorize rebuild_trigger.policy_object, :update?    
+
     # the token type inference, we are still doing via action type.
     @token.call(params) # i.e Token::Rebuild / Token::Release / Token::Service
     render_ok
   end
 
+  # FIXME: Redirect this via routes
   def rebuild
     create
   end
 
+  # FIXME: Redirect this via routes
   def release
     create
   end
 
+  # FIXME: Redirect this via routes
   def runservice
     create
   end

diff --git a/src/api/app/models/token/service.rb b/src/api/app/models/token/service.rb
@@ -5,12 +5,6 @@ def self.token_name
 
   # TODO: Use package_from_association_or_params instead of package
   def call(_params)
-    # TODO: move it to pundit in the trigger controller
-    # if !@user.is_active? || !@user.can_modify?(@package)
-    #  render_error message: 'Token not found or not valid.', status: 404
-    #  return
-    # end
-
     Backend::Api::Sources::Package.trigger_services(package.project.name, package.name, user.login)
     # TODO
     # check if its necessary

diff --git a/src/api/app/policies/package_policy.rb b/src/api/app/policies/package_policy.rb
@@ -22,6 +22,10 @@ def create_branch?
     true
   end
 
+  def rebuild?
+    return @project if @project != @package.project
+  end
+
   def update?
     user.can_modify?(record)
   end

diff --git a/src/api/app/policies/token/rebuild_policy.rb b/src/api/app/policies/token/rebuild_policy.rb
@@ -5,6 +5,8 @@ def initialize(_user, record)
     end
 
     def create?
+      return false unless record.user.is_active?
+
       PackagePolicy.new(record.user, record.package_from_association_or_params).update?
     end
   end

diff --git a/src/api/app/policies/token/service_policy.rb b/src/api/app/policies/token/service_policy.rb
@@ -4,6 +4,10 @@ def initialize(_user, record)
       super(record.user, record)
     end
 
-    def create?; end
+    def create?
+      return false unless record.user.is_active?
+
+      PackagePolicy.new(record.user, record.package_from_association_or_params).update?
+    end
   end
 end
diff --git a/src/api/app/services/package_controller_service/rebuild_trigger.rb b/src/api/app/services/package_controller_service/rebuild_trigger.rb
@@ -13,9 +13,13 @@ def rebuild?
 
     # When we're in a linked project, the package's project points to some other
     # project, not the one we're triggering the build from.
-    # Here we detect that, and if so, we authorize against the linked project.
+    def linked_project?
+      @project != @package.project
+    end
+
+    # Here we detect if we're on a linked project, and if so, we authorize against the linked project.
     def policy_object
-      return @project if @project != @package.project
+      return @project if linked_project?
 
       @package
     end