Check ability to update build on the API resource

53219857 · Grzegorz Bizon · 3264e09c · 53219857 · 53219857
Commit 53219857 authored May 05, 2017 by Grzegorz Bizon
Show whitespace changes
Inline Side-by-side

Showing with 14 additions and 5 deletions

lib/api/jobs.rb lib/api/jobs.rb +7 -2

lib/api/v3/builds.rb lib/api/v3/builds.rb +7 -3

No files found.
--- a/lib/api/jobs.rb
+++ b/lib/api/jobs.rb
@@ -132,6 +132,7 @@ module API
        authorize_update_builds!

        build = get_build!(params[:job_id])
+        authorize!(:update_build, build)

        build.cancel

@@ -148,6 +149,7 @@ module API
        authorize_update_builds!

        build = get_build!(params[:job_id])
+        authorize!(:update_build, build)
        return forbidden!('Job is not retryable') unless build.retryable?

        build = Ci::Build.retry(build, current_user)
@@ -165,6 +167,7 @@ module API
        authorize_update_builds!

        build = get_build!(params[:job_id])
+        authorize!(:update_build, build)
        return forbidden!('Job is not erasable!') unless build.erasable?

        build.erase(erased_by: current_user)
@@ -181,6 +184,7 @@ module API
        authorize_update_builds!

        build = get_build!(params[:job_id])
+        authorize!(:update_build, build)
        return not_found!(build) unless build.artifacts?

        build.keep_artifacts!
@@ -201,6 +205,7 @@ module API

        build = get_build!(params[:job_id])

+        authorize!(:update_build, build)
        bad_request!("Unplayable Job") unless build.playable?

        build.play(current_user)
@@ -211,12 +216,12 @@ module API
    end

    helpers do
-      def get_build(id)
+      def find_build(id)
        user_project.builds.find_by(id: id.to_i)
      end

      def get_build!(id)
-        get_build(id) || not_found!
+        find_build(id) || not_found!
      end

      def present_artifacts!(artifacts_file)

--- a/lib/api/v3/builds.rb
+++ b/lib/api/v3/builds.rb
@@ -134,6 +134,7 @@ module API
          authorize_update_builds!

          build = get_build!(params[:build_id])
+          authorize!(:update_build, build)

          build.cancel

@@ -150,6 +151,7 @@ module API
          authorize_update_builds!

          build = get_build!(params[:build_id])
+          authorize!(:update_build, build)
          return forbidden!('Build is not retryable') unless build.retryable?

          build = Ci::Build.retry(build, current_user)
@@ -167,6 +169,7 @@ module API
          authorize_update_builds!

          build = get_build!(params[:build_id])
+          authorize!(:update_build, build)
          return forbidden!('Build is not erasable!') unless build.erasable?

          build.erase(erased_by: current_user)
@@ -183,6 +186,7 @@ module API
          authorize_update_builds!

          build = get_build!(params[:build_id])
+          authorize!(:update_build, build)
          return not_found!(build) unless build.artifacts?

          build.keep_artifacts!
@@ -202,7 +206,7 @@ module API
          authorize_read_builds!

          build = get_build!(params[:build_id])
-
+          authorize!(:update_build, build)
          bad_request!("Unplayable Job") unless build.playable?

          build.play(current_user)
@@ -213,12 +217,12 @@ module API
      end

      helpers do
-        def get_build(id)
+        def find_build(id)
          user_project.builds.find_by(id: id.to_i)
        end

        def get_build!(id)
-          get_build(id) || not_found!
+          find_build(id) || not_found!
        end

        def present_artifacts!(artifacts_file)