configstore: add ability to org members to restart stop cancel a proj…

…ect run update project type add MembersCanPerformRunActions add ability to all org members to execute run actions check MembersCanPerformRunActions is false when create/update user projects
agola-io · Oct 13, 2023 · 06ad852 · 06ad852
1 parent 94d3283
commit 06ad852
Show file tree

Hide file tree

Showing 24 changed files with 1,450 additions and 160 deletions.
diff --git a/internal/services/configstore/action/project.go b/internal/services/configstore/action/project.go
@@ -93,6 +93,8 @@ type CreateUpdateProjectRequest struct {
 	SkipSSHHostKeyCheck        bool
 	PassVarsToForkedPR         bool
 	DefaultBranch              string
+	// MembersCanPerformRunActions defines if project organization members can restart/stop/cancel a project run
+	MembersCanPerformRunActions bool
 }
 
 func (h *ActionHandler) CreateProject(ctx context.Context, req *CreateUpdateProjectRequest) (*types.Project, error) {
@@ -112,6 +114,14 @@ func (h *ActionHandler) CreateProject(ctx context.Context, req *CreateUpdateProj
 		}
 		req.Parent.ID = group.ID
 
+		ownerType, _, err := h.d.GetProjectGroupOwnerID(tx, group)
+		if err != nil {
+			return errors.WithStack(err)
+		}
+		if ownerType == types.ObjectKindUser && req.MembersCanPerformRunActions {
+			return util.NewAPIError(util.ErrBadRequest, errors.Errorf("cannot set MembersCanPerformRunActions on an user project."))
+		}
+
 		groupPath, err := h.d.GetProjectGroupPath(tx, group)
 		if err != nil {
 			return errors.WithStack(err)
@@ -163,6 +173,7 @@ func (h *ActionHandler) CreateProject(ctx context.Context, req *CreateUpdateProj
 		project.SkipSSHHostKeyCheck = req.SkipSSHHostKeyCheck
 		project.PassVarsToForkedPR = req.PassVarsToForkedPR
 		project.DefaultBranch = req.DefaultBranch
+		project.MembersCanPerformRunActions = req.MembersCanPerformRunActions
 
 		// generate the Secret and the WebhookSecret
 		// TODO(sgotti) move this to the gateway?
@@ -209,6 +220,14 @@ func (h *ActionHandler) UpdateProject(ctx context.Context, curProjectRef string,
 		}
 		req.Parent.ID = group.ID
 
+		ownerType, _, err := h.d.GetProjectGroupOwnerID(tx, group)
+		if err != nil {
+			return errors.WithStack(err)
+		}
+		if ownerType == types.ObjectKindUser && req.MembersCanPerformRunActions {
+			return util.NewAPIError(util.ErrBadRequest, errors.Errorf("cannot set MembersCanPerformRunActions on an user project."))
+		}
+
 		groupPath, err := h.d.GetProjectGroupPath(tx, group)
 		if err != nil {
 			return errors.WithStack(err)
@@ -273,6 +292,7 @@ func (h *ActionHandler) UpdateProject(ctx context.Context, curProjectRef string,
 		project.SkipSSHHostKeyCheck = req.SkipSSHHostKeyCheck
 		project.PassVarsToForkedPR = req.PassVarsToForkedPR
 		project.DefaultBranch = req.DefaultBranch
+		project.MembersCanPerformRunActions = req.MembersCanPerformRunActions
 
 		if err := h.d.UpdateProject(tx, project); err != nil {
 			return errors.WithStack(err)

diff --git a/internal/services/configstore/api/project.go b/internal/services/configstore/api/project.go
@@ -171,18 +171,19 @@ func (h *CreateProjectHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
 	}
 
 	areq := &action.CreateUpdateProjectRequest{
-		Name:                       req.Name,
-		Parent:                     req.Parent,
-		Visibility:                 req.Visibility,
-		RemoteRepositoryConfigType: req.RemoteRepositoryConfigType,
-		RemoteSourceID:             req.RemoteSourceID,
-		LinkedAccountID:            req.LinkedAccountID,
-		RepositoryID:               req.RepositoryID,
-		RepositoryPath:             req.RepositoryPath,
-		SSHPrivateKey:              req.SSHPrivateKey,
-		SkipSSHHostKeyCheck:        req.SkipSSHHostKeyCheck,
-		PassVarsToForkedPR:         req.PassVarsToForkedPR,
-		DefaultBranch:              req.DefaultBranch,
+		Name:                        req.Name,
+		Parent:                      req.Parent,
+		Visibility:                  req.Visibility,
+		RemoteRepositoryConfigType:  req.RemoteRepositoryConfigType,
+		RemoteSourceID:              req.RemoteSourceID,
+		LinkedAccountID:             req.LinkedAccountID,
+		RepositoryID:                req.RepositoryID,
+		RepositoryPath:              req.RepositoryPath,
+		SSHPrivateKey:               req.SSHPrivateKey,
+		SkipSSHHostKeyCheck:         req.SkipSSHHostKeyCheck,
+		PassVarsToForkedPR:          req.PassVarsToForkedPR,
+		DefaultBranch:               req.DefaultBranch,
+		MembersCanPerformRunActions: req.MembersCanPerformRunActions,
 	}
 
 	project, err := h.ah.CreateProject(ctx, areq)
@@ -230,18 +231,19 @@ func (h *UpdateProjectHandler) ServeHTTP(w http.ResponseWriter, r *http.Request)
 	}
 
 	areq := &action.CreateUpdateProjectRequest{
-		Name:                       req.Name,
-		Parent:                     req.Parent,
-		Visibility:                 req.Visibility,
-		RemoteRepositoryConfigType: req.RemoteRepositoryConfigType,
-		RemoteSourceID:             req.RemoteSourceID,
-		LinkedAccountID:            req.LinkedAccountID,
-		RepositoryID:               req.RepositoryID,
-		RepositoryPath:             req.RepositoryPath,
-		SSHPrivateKey:              req.SSHPrivateKey,
-		SkipSSHHostKeyCheck:        req.SkipSSHHostKeyCheck,
-		PassVarsToForkedPR:         req.PassVarsToForkedPR,
-		DefaultBranch:              req.DefaultBranch,
+		Name:                        req.Name,
+		Parent:                      req.Parent,
+		Visibility:                  req.Visibility,
+		RemoteRepositoryConfigType:  req.RemoteRepositoryConfigType,
+		RemoteSourceID:              req.RemoteSourceID,
+		LinkedAccountID:             req.LinkedAccountID,
+		RepositoryID:                req.RepositoryID,
+		RepositoryPath:              req.RepositoryPath,
+		SSHPrivateKey:               req.SSHPrivateKey,
+		SkipSSHHostKeyCheck:         req.SkipSSHHostKeyCheck,
+		PassVarsToForkedPR:          req.PassVarsToForkedPR,
+		DefaultBranch:               req.DefaultBranch,
+		MembersCanPerformRunActions: req.MembersCanPerformRunActions,
 	}
 
 	project, err := h.ah.UpdateProject(ctx, projectRef, areq)

diff --git a/internal/services/configstore/configstore_test.go b/internal/services/configstore/configstore_test.go
@@ -662,6 +662,33 @@ func TestProjectUpdate(t *testing.T) {
 			t.Fatalf("unexpected err: %v", err)
 		}
 	})
+	t.Run("test user project MembersCanPerformRunActions parameter", func(t *testing.T) {
+		expectedErr := util.NewAPIError(util.ErrBadRequest, errors.Errorf("cannot set MembersCanPerformRunActions on an user project."))
+		_, err := cs.ah.CreateProject(ctx, &action.CreateUpdateProjectRequest{
+			Name:                        "project03",
+			Parent:                      types.Parent{Kind: types.ObjectKindProjectGroup, ID: path.Join("user", user.Name)},
+			Visibility:                  types.VisibilityPublic,
+			RemoteRepositoryConfigType:  types.RemoteRepositoryConfigTypeManual,
+			MembersCanPerformRunActions: true,
+		})
+		if err == nil {
+			t.Fatalf("expected error %v, got nil err", expectedErr)
+		}
+		if err.Error() != expectedErr.Error() {
+			t.Fatalf("expected err %v, got err: %v", expectedErr, err)
+		}
+
+		// test update user project
+
+		p01.MembersCanPerformRunActions = true
+		_, err = cs.ah.UpdateProject(ctx, path.Join("user", user.Name, "project01"), p01)
+		if err == nil {
+			t.Fatalf("expected error %v, got nil err", expectedErr)
+		}
+		if err.Error() != expectedErr.Error() {
+			t.Fatalf("expected err %v, got err: %v", expectedErr, err)
+		}
+	})
 }
 
 func TestProjectGroupUpdate(t *testing.T) {

diff --git a/internal/services/configstore/db/ddl.go b/internal/services/configstore/db/ddl.go
diff --git a/internal/services/configstore/db/dml.go b/internal/services/configstore/db/dml.go