Merge #466 Introduce 'admins' config option and allow users defined there to cancel any module build.

2026-04-13 21:09:53 +08:00 · 2017-03-29 12:46:45 +00:00
parent f7c8478d9c c5f9d713cc
commit 0b12e85e97
3 changed files with 26 additions and 2 deletions
--- a/module_build_service/config.py
+++ b/module_build_service/config.py
@@ -303,6 +303,10 @@ class Config(object):
            'type': bool,
            'default': False,
            'desc': 'Disable client authentication.'},
+        'admins': {
+            'type': list,
+            'default': [],
+            'desc': 'List of names of users with admin privileges.'},
    }

    def __init__(self, conf_section_obj):
--- a/module_build_service/views.py
+++ b/module_build_service/views.py
@@ -165,7 +165,7 @@ class ModuleBuildAPI(MethodView):
        if not module:
            raise NotFound('No such module found.')

-        if module.owner != username:
+        if module.owner != username and username not in conf.admins:
            raise Forbidden('You are not owner of this build and '
                            'therefore cannot modify it.')

--- a/tests/test_views/test_views.py
+++ b/tests/test_views/test_views.py
@@ -535,7 +535,7 @@ class TestViews(unittest.TestCase):
        self.assertEquals(data['state_reason'], 'Canceled by some_other_user.')

    @patch('module_build_service.auth.get_user', return_value=('sammy', set()))
-    def test_cancel_build_unauthorized(self, mocked_get_user):
+    def test_cancel_build_unauthorized_no_groups(self, mocked_get_user):
        rv = self.client.patch('/module-build-service/1/module-builds/30',
                               data=json.dumps({'state': 'failed'}))
        data = json.loads(rv.data)
@@ -543,6 +543,26 @@ class TestViews(unittest.TestCase):
        self.assertEquals(data['status'], 403)
        self.assertEquals(data['error'], 'Forbidden')

+    @patch('module_build_service.auth.get_user', return_value=('sammy', set(["packager"])))
+    def test_cancel_build_unauthorized_not_owner(self, mocked_get_user):
+        rv = self.client.patch('/module-build-service/1/module-builds/30',
+                               data=json.dumps({'state': 'failed'}))
+        data = json.loads(rv.data)
+
+        self.assertEquals(data['status'], 403)
+        self.assertEquals(data['error'], 'Forbidden')
+
+    @patch('module_build_service.auth.get_user', return_value=('sammy', set(["packager"])))
+    def test_cancel_build_admin(self, mocked_get_user):
+        with patch("module_build_service.config.Config.admins",
+                new_callable=PropertyMock, return_value = ["sammy"]):
+            rv = self.client.patch('/module-build-service/1/module-builds/30',
+                                data=json.dumps({'state': 'failed'}))
+            data = json.loads(rv.data)
+
+            self.assertEquals(data['state'], 4)
+            self.assertEquals(data['state_reason'], 'Canceled by sammy.')
+
    @patch('module_build_service.auth.get_user', return_value=other_user)
    def test_cancel_build_wrong_param(self, mocked_get_user):
        rv = self.client.patch('/module-build-service/1/module-builds/30',