screwdriver-api 4.1.271 → 4.1.274

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "screwdriver-api",
-  "version": "4.1.271",
+  "version": "4.1.274",
   "description": "API server for the Screwdriver.cd service",
   "main": "index.js",
   "scripts": {
@@ -105,7 +105,7 @@
     "screwdriver-config-parser": "^7.6.0",
     "screwdriver-coverage-bookend": "^1.0.3",
     "screwdriver-coverage-sonar": "^3.4.0",
-    "screwdriver-data-schema": "^21.26.2",
+    "screwdriver-data-schema": "^21.27.0",
     "screwdriver-datastore-sequelize": "^7.2.7",
     "screwdriver-executor-base": "^8.4.0",
     "screwdriver-executor-docker": "^5.0.1",
@@ -114,7 +114,7 @@
     "screwdriver-executor-queue": "^3.1.2",
     "screwdriver-executor-router": "^2.3.0",
     "screwdriver-logger": "^1.1.0",
-    "screwdriver-models": "^28.17.8",
+    "screwdriver-models": "^28.18.1",
     "screwdriver-notifications-email": "^2.2.0",
     "screwdriver-notifications-slack": "^3.2.1",
     "screwdriver-request": "^1.0.3",
@@ -125,7 +125,7 @@
     "screwdriver-scm-router": "^6.3.0",
     "screwdriver-template-validator": "^5.2.0",
     "screwdriver-workflow-parser": "^3.2.1",
-    "sqlite3": "^5.0.9",
+    "sqlite3": "^5.0.11",
     "stream": "0.0.2",
     "tinytim": "^0.1.1",
     "uuid": "^8.3.2",

package/plugins/events/create.js

@@ -117,6 +117,8 @@ module.exports = () => ({
 
             if (!pipeline) {
                 throw boom.notFound();
+            } else if (pipeline.state === 'INACTIVE') {
+                throw boom.badRequest('Cannot create an event for an inactive pipeline');
             }
 
             payload.scmContext = pipeline.scmContext;

package/plugins/pipelines/remove.js

@@ -29,10 +29,10 @@ module.exports = () => ({
                     if (!pipeline) {
                         throw boom.notFound('Pipeline does not exist');
                     }
-                    if (pipeline.configPipelineId) {
+                    if (pipeline.configPipelineId && pipeline.state !== 'INACTIVE') {
                         throw boom.forbidden(
                             'Child pipeline can only be removed' +
-                                `by modifying scmUrls in config pipeline ${pipeline.configPipelineId}`
+                                ` after removing it from scmUrls in config pipeline ${pipeline.configPipelineId}`
                         );
                     }
                     if (!user) {

package/plugins/pipelines/startAll.js

@@ -36,7 +36,8 @@ module.exports = () => ({
 
             const pipelines = await pipelineFactory.list({
                 params: {
-                    configPipelineId: id
+                    configPipelineId: id,
+                    state: 'ACTIVE'
                 }
             });
 

package/plugins/pipelines/sync.js

@@ -22,7 +22,7 @@ module.exports = () => ({
         handler: async (request, h) => {
             const { id } = request.params;
             const { pipelineFactory, userFactory } = request.server.app;
-            const { username, scmContext } = request.auth.credentials;
+            const { username, scmContext, scope } = request.auth.credentials;
             const { isValidToken } = request.server.plugins.pipelines;
 
             if (!isValidToken(id, request.auth.credentials)) {
@@ -44,30 +44,38 @@ module.exports = () => ({
 
             // Use parent's scmUri if pipeline is child pipeline and using read-only SCM
             const scmUri = await getScmUri({ pipeline, pipelineFactory });
+            let hasPushPermissions = false;
+            let permissions;
 
-            // Check the user's permission
-            const permissions = await user.getPermissions(scmUri).catch(error => {
+            try {
+                // Get user permissions
+                permissions = await user.getPermissions(scmUri);
+            } catch (error) {
                 throw boom.boomify(error, { statusCode: error.statusCode });
-            });
+            }
 
             // check if user has push access
             if (!permissions.push) {
-                // the user who is not permitted is deleted from admins table
+                // user is not permitted, delete from admins table
                 const newAdmins = pipeline.admins;
 
                 delete newAdmins[username];
                 // This is needed to make admins dirty and update db
                 pipeline.admins = newAdmins;
 
-                return pipeline.update().then(() => {
+                await pipeline.update();
+
+                if (!scope.includes('admin')) {
                     throw boom.forbidden(
                         `User ${user.getFullDisplayName()} does not have push permission for this repo`
                     );
-                });
+                }
+            } else {
+                hasPushPermissions = true;
             }
 
             // user has good permissions, add the user as an admin
-            if (!pipeline.admins[username]) {
+            if (!pipeline.admins[username] && hasPushPermissions) {
                 const newAdmins = pipeline.admins;
 
                 newAdmins[username] = true;
@@ -78,7 +86,6 @@ module.exports = () => ({
             }
 
             try {
-                // user has good permissions, sync the pipeline
                 await pipeline.sync();
 
                 return h.response().code(204);

package/plugins/pipelines/syncPRs.js

@@ -21,7 +21,7 @@ module.exports = () => ({
         handler: async (request, h) => {
             const { id } = request.params;
             const { pipelineFactory, userFactory } = request.server.app;
-            const { username, scmContext } = request.auth.credentials;
+            const { username, scmContext, scope } = request.auth.credentials;
 
             // Fetch the pipeline and user models
             const [pipeline, user] = await Promise.all([
@@ -36,11 +36,13 @@ module.exports = () => ({
                 throw boom.notFound(`User ${username} does not exist`);
             }
 
-            // Use parent's scmUri if pipeline is child pipeline and using read-only SCM
-            const scmUri = await getScmUri({ pipeline, pipelineFactory });
+            if (!scope.includes('admin')) {
+                // Use parent's scmUri if pipeline is child pipeline and using read-only SCM
+                const scmUri = await getScmUri({ pipeline, pipelineFactory });
 
-            // Check the user's permission
-            await getUserPermissions({ user, scmUri, level: 'push' });
+                // Check the user's permission
+                await getUserPermissions({ user, scmUri, level: 'push' });
+            }
 
             await pipeline.syncPRs();
 

package/plugins/pipelines/syncWebhooks.js

@@ -21,7 +21,7 @@ module.exports = () => ({
         handler: async (request, h) => {
             const { id } = request.params;
             const { pipelineFactory, userFactory } = request.server.app;
-            const { username, scmContext } = request.auth.credentials;
+            const { username, scmContext, scope } = request.auth.credentials;
 
             // Fetch the pipeline and user models
             const [pipeline, user] = await Promise.all([
@@ -36,11 +36,13 @@ module.exports = () => ({
                 throw boom.notFound(`User ${username} does not exist`);
             }
 
-            // Use parent's scmUri if pipeline is child pipeline and using read-only SCM
-            const scmUri = await getScmUri({ pipeline, pipelineFactory });
+            if (!scope.includes('admin')) {
+                // Use parent's scmUri if pipeline is child pipeline and using read-only SCM
+                const scmUri = await getScmUri({ pipeline, pipelineFactory });
 
-            // Check the user's permission
-            await getUserPermissions({ user, scmUri, level: 'push' });
+                // Check the user's permission
+                await getUserPermissions({ user, scmUri, level: 'push' });
+            }
 
             // user has good permissions, add or update webhooks
             await pipeline.addWebhooks(`${request.server.info.uri}/v4/webhooks`);

package/plugins/webhooks/helper.js

@@ -302,8 +302,18 @@ async function triggeredPipelines(
     const splitUri = scmUri.split(':');
     const scmBranch = `${splitUri[0]}:${splitUri[1]}:${splitUri[2]}`;
     const scmRepoId = `${splitUri[0]}:${splitUri[1]}`;
-    const listConfig = { search: { field: 'scmUri', keyword: `${scmRepoId}:%` } };
-    const externalRepoSearchConfig = { search: { field: 'subscribedScmUrlsWithActions', keyword: `%${scmRepoId}:%` } };
+    const listConfig = {
+        search: { field: 'scmUri', keyword: `${scmRepoId}:%` },
+        params: {
+            state: 'ACTIVE'
+        }
+    };
+    const externalRepoSearchConfig = {
+        search: { field: 'subscribedScmUrlsWithActions', keyword: `%${scmRepoId}:%` },
+        params: {
+            state: 'ACTIVE'
+        }
+    };
 
     const pipelines = await pipelineFactory.list(listConfig);