screwdriver-api 8.0.116 → 8.0.117

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/package.json +1 -1
  2. package/plugins/events/stopBuilds.js +11 -8
  3. package/plugins/helper.js +5 -1
  4. package/plugins/jobs/update.js +8 -2
  5. package/plugins/pipelines/remove.js +17 -14
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "screwdriver-api",
3
- "version": "8.0.116",
3
+ "version": "8.0.117",
4
4
  "description": "API server for the Screwdriver.cd service",
5
5
  "main": "index.js",
6
6
  "scripts": {
package/plugins/events/stopBuilds.js CHANGED
@@ -49,21 +49,24 @@ module.exports = () => ({
49
49
 
50
50
  // Check permissions
51
51
  let permissions;
52
+ const adminDetails = request.server.plugins.banners.screwdriverAdminDetails(
53
+ username,
54
+ scmContext,
55
+ scmUserId
56
+ );
52
57
 
53
58
  try {
54
59
  permissions = await user.getPermissions(pipeline.scmUri);
55
60
  } catch (err) {
56
- if (err.statusCode === 403 && pipeline.scmRepo && pipeline.scmRepo.private) {
57
- throw boom.notFound();
61
+ // Screwdriver admin can stop all events
62
+ if (!adminDetails.isAdmin) {
63
+ if (err.statusCode === 403 && pipeline.scmRepo && pipeline.scmRepo.private) {
64
+ throw boom.notFound();
65
+ }
66
+ throw boom.boomify(err, { statusCode: err.statusCode });
58
67
  }
59
- throw boom.boomify(err, { statusCode: err.statusCode });
60
68
  }
61
69
 
62
- const adminDetails = request.server.plugins.banners.screwdriverAdminDetails(
63
- username,
64
- scmContext,
65
- scmUserId
66
- );
67
70
  const isPrOwner = hoek.reach(event, 'commit.author.username') === username;
68
71
 
69
72
  // PR author should be able to stop their own PR event
package/plugins/helper.js CHANGED
@@ -48,13 +48,17 @@ async function getUserPermissions({ user, scmUri, level = 'admin', isAdmin = fal
48
48
  // Check if user has push access or is a Screwdriver admin
49
49
  let permissions;
50
50
 
51
+ if (isAdmin) {
52
+ return null;
53
+ }
54
+
51
55
  try {
52
56
  permissions = await user.getPermissions(scmUri);
53
57
  } catch (err) {
54
58
  permissions = null;
55
59
  }
56
60
 
57
- if (!permissions || (!permissions[level] && !isAdmin)) {
61
+ if (!permissions || !permissions[level]) {
58
62
  throw boom.forbidden(`User ${user.getFullDisplayName()} does not have ${level} permission for this repo`);
59
63
  }
60
64
 
package/plugins/jobs/update.js CHANGED
@@ -21,7 +21,7 @@ module.exports = () => ({
21
21
  handler: async (request, h) => {
22
22
  const { jobFactory, pipelineFactory, userFactory } = request.server.app;
23
23
  const { id } = request.params;
24
- const { username, scmContext } = request.auth.credentials;
24
+ const { username, scmContext, scmUserId } = request.auth.credentials;
25
25
  const { isValidToken } = request.server.plugins.pipelines;
26
26
 
27
27
  const job = await jobFactory.get(id);
@@ -51,7 +51,13 @@ module.exports = () => ({
51
51
  const scmUri = await getScmUri({ pipeline, pipelineFactory });
52
52
 
53
53
  // Check the user's permission
54
- await getUserPermissions({ user, scmUri, level: 'push' });
54
+ const adminDetails = request.server.plugins.banners.screwdriverAdminDetails(
55
+ username,
56
+ scmContext,
57
+ scmUserId
58
+ );
59
+
60
+ await getUserPermissions({ user, scmUri, level: 'push', isAdmin: adminDetails.isAdmin });
55
61
 
56
62
  Object.keys(request.payload).forEach(key => {
57
63
  job[key] = request.payload[key];
package/plugins/pipelines/remove.js CHANGED
@@ -32,16 +32,27 @@ module.exports = () => ({
32
32
  if (pipeline.state === 'DELETING') {
33
33
  throw boom.conflict('This pipeline is already being deleted.');
34
34
  }
35
- if (pipeline.configPipelineId && pipeline.state !== 'INACTIVE') {
36
- throw boom.forbidden(
37
- 'Child pipeline can only be removed' +
38
- ` after removing it from scmUrls in config pipeline ${pipeline.configPipelineId}`
39
- );
40
- }
41
35
  if (!user) {
42
36
  throw boom.notFound(`User ${username} does not exist`);
43
37
  }
44
38
 
39
+ const scmDisplayName = bannerFactory.scm.getDisplayName({ scmContext });
40
+ // Lookup whether user is admin
41
+ const adminDetails = request.server.plugins.banners.screwdriverAdminDetails(
42
+ username,
43
+ scmDisplayName,
44
+ scmUserId
45
+ );
46
+
47
+ if (pipeline.configPipelineId && pipeline.state !== 'INACTIVE') {
48
+ if (!adminDetails.isAdmin) {
49
+ throw boom.forbidden(
50
+ 'Child pipeline can only be removed' +
51
+ ` after removing it from scmUrls in config pipeline ${pipeline.configPipelineId}`
52
+ );
53
+ }
54
+ }
55
+
45
56
  // ask the user for permissions on this repo
46
57
  return (
47
58
  user
@@ -55,14 +66,6 @@ module.exports = () => ({
55
66
  }
56
67
  })
57
68
  .catch(error => {
58
- const scmDisplayName = bannerFactory.scm.getDisplayName({ scmContext });
59
- // Lookup whether user is admin
60
- const adminDetails = request.server.plugins.banners.screwdriverAdminDetails(
61
- username,
62
- scmDisplayName,
63
- scmUserId
64
- );
65
-
66
69
  // Allow cluster admins to remove pipeline
67
70
  if (adminDetails.isAdmin) {
68
71
  return Promise.resolve(null);