From 45f205a2dc20bd9444e6deede920e36aa5830bc2 Mon Sep 17 00:00:00 2001 From: Alexis Reigel Date: Tue, 19 Dec 2017 16:40:19 +0100 Subject: restrict projects ci controller to project runners --- app/controllers/projects/settings/ci_cd_controller.rb | 8 ++++++-- app/models/ci/runner.rb | 7 ++++++- .../projects/settings/ci_cd_controller_spec.rb | 11 +++++++++++ spec/models/ci/runner_spec.rb | 15 +++++++++++++++ 4 files changed, 38 insertions(+), 3 deletions(-) diff --git a/app/controllers/projects/settings/ci_cd_controller.rb b/app/controllers/projects/settings/ci_cd_controller.rb index 32c76502877..0296f32ab8a 100644 --- a/app/controllers/projects/settings/ci_cd_controller.rb +++ b/app/controllers/projects/settings/ci_cd_controller.rb @@ -26,8 +26,12 @@ module Projects def define_runners_variables @project_runners = @project.runners.ordered - @assignable_runners = current_user.ci_authorized_runners - .assignable_for(project).ordered.page(params[:page]).per(20) + @assignable_runners = current_user + .ci_authorized_runners + .assignable_for(project) + .ordered + .belonging_to_any_project + .page(params[:page]).per(20) @shared_runners = Ci::Runner.shared.active @shared_runners_count = @shared_runners.count(:all) diff --git a/app/models/ci/runner.rb b/app/models/ci/runner.rb index e83061d40f5..f06f44d236d 100644 --- a/app/models/ci/runner.rb +++ b/app/models/ci/runner.rb @@ -26,9 +26,13 @@ module Ci scope :paused, -> { where(active: false) } scope :online, -> { where('contacted_at > ?', contact_time_deadline) } scope :ordered, -> { order(id: :desc) } + scope :belonging_to_project, -> (project_id) { joins(:runner_projects).where(ci_runner_projects: { project_id: project_id }) } + + scope :belonging_to_any_project, -> { joins(:runner_projects) } + scope :belonging_to_group, -> (project_id) { project_groups = Group.joins(:projects).where(projects: { id: project_id }) hierarchy_groups = Gitlab::GroupHierarchy.new(project_groups).base_and_ancestors @@ -45,7 +49,8 @@ module Ci # FIXME: That `to_sql` is needed to workaround a weird Rails bug. # Without that, placeholders would miss one and couldn't match. where(locked: false) - .where.not("id IN (#{project.runners.select(:id).to_sql})").specific + .where.not("ci_runners.id IN (#{project.runners.select(:id).to_sql})") + .specific end validate :tag_constraints diff --git a/spec/controllers/projects/settings/ci_cd_controller_spec.rb b/spec/controllers/projects/settings/ci_cd_controller_spec.rb index 0202149f335..75b16543d68 100644 --- a/spec/controllers/projects/settings/ci_cd_controller_spec.rb +++ b/spec/controllers/projects/settings/ci_cd_controller_spec.rb @@ -16,6 +16,17 @@ describe Projects::Settings::CiCdController do expect(response).to have_gitlab_http_status(200) expect(response).to render_template(:show) end + + it 'sets assignable project runners' do + group = create(:group, runners: [create(:ci_runner)], parent: create(:group)) + group.add_master(user) + project_runner = create(:ci_runner, projects: [create(:project, group: group)]) + create(:ci_runner, :shared) + + get :show, namespace_id: project.namespace, project_id: project + + expect(assigns(:assignable_runners)).to eq [project_runner] + end end describe '#reset_cache' do diff --git a/spec/models/ci/runner_spec.rb b/spec/models/ci/runner_spec.rb index 512a490d289..3e85e3c92e3 100644 --- a/spec/models/ci/runner_spec.rb +++ b/spec/models/ci/runner_spec.rb @@ -136,6 +136,21 @@ describe Ci::Runner do end end + describe '.belonging_to_any_project' do + it 'returns the specific project runner' do + # project + project_project = create :project + project_runner = create :ci_runner, :specific, projects: [project_project] + + # group + group = create :group + create :project, group: group + create :ci_runner, :specific, groups: [group] + + expect(described_class.belonging_to_any_project).to eq [project_runner] + end + end + describe '.belonging_to_group' do it 'returns the specific group runner' do # own -- cgit v1.2.1