You should add runners to project. WHen runner added -> deploy key for runner added to gitlab project

2 files changed, 8 insertions, 6 deletions

diff --git a/lib/api/builds.rb b/lib/api/builds.rb
index 094af15..75ae4e0 100644
--- a/lib/api/builds.rb
+++ b/lib/api/builds.rb
@@ -15,7 +15,7 @@ module API
         required_attributes! [:token]
 
         ActiveRecord::Base.transaction do
-          build = Build.pending.order('created_at ASC').first
+          build = Build.where(project_id: current_runner.projects).pending.order('created_at ASC').first
           not_found! and return unless build
 
           build.run!
@@ -32,10 +32,8 @@ module API
       # Example Request:
       #   PUT /builds/:id
       put ":id" do
-        build = Build.find(params[:id])
-        runner = Runner.find_by_token(params[:token])
-
-        build.update_attributes trace: params[:trace], runner_id: runner.id
+        build = Build.where(project_id: current_runner.projects).find(params[:id])
+        build.update_attributes(trace: params[:trace], runner_id: current_runner.id)
 
         case params[:state].to_s
         when 'success'
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 783a91a..f76b039 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -5,7 +5,11 @@ module API
     end
 
     def authenticate_runner!
-      forbidden! unless Runner.find_by_token(params[:token])
+      forbidden! unless current_runner
+    end
+
+    def current_runner
+      @runner ||= Runner.find_by_token(params[:token])
     end
 
     # Checks the occurrences of required attributes, each attribute must be present in the params hash