Fix an issue which the pipeline owner cannot approve his pipeline
Signed-off-by: rick <rick@jenkins-zh.cn>
This commit is contained in:
rick
@@ -26,6 +26,7 @@ import (
|
||||
"kubesphere.io/kubesphere/pkg/api"
|
||||
iamv1alpha2 "kubesphere.io/kubesphere/pkg/apis/iam/v1alpha2"
|
||||
"kubesphere.io/kubesphere/pkg/apiserver/request"
|
||||
"kubesphere.io/kubesphere/pkg/constants"
|
||||
"kubesphere.io/kubesphere/pkg/models/devops"
|
||||
clientDevOps "kubesphere.io/kubesphere/pkg/simple/client/devops"
|
||||
"net/http"
|
||||
@@ -229,6 +230,17 @@ func (h *ProjectPipelineHandler) approvableCheck(nodes []clientDevOps.NodesDetai
|
||||
}
|
||||
}
|
||||
|
||||
func (h *ProjectPipelineHandler) createdBy(projectName string, pipelineName string, currentUserName string) bool {
|
||||
if pipeline, err := h.devopsOperator.GetPipelineObj(projectName, pipelineName); err == nil {
|
||||
if creator, ok := pipeline.Annotations[constants.CreatorAnnotationKey]; ok {
|
||||
return creator == currentUserName
|
||||
}
|
||||
} else {
|
||||
log.Error(fmt.Sprintf("cannot get pipeline %s/%s, error %#v", projectName, pipelineName, err))
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func (h *ProjectPipelineHandler) getCurrentUser(req *restful.Request) (username, roleName string) {
|
||||
var userInfo user.Info
|
||||
var ok bool
|
||||
@@ -247,8 +259,10 @@ func (h *ProjectPipelineHandler) getCurrentUser(req *restful.Request) (username,
|
||||
|
||||
func (h *ProjectPipelineHandler) hasSubmitPermission(req *restful.Request) (hasPermit bool, err error) {
|
||||
currentUserName, roleName := h.getCurrentUser(req)
|
||||
// check if current user belong to the admin group, grant it if it's true
|
||||
if roleName == iamv1alpha2.PlatformAdmin {
|
||||
projectName := req.PathParameter("devops")
|
||||
pipelineName := req.PathParameter("pipeline")
|
||||
// check if current user belong to the admin group or he's the owner, grant it if it's true
|
||||
if roleName == iamv1alpha2.PlatformAdmin || h.createdBy(projectName, pipelineName, currentUserName) {
|
||||
hasPermit = true
|
||||
return
|
||||
}
|
||||
@@ -261,8 +275,6 @@ func (h *ProjectPipelineHandler) hasSubmitPermission(req *restful.Request) (hasP
|
||||
PostForm: req.Request.PostForm,
|
||||
}
|
||||
|
||||
projectName := req.PathParameter("devops")
|
||||
pipelineName := req.PathParameter("pipeline")
|
||||
runId := req.PathParameter("run")
|
||||
nodeId := req.PathParameter("node")
|
||||
stepId := req.PathParameter("step")
|
||||
|
||||
@@ -36,9 +36,9 @@ type PipelineSonarHandler struct {
|
||||
pipelineSonarGetter devops.PipelineSonarGetter
|
||||
}
|
||||
|
||||
func NewProjectPipelineHandler(devopsClient devopsClient.Interface, amInterface am.AccessManagementInterface) ProjectPipelineHandler {
|
||||
func NewProjectPipelineHandler(devopsClient devopsClient.Interface, ksInformers externalversions.SharedInformerFactory, amInterface am.AccessManagementInterface) ProjectPipelineHandler {
|
||||
return ProjectPipelineHandler{
|
||||
devopsOperator: devops.NewDevopsOperator(devopsClient, nil, nil, nil, nil),
|
||||
devopsOperator: devops.NewDevopsOperator(devopsClient, nil, nil, ksInformers, nil),
|
||||
projectCredentialGetter: devops.NewProjectCredentialOperator(devopsClient),
|
||||
amInterface: amInterface,
|
||||
}
|
||||
|
||||
@@ -50,7 +50,7 @@ var GroupVersion = schema.GroupVersion{Group: GroupName, Version: "v1alpha2"}
|
||||
func AddToContainer(container *restful.Container, ksInformers externalversions.SharedInformerFactory, devopsClient devops.Interface, sonarqubeClient sonarqube.SonarInterface, ksClient versioned.Interface, s3Client s3.Interface, endpoint string, amInterface am.AccessManagementInterface) error {
|
||||
ws := runtime.NewWebService(GroupVersion)
|
||||
|
||||
err := AddPipelineToWebService(ws, devopsClient, amInterface)
|
||||
err := AddPipelineToWebService(ws, devopsClient, ksInformers, amInterface)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
@@ -75,12 +75,12 @@ func AddToContainer(container *restful.Container, ksInformers externalversions.S
|
||||
return nil
|
||||
}
|
||||
|
||||
func AddPipelineToWebService(webservice *restful.WebService, devopsClient devops.Interface, amInterface am.AccessManagementInterface) error {
|
||||
func AddPipelineToWebService(webservice *restful.WebService, devopsClient devops.Interface, ksInformers externalversions.SharedInformerFactory, amInterface am.AccessManagementInterface) error {
|
||||
|
||||
projectPipelineEnable := devopsClient != nil
|
||||
|
||||
if projectPipelineEnable {
|
||||
projectPipelineHandler := NewProjectPipelineHandler(devopsClient, amInterface)
|
||||
projectPipelineHandler := NewProjectPipelineHandler(devopsClient, ksInformers, amInterface)
|
||||
|
||||
webservice.Route(webservice.GET("/devops/{devops}/credentials/{credential}/usage").
|
||||
To(projectPipelineHandler.GetProjectCredentialUsage).
|
||||
|
||||
Reference in New Issue
Block a user