Merge pull request #3156 from LinuxSuRen/pipeline-approve

Restrict only specific users or admin can approve a pipeline

pkg/simple/client/devops/pipeline.go

@@ -17,9 +17,11 @@ limitations under the License.
 package devops
 
 import (
+	"fmt"
 	"io"
 	"net/http"
 	"net/url"
+	"strings"
 )
 
 type PipelineList struct {
@@ -979,6 +981,8 @@ type NodeSteps struct {
 	StartTime          string `json:"startTime,omitempty" description:"the time of starts"`
 	State              string `json:"state,omitempty" description:"run state. e.g. SKIPPED"`
 	Type               string `json:"type,omitempty" description:"type"`
+	// Approvable indicates if this step can be approved by current user
+	Approvable bool `json:"aprovable" description:"indicate if this step can be approved by current user"`
 }
 
 // CheckScriptCompile
@@ -1075,6 +1079,11 @@ type NodesDetail struct {
 	Steps              []NodeSteps   `json:"steps,omitempty" description:"steps"`
 }
 
+const (
+	// StatePaused indicates a node or a step was paused, for example it's waiting for an iput
+	StatePaused = "PAUSED"
+)
+
 type NodesStepsIndex struct {
 	Id    int         `json:"id,omitempty" description:"id"`
 	Steps []NodeSteps `json:"steps,omitempty" description:"steps"`
@@ -1095,6 +1104,37 @@ type Input struct {
 	Submitter  interface{}   `json:"submitter,omitempty" description:"check submitter"`
 }
 
+// GetSubmitters returns the all submitters related to this input
+func (i *Input) GetSubmitters() (submitters []string) {
+	if i.Submitter == nil {
+		return
+	}
+
+	submitterArray := strings.Split(fmt.Sprintf("%v", i.Submitter), ",")
+	submitters = make([]string, len(submitterArray))
+	for i, submitter := range submitterArray {
+		submitters[i] = strings.TrimSpace(submitter)
+	}
+	return
+}
+
+// Approvable returns the result if the given identify (username or group name) can approve this input
+func (i *Input) Approvable(identify string) (ok bool) {
+	submitters := i.GetSubmitters()
+
+	// it means anyone can approve this if there's no specific one
+	if len(submitters) == 0 {
+		ok = true
+	} else {
+		for _, submitter := range submitters {
+			if submitter == identify {
+				ok = true
+			}
+		}
+	}
+	return
+}
+
 type HttpParameters struct {
 	Method   string        `json:"method,omitempty"`
 	Header   http.Header   `json:"header,omitempty"`
@@ -1105,7 +1145,6 @@ type HttpParameters struct {
 }
 
 type PipelineOperator interface {
-
 	// Pipelinne operator interface
 	GetPipeline(projectName, pipelineName string, httpParameters *HttpParameters) (*Pipeline, error)
 	ListPipelines(httpParameters *HttpParameters) (*PipelineList, error)

pkg/simple/client/devops/pipeline_test.go

@@ -0,0 +1,34 @@
+package devops
+
+import (
+	"gotest.tools/assert"
+	"testing"
+)
+
+func TestGetSubmitters(t *testing.T) {
+	input := &Input{}
+	assert.Equal(t, len(input.GetSubmitters()), 0,
+		"errors happen when try to get submitters without any submitters")
+
+	input.Submitter = "a , b, c,d"
+	submitters := input.GetSubmitters()
+	assert.Equal(t, len(submitters), 4, "get incorrect number of submitters")
+	assert.DeepEqual(t, submitters, []string{"a", "b", "c", "d"})
+}
+
+func TestApprovable(t *testing.T) {
+	input := &Input{}
+
+	assert.Equal(t, input.Approvable(""), true, "should allow anyone to approve it if there's no submitter given")
+	assert.Equal(t, input.Approvable("fake"), true, "should allow anyone to approve it if there's no submitter given")
+
+	input.Submitter = "fake"
+	assert.Equal(t, input.Approvable(""), false, "should not approve by nobody if there's a particular submitter")
+	assert.Equal(t, input.Approvable("rick"), false, "should not approve by who is not the specific one")
+	assert.Equal(t, input.Approvable("fake"), true, "should be approvable")
+
+	input.Submitter = "fake, good ,bad"
+	assert.Equal(t, input.Approvable("fake"), true, "should be approvable")
+	assert.Equal(t, input.Approvable("good"), true, "should be approvable")
+	assert.Equal(t, input.Approvable("bad"), true, "should be approvable")
+}