travis-api/lib/travis/api/v3/access_control/user.rb at c6ee79735ea8980da19e27bc48f579bb0010042c · travis-ci/travis-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
require 'travis/api/v3/access_control/generic'

module Travis::API::V3
  class AccessControl::User < AccessControl::Generic
    attr_reader :user, :access_permissions, :token

    def initialize(user)
      user                = Models::User.find(user.id) if user.is_a? ::User
      @user               = user
      user.touch()
      @access_permissions = user.permissions.where(user_id: user.id)
      super()
    end

    def logged_in?
      true
    end

    def admin_for(repository)
      permission?(:admin, repository) ? user : super
    end

    def visible_repositories(list, repository_id = nil)
      if repository_id
        if private_access_repository_ids.include?(repository_id)
          list.where('repositories.id = ?', repository_id)
        else
          list.where('repositories.private = false')
        end
      else
        list.where('repositories.private = false OR repositories.id IN (?)'.freeze, private_access_repository_ids)
      end
    end

    protected

    def private_access_repository_ids
      @private_access_repository_ids ||= access_permissions.map(&:repository_id)
    end

    def build_cancelable?(build)
      permission?(:pull, build.repository)
    end

    def build_restartable?(build)
      permission?(:pull, build.repository)
    end

    def job_cancelable?(job)
      permission?(:pull, job.repository)
    end

    def job_restartable?(job)
      permission?(:pull, job.repository)
    end

    def repository_adminable?(repository)
      permission?(:admin, repository)
    end

    def repository_starable?(repository)
      permission?(:pull, repository)
    end

    def organization_visible?(organization)
      super or organization_writable?(organization)
    end

    def organization_writable?(organization)
      organization.members.include? user
    end

    def user_writable?(user)
      user == self.user
    end

    def repository_writable?(repository)
      permission?(:push, repository)
    end

    def private_repository_visible?(repository)
      permission?(:pull, repository)
    end

    def permission?(type, id)
      id = id.id if id.is_a? ::Repository
      access_permissions.where(type => true, :repository_id => id).any?
    end

    private

    def visible_objects(list, repository_id, factory)
      if repository_id
        if private_access_repository_ids.include?(repository_id)
          list.where("#{factory.table_name}.repository_id = ?", repository_id)
        else
          list.where("#{factory.table_name}.private = false")
        end
      else
        list.where("#{factory.table_name}.private = false OR #{factory.table_name}.repository_id IN (?)", private_access_repository_ids)
      end
    end
  end
end