Commit c585004b authored by Alexis Reigel's avatar Alexis Reigel

restrict projects ci controller to project runners

parent 9bed8de9
......@@ -68,8 +68,13 @@ module Projects
def define_runners_variables
@project_runners = @project.runners.ordered
@assignable_runners = current_user.ci_authorized_runners
.assignable_for(project).ordered.page(params[:page]).per(20)
@assignable_runners = current_user
.ci_authorized_runners
.assignable_for(project)
.ordered
.belonging_to_any_project
.page(params[:page]).per(20)
@shared_runners = ::Ci::Runner.shared.active
@shared_runners_count = @shared_runners.count(:all)
......
......@@ -27,9 +27,13 @@ module Ci
scope :paused, -> { where(active: false) }
scope :online, -> { where('contacted_at > ?', contact_time_deadline) }
scope :ordered, -> { order(id: :desc) }
scope :belonging_to_project, -> (project_id) {
joins(:runner_projects).where(ci_runner_projects: { project_id: project_id })
}
scope :belonging_to_any_project, -> { joins(:runner_projects) }
scope :belonging_to_group, -> (project_id) {
project_groups = ::Group.joins(:projects).where(projects: { id: project_id })
hierarchy_groups = Gitlab::GroupHierarchy.new(project_groups).base_and_ancestors
......@@ -46,7 +50,8 @@ module Ci
# FIXME: That `to_sql` is needed to workaround a weird Rails bug.
# Without that, placeholders would miss one and couldn't match.
where(locked: false)
.where.not("id IN (#{project.runners.select(:id).to_sql})").specific
.where.not("ci_runners.id IN (#{project.runners.select(:id).to_sql})")
.specific
end
validate :tag_constraints
......
......@@ -17,6 +17,17 @@ describe Projects::Settings::CiCdController do
expect(response).to have_gitlab_http_status(200)
expect(response).to render_template(:show)
end
it 'sets assignable project runners' do
group = create(:group, runners: [create(:ci_runner)], parent: create(:group))
group.add_master(user)
project_runner = create(:ci_runner, projects: [create(:project, group: group)])
create(:ci_runner, :shared)
get :show, namespace_id: project.namespace, project_id: project
expect(assigns(:assignable_runners)).to eq [project_runner]
end
end
describe '#reset_cache' do
......
......@@ -136,6 +136,21 @@ describe Ci::Runner do
end
end
describe '.belonging_to_any_project' do
it 'returns the specific project runner' do
# project
project_project = create :project
project_runner = create :ci_runner, :specific, projects: [project_project]
# group
group = create :group
create :project, group: group
create :ci_runner, :specific, groups: [group]
expect(described_class.belonging_to_any_project).to eq [project_runner]
end
end
describe '.belonging_to_group' do
it 'returns the specific group runner' do
# own
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment