Commit f596700d authored by Alex Pooley's avatar Alex Pooley

Merge branch 'allowlist_user_owns_runner_callsite' into 'master'

Allow user owns_runner? callsite

See merge request gitlab-org/gitlab!69527
parents e27b0ea9 00ab8d72
...@@ -1613,6 +1613,8 @@ class User < ApplicationRecord ...@@ -1613,6 +1613,8 @@ class User < ApplicationRecord
true true
end end
# TODO Please check all callers and remove allow_cross_joins_across_databases,
# when https://gitlab.com/gitlab-org/gitlab/-/issues/336436 is done.
def ci_owned_runners def ci_owned_runners
@ci_owned_runners ||= begin @ci_owned_runners ||= begin
project_runners = Ci::RunnerProject project_runners = Ci::RunnerProject
...@@ -1629,6 +1631,12 @@ class User < ApplicationRecord ...@@ -1629,6 +1631,12 @@ class User < ApplicationRecord
end end
end end
def owns_runner?(runner)
::Gitlab::Database.allow_cross_joins_across_databases(url: 'https://gitlab.com/gitlab-org/gitlab/-/issues/336436') do
ci_owned_runners.exists?(runner.id)
end
end
def notification_email_for(notification_group) def notification_email_for(notification_group)
# Return group-specific email address if present, otherwise return global notification email address # Return group-specific email address if present, otherwise return global notification email address
notification_group&.notification_email_for(self) || notification_email notification_group&.notification_email_for(self) || notification_email
......
...@@ -5,9 +5,9 @@ module Ci ...@@ -5,9 +5,9 @@ module Ci
with_options scope: :subject, score: 0 with_options scope: :subject, score: 0
condition(:locked, scope: :subject) { @subject.locked? } condition(:locked, scope: :subject) { @subject.locked? }
# rubocop: disable CodeReuse/ActiveRecord condition(:owned_runner) do
condition(:owned_runner) { @user.ci_owned_runners.exists?(@subject.id) } @user.owns_runner?(@subject)
# rubocop: enable CodeReuse/ActiveRecord end
rule { anonymous }.prevent_all rule { anonymous }.prevent_all
......
...@@ -3635,6 +3635,11 @@ RSpec.describe User do ...@@ -3635,6 +3635,11 @@ RSpec.describe User do
it 'loads all the runners in the tree of groups' do it 'loads all the runners in the tree of groups' do
expect(user.ci_owned_runners).to contain_exactly(runner, group_runner) expect(user.ci_owned_runners).to contain_exactly(runner, group_runner)
end end
it 'returns true for owns_runner?' do
expect(user.owns_runner?(runner)).to eq(true)
expect(user.owns_runner?(group_runner)).to eq(true)
end
end end
end end
...@@ -3647,6 +3652,10 @@ RSpec.describe User do ...@@ -3647,6 +3652,10 @@ RSpec.describe User do
it 'loads the runners in the group' do it 'loads the runners in the group' do
expect(user.ci_owned_runners).to contain_exactly(group_runner) expect(user.ci_owned_runners).to contain_exactly(group_runner)
end end
it 'returns true for owns_runner?' do
expect(user.owns_runner?(group_runner)).to eq(true)
end
end end
end end
...@@ -3655,6 +3664,10 @@ RSpec.describe User do ...@@ -3655,6 +3664,10 @@ RSpec.describe User do
it 'loads the runner belonging to the project' do it 'loads the runner belonging to the project' do
expect(user.ci_owned_runners).to contain_exactly(runner) expect(user.ci_owned_runners).to contain_exactly(runner)
end end
it 'returns true for owns_runner?' do
expect(user.owns_runner?(runner)).to eq(true)
end
end end
end end
...@@ -3667,6 +3680,10 @@ RSpec.describe User do ...@@ -3667,6 +3680,10 @@ RSpec.describe User do
it 'loads the runners of the project' do it 'loads the runners of the project' do
expect(user.ci_owned_runners).to contain_exactly(project_runner) expect(user.ci_owned_runners).to contain_exactly(project_runner)
end end
it 'returns true for owns_runner?' do
expect(user.owns_runner?(project_runner)).to eq(true)
end
end end
context 'when the user is a developer' do context 'when the user is a developer' do
...@@ -3677,6 +3694,10 @@ RSpec.describe User do ...@@ -3677,6 +3694,10 @@ RSpec.describe User do
it 'does not load any runner' do it 'does not load any runner' do
expect(user.ci_owned_runners).to be_empty expect(user.ci_owned_runners).to be_empty
end end
it 'returns false for owns_runner?' do
expect(user.owns_runner?(project_runner)).to eq(false)
end
end end
context 'when the user is a reporter' do context 'when the user is a reporter' do
...@@ -3687,6 +3708,10 @@ RSpec.describe User do ...@@ -3687,6 +3708,10 @@ RSpec.describe User do
it 'does not load any runner' do it 'does not load any runner' do
expect(user.ci_owned_runners).to be_empty expect(user.ci_owned_runners).to be_empty
end end
it 'returns false for owns_runner?' do
expect(user.owns_runner?(project_runner)).to eq(false)
end
end end
context 'when the user is a guest' do context 'when the user is a guest' do
...@@ -3697,6 +3722,10 @@ RSpec.describe User do ...@@ -3697,6 +3722,10 @@ RSpec.describe User do
it 'does not load any runner' do it 'does not load any runner' do
expect(user.ci_owned_runners).to be_empty expect(user.ci_owned_runners).to be_empty
end end
it 'returns false for owns_runner?' do
expect(user.owns_runner?(project_runner)).to eq(false)
end
end end
end end
...@@ -3709,6 +3738,10 @@ RSpec.describe User do ...@@ -3709,6 +3738,10 @@ RSpec.describe User do
it 'does not load the runners of the group' do it 'does not load the runners of the group' do
expect(user.ci_owned_runners).to be_empty expect(user.ci_owned_runners).to be_empty
end end
it 'returns false for owns_runner?' do
expect(user.owns_runner?(runner)).to eq(false)
end
end end
context 'when the user is a developer' do context 'when the user is a developer' do
...@@ -3719,6 +3752,10 @@ RSpec.describe User do ...@@ -3719,6 +3752,10 @@ RSpec.describe User do
it 'does not load any runner' do it 'does not load any runner' do
expect(user.ci_owned_runners).to be_empty expect(user.ci_owned_runners).to be_empty
end end
it 'returns false for owns_runner?' do
expect(user.owns_runner?(runner)).to eq(false)
end
end end
context 'when the user is a reporter' do context 'when the user is a reporter' do
...@@ -3729,6 +3766,10 @@ RSpec.describe User do ...@@ -3729,6 +3766,10 @@ RSpec.describe User do
it 'does not load any runner' do it 'does not load any runner' do
expect(user.ci_owned_runners).to be_empty expect(user.ci_owned_runners).to be_empty
end end
it 'returns false for owns_runner?' do
expect(user.owns_runner?(runner)).to eq(false)
end
end end
context 'when the user is a guest' do context 'when the user is a guest' do
...@@ -3739,6 +3780,10 @@ RSpec.describe User do ...@@ -3739,6 +3780,10 @@ RSpec.describe User do
it 'does not load any runner' do it 'does not load any runner' do
expect(user.ci_owned_runners).to be_empty expect(user.ci_owned_runners).to be_empty
end end
it 'returns false for owns_runner?' do
expect(user.owns_runner?(runner)).to eq(false)
end
end end
end end
...@@ -3746,6 +3791,10 @@ RSpec.describe User do ...@@ -3746,6 +3791,10 @@ RSpec.describe User do
it 'does not load any runner' do it 'does not load any runner' do
expect(user.ci_owned_runners).to be_empty expect(user.ci_owned_runners).to be_empty
end end
it 'returns false for owns_runner?' do
expect(user.owns_runner?(create(:ci_runner))).to eq(false)
end
end end
context 'with runner in a personal project' do context 'with runner in a personal project' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment