diff --git a/src/lib/Hydra/Controller/JobsetEval.pm b/src/lib/Hydra/Controller/JobsetEval.pm index 8593091d..21e3f731 100644 --- a/src/lib/Hydra/Controller/JobsetEval.pm +++ b/src/lib/Hydra/Controller/JobsetEval.pm @@ -188,7 +188,7 @@ sub cancel : Chained('evalChain') PathPart('cancel') Args(0) { sub restart { my ($self, $c, $condition) = @_; - requireProjectOwner($c, $c->stash->{eval}->project); + requireRestartPrivileges($c, $c->stash->{eval}->project); my $builds = $c->stash->{eval}->builds->search({ finished => 1, buildstatus => $condition }); my $n = restartBuilds($c->model('DB')->schema, $builds); $c->flash->{successMsg} = "$n builds have been restarted."; diff --git a/src/lib/Hydra/Helper/CatalystUtils.pm b/src/lib/Hydra/Helper/CatalystUtils.pm index 76fa6a7d..a6401676 100644 --- a/src/lib/Hydra/Helper/CatalystUtils.pm +++ b/src/lib/Hydra/Helper/CatalystUtils.pm @@ -12,7 +12,7 @@ our @EXPORT = qw( getBuild getPreviousBuild getNextBuild getPreviousSuccessfulBuild searchBuildsAndEvalsForJobset error notFound gone accessDenied - forceLogin requireUser requireProjectOwner requireAdmin requirePost isAdmin isProjectOwner + forceLogin requireUser requireProjectOwner requireRestartPrivileges requireAdmin requirePost isAdmin isProjectOwner trim getLatestFinishedEval getFirstEval paramToList @@ -172,7 +172,6 @@ sub requireUser { forceLogin($c) if !$c->user_exists; } - sub isProjectOwner { my ($c, $project) = @_; return @@ -182,6 +181,26 @@ sub isProjectOwner { defined $c->model('DB::ProjectMembers')->find({ project => $project, userName => $c->user->username })); } +sub hasRestartJobsRole { + my ($c) = @_; + return $c->user_exists && $c->check_user_roles('restart-jobs'); +} + +sub mayRestartJobs { + my ($c, $project) = @_; + return + $c->user_exists && + (isAdmin($c) || + hasRestartJobsRole($c) || + isProjectOwner($c, $project)); +} + +sub requireRestartPrivileges { + my ($c, $project) = @_; + requireUser($c); + accessDenied($c, "Only the project members, administrators, and accounts with restart-jobs privileges can perform this operation.") + unless mayRestartJobs($c, $project); +} sub requireProjectOwner { my ($c, $project) = @_; @@ -196,7 +215,6 @@ sub isAdmin { return $c->user_exists && $c->check_user_roles('admin'); } - sub requireAdmin { my ($c) = @_; requireUser($c); diff --git a/src/root/user.tt b/src/root/user.tt index ba765983..e95ee689 100644 --- a/src/root/user.tt +++ b/src/root/user.tt @@ -80,6 +80,7 @@