From: Michael Tremer <michael.tremer@ipfire.org>
Date: Thu, 6 Oct 2022 09:55:34 +0000 (+0000)
Subject: builders: Introduce permission model
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0f53ecdfdd55cf3821d357592fc40d36e7464b40;p=pbs.git

builders: Introduce permission model

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/src/buildservice/builders.py b/src/buildservice/builders.py
index 7027533a..032f5d49 100644
--- a/src/buildservice/builders.py
+++ b/src/buildservice/builders.py
@@ -385,6 +385,16 @@ class Builder(base.DataObject):
 
 	enabled = property(lambda s: s.data.enabled, set_enabled)
 
+	# Permissions
+
+	def has_perm(self, user):
+		# Anonymous users have no permissions
+		if not user:
+			return False
+
+		# Admins have all permissions
+		return user.is_admin()
+
 	@property
 	def arch(self):
 		"""
diff --git a/src/templates/builders/detail.html b/src/templates/builders/detail.html
index b51d0564..f829b4e7 100644
--- a/src/templates/builders/detail.html
+++ b/src/templates/builders/detail.html
@@ -86,7 +86,7 @@
 		</div>
 	</div>
 
-	{% if current_user and current_user.has_perm("builders") %}
+	{% if builder.has_perm(current_user) %}
 		<a class="warning button expanded" href="/builders/{{ builder.hostname }}/edit">
 			{{ _("Edit") }}
 		</a>
diff --git a/src/web/builders.py b/src/web/builders.py
index dd74c6e7..c3654e4a 100644
--- a/src/web/builders.py
+++ b/src/web/builders.py
@@ -27,7 +27,8 @@ class BuilderNewHandler(base.BaseHandler):
 
 	@tornado.web.authenticated
 	def post(self):
-		if not self.current_user.has_perm("maintain_builders"):
+		# Check permissions
+		if not builder.has_perm(self.current_user):
 			raise tornado.web.HTTPError(403)
 
 		name = self.get_argument("name")
@@ -54,8 +55,8 @@ class BuilderEditHandler(base.BaseHandler):
 		if not builder:
 			raise tornado.web.HTTPError(404, "Builder not found: %s" % hostname)
 
-		# Check for sufficient right to edit things.
-		if not self.current_user.has_perm("builders"):
+		# Check permissions
+		if not builder.has_perm(self.current_user):
 			raise tornado.web.HTTPError(403)
 
 		with self.db.transaction():
@@ -73,8 +74,8 @@ class BuilderDeleteHandler(base.BaseHandler):
 		if not builder:
 			raise tornado.web.HTTPError(404, "Builder not found: %s" % name)
 
-		# Check for sufficient right to delete this builder.
-		if not self.current_user.has_perm("builders"):
+		# Check permissions
+		if not builder.has_perm(self.current_user):
 			raise tornado.web.HTTPError(403)
 
 		confirmed = self.get_argument("confirmed", None)