From b7b3751d431c587169a34fd894efdb07b959f611 Mon Sep 17 00:00:00 2001 From: Jasder <2053003901@@qq.com> Date: Wed, 22 Jul 2020 15:16:01 +0800 Subject: [PATCH] ADD devops authorize --- app/controllers/application_controller.rb | 10 ++++++++-- app/controllers/dev_ops/builds_controller.rb | 1 + .../dev_ops/cloud_accounts_controller.rb | 16 +++++++--------- 3 files changed, 16 insertions(+), 11 deletions(-) diff --git a/app/controllers/application_controller.rb b/app/controllers/application_controller.rb index 68f0b2a48..e97c8ec08 100644 --- a/app/controllers/application_controller.rb +++ b/app/controllers/application_controller.rb @@ -342,7 +342,8 @@ class ApplicationController < ActionController::Base elsif params[:debug] == 'student' User.current = User.find 8686 elsif params[:debug] == 'admin' - user = User.find 1 + logger.info "@@@@@@@@@@@@@@@@@@@@@@ debug mode....." + user = User.find 36480 User.current = user cookies.signed[:user_id] = user.id end @@ -384,7 +385,7 @@ class ApplicationController < ActionController::Base def current_user if Rails.env.development? - User.current = User.find 1 + User.current = User.find 36480 else User.current end @@ -743,6 +744,11 @@ class ApplicationController < ActionController::Base interactor.success? ? render_ok : render_error(interactor.error) end + # devops 权限验证 + def devops_authorize! + render_forbidden unless @project.owner?(current_user) + end + private def object_not_found uid_logger("Missing template or cant't find record, responding with 404") diff --git a/app/controllers/dev_ops/builds_controller.rb b/app/controllers/dev_ops/builds_controller.rb index 72943d7e7..2c419ea7d 100644 --- a/app/controllers/dev_ops/builds_controller.rb +++ b/app/controllers/dev_ops/builds_controller.rb @@ -3,6 +3,7 @@ class DevOps::BuildsController < ApplicationController before_action :require_login before_action :find_project + before_action :devops_authorize! def index cloud_account = @project.dev_ops_cloud_account diff --git a/app/controllers/dev_ops/cloud_accounts_controller.rb b/app/controllers/dev_ops/cloud_accounts_controller.rb index c7c445d88..10cd67bbd 100644 --- a/app/controllers/dev_ops/cloud_accounts_controller.rb +++ b/app/controllers/dev_ops/cloud_accounts_controller.rb @@ -1,19 +1,14 @@ class DevOps::CloudAccountsController < ApplicationController before_action :require_login before_action :find_project + before_action :devops_authorize! def create ActiveRecord::Base.transaction do DevOps::CreateCloudAccountForm.new(devops_params).validate! - logger.info "######### devops_params: #{devops_params}" - logger.info "######### ......: #{(IPAddr.new devops_params[:ip_num]).to_i}" - logger.info "######### ......: #{DevOps::CloudAccount.encrypted_secret(devops_params[:secret])}" + # 1. 保存华为云服务器帐号 - logger.info "######### ......ff: #{devops_params.merge(ip_num: IPAddr.new(devops_params[:ip_num]).to_i, secret: DevOps::CloudAccount.encrypted_secret(devops_params[:secret]))}" create_params = devops_params.merge(ip_num: IPAddr.new(devops_params[:ip_num]).to_i, secret: DevOps::CloudAccount.encrypted_secret(devops_params[:secret])) - logger.info "######### create_params: #{create_params}" - - if cloud_account = @project.dev_ops_cloud_account return render_error('该仓库已绑定了云帐号.') else @@ -37,6 +32,7 @@ class DevOps::CloudAccountsController < ApplicationController rpc_secret = SecureRandom.hex 16 logger.info "######### rpc_secret: #{rpc_secret}" + # 3. 创建drone server drone_server_cmd = DevOps::Drone::Server.new(oauth.client_id, oauth.client_secret, cloud_account.drone_host, rpc_secret).generate_cmd logger.info "######### drone_server_cmd: #{drone_server_cmd}" @@ -52,10 +48,12 @@ class DevOps::CloudAccountsController < ApplicationController redirect_url = "#{cloud_account.drone_url}/login" logger.info "######### redirect_url: #{redirect_url}" - if result + + if result && !result.blank? render_ok(redirect_url: redirect_url) else - render_error('激活失败') + render_error('激活失败, 请检查你的云服务器信息是否正确.') + raise ActiveRecord::Rollback end end rescue Exception => ex