|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
class ApprovalsDispatcher extends Dispatcher { |
|
|
|
|
|
|
4
|
|
|
|
|
5
|
|
|
const ACTION_APPROVALS = 'approvals'; |
|
6
|
|
|
|
|
7
|
|
|
const ALLOW_APPROVAL = 'ALLOW_APPROVAL'; |
|
8
|
|
|
|
|
9
|
|
|
const ALLOW_APPROVAL_BYPASS = 'ALLOW_APPROVAL_BYPASS'; |
|
10
|
|
|
|
|
11
|
|
|
/** |
|
12
|
|
|
* @var array |
|
13
|
|
|
*/ |
|
14
|
|
|
private static $allowed_actions = [ |
|
|
|
|
|
|
15
|
|
|
'submit', |
|
16
|
|
|
'cancel', |
|
17
|
|
|
'approve', |
|
18
|
|
|
'reject' |
|
19
|
|
|
]; |
|
20
|
|
|
|
|
21
|
|
|
private static $dependencies = [ |
|
22
|
|
|
'formatter' => '%$DeploynautAPIFormatter' |
|
23
|
|
|
]; |
|
24
|
|
|
|
|
25
|
|
|
/** |
|
26
|
|
|
* @var \DNProject |
|
27
|
|
|
*/ |
|
28
|
|
|
protected $project = null; |
|
29
|
|
|
|
|
30
|
|
|
/** |
|
31
|
|
|
* @var \DNEnvironment |
|
32
|
|
|
*/ |
|
33
|
|
|
protected $environment = null; |
|
34
|
|
|
|
|
35
|
|
|
/** |
|
36
|
|
|
* @var array |
|
37
|
|
|
*/ |
|
38
|
|
|
private static $action_types = [ |
|
|
|
|
|
|
39
|
|
|
self::ACTION_APPROVALS |
|
40
|
|
|
]; |
|
41
|
|
|
|
|
42
|
|
|
/** |
|
43
|
|
|
* @param \DNEnvironment $environment |
|
44
|
|
|
* @param \Member|null $member |
|
45
|
|
|
* @return bool |
|
46
|
|
|
*/ |
|
47
|
|
|
public static function can_approve(\DNEnvironment $environment, \Member $member = null) { |
|
48
|
|
|
if ($member === null) { |
|
49
|
|
|
$member = \Member::currentUser(); |
|
50
|
|
|
} |
|
51
|
|
|
return $environment->Project()->allowed(self::ALLOW_APPROVAL, $member); |
|
|
|
|
|
|
52
|
|
|
} |
|
53
|
|
|
|
|
54
|
|
|
/** |
|
55
|
|
|
* @param \DNEnvironment $environment |
|
56
|
|
|
* @param \Member|null $member |
|
57
|
|
|
* @return bool |
|
58
|
|
|
*/ |
|
59
|
|
|
public static function can_bypass_approval(\DNEnvironment $environment, \Member $member = null) { |
|
60
|
|
|
if ($member === null) { |
|
61
|
|
|
$member = \Member::currentUser(); |
|
62
|
|
|
} |
|
63
|
|
|
// special case for non-Production environments: users who can deploy are able to bypass approval. |
|
64
|
|
|
if ($environment->Usage !== \DNEnvironment::PRODUCTION && $environment->canDeploy($member)) { |
|
|
|
|
|
|
65
|
|
|
return true; |
|
66
|
|
|
} |
|
67
|
|
|
return $environment->Project()->allowed(self::ALLOW_APPROVAL_BYPASS, $member); |
|
|
|
|
|
|
68
|
|
|
} |
|
69
|
|
|
|
|
70
|
|
View Code Duplication |
public function init() { |
|
|
|
|
|
|
71
|
|
|
parent::init(); |
|
72
|
|
|
|
|
73
|
|
|
$this->project = $this->getCurrentProject(); |
|
74
|
|
|
if (!$this->project) { |
|
75
|
|
|
return $this->project404Response(); |
|
76
|
|
|
} |
|
77
|
|
|
|
|
78
|
|
|
// Performs canView permission check by limiting visible projects |
|
79
|
|
|
$this->environment = $this->getCurrentEnvironment($this->project); |
|
80
|
|
|
if (!$this->environment) { |
|
81
|
|
|
return $this->environment404Response(); |
|
82
|
|
|
} |
|
83
|
|
|
} |
|
84
|
|
|
|
|
85
|
|
|
/** |
|
86
|
|
|
* @param \SS_HTTPRequest $request |
|
87
|
|
|
* @return \SS_HTTPResponse |
|
88
|
|
|
*/ |
|
89
|
|
|
public function submit(\SS_HTTPRequest $request) { |
|
90
|
|
|
if ($request->httpMethod() !== 'POST') { |
|
91
|
|
|
return $this->getAPIResponse(['message' => 'Method not allowed, requires POST'], 405); |
|
92
|
|
|
} |
|
93
|
|
|
|
|
94
|
|
|
$this->checkSecurityToken(); |
|
95
|
|
|
|
|
96
|
|
|
$deployment = \DNDeployment::get()->byId($request->postVar('id')); |
|
97
|
|
|
$errorResponse = $this->validateDeployment($deployment); |
|
|
|
|
|
|
98
|
|
|
if ($errorResponse instanceof \SS_HTTPResponse) { |
|
99
|
|
|
return $errorResponse; |
|
100
|
|
|
} |
|
101
|
|
|
|
|
102
|
|
|
$approver = \Member::get()->byId($request->postVar('approver_id')); |
|
103
|
|
|
if ($approver && $approver->exists()) { |
|
104
|
|
|
if (!self::can_approve($this->environment, $approver)) { |
|
|
|
|
|
|
105
|
|
|
return $this->getAPIResponse(['message' => 'The given approver does not have permissions to approve'], 403); |
|
106
|
|
|
} |
|
107
|
|
|
$deployment->ApproverID = $approver->ID; |
|
108
|
|
|
} |
|
109
|
|
|
|
|
110
|
|
|
// title and summary may have changed, ensure they are saved |
|
111
|
|
|
if ($request->postVar('title')) { |
|
112
|
|
|
$deployment->Title = $request->postVar('title'); |
|
113
|
|
|
} |
|
114
|
|
|
if ($request->postVar('summary')) { |
|
115
|
|
|
$deployment->Summary = $request->postVar('summary'); |
|
|
|
|
|
|
116
|
|
|
} |
|
117
|
|
|
|
|
118
|
|
|
try { |
|
119
|
|
|
$deployment->getMachine()->apply(\DNDeployment::TR_SUBMIT); |
|
120
|
|
|
} catch (\Exception $e) { |
|
121
|
|
|
return $this->getAPIResponse([ |
|
122
|
|
|
'message' => $e->getMessage() |
|
123
|
|
|
], 400); |
|
124
|
|
|
} |
|
125
|
|
|
|
|
126
|
|
|
return $this->getAPIResponse([ |
|
127
|
|
|
'message' => 'Deployment request has been submitted', |
|
128
|
|
|
'deployment' => $this->formatter->getDeploymentData($deployment) |
|
|
|
|
|
|
129
|
|
|
], 200); |
|
130
|
|
|
} |
|
131
|
|
|
|
|
132
|
|
|
/** |
|
133
|
|
|
* @param \SS_HTTPRequest $request |
|
134
|
|
|
* @return \SS_HTTPResponse |
|
135
|
|
|
*/ |
|
136
|
|
|
public function cancel(\SS_HTTPRequest $request) { |
|
137
|
|
|
if ($request->httpMethod() !== 'POST') { |
|
138
|
|
|
return $this->getAPIResponse(['message' => 'Method not allowed, requires POST'], 405); |
|
139
|
|
|
} |
|
140
|
|
|
|
|
141
|
|
|
$this->checkSecurityToken(); |
|
142
|
|
|
|
|
143
|
|
|
$deployment = \DNDeployment::get()->byId($request->postVar('id')); |
|
144
|
|
|
$errorResponse = $this->validateDeployment($deployment); |
|
|
|
|
|
|
145
|
|
|
if ($errorResponse instanceof \SS_HTTPResponse) { |
|
146
|
|
|
return $errorResponse; |
|
147
|
|
|
} |
|
148
|
|
|
|
|
149
|
|
|
// if the person cancelling is not the one who created the deployment, update the deployer |
|
150
|
|
|
if (\Member::currentUserID() !== $deployment->DeployerID) { |
|
151
|
|
|
$deployment->DeployerID = \Member::currentUserID(); |
|
152
|
|
|
} |
|
153
|
|
|
|
|
154
|
|
|
try { |
|
155
|
|
|
$deployment->getMachine()->apply(\DNDeployment::TR_NEW); |
|
156
|
|
|
} catch (\Exception $e) { |
|
157
|
|
|
return $this->getAPIResponse([ |
|
158
|
|
|
'message' => $e->getMessage() |
|
159
|
|
|
], 400); |
|
160
|
|
|
} |
|
161
|
|
|
|
|
162
|
|
|
return $this->getAPIResponse([ |
|
163
|
|
|
'message' => 'Deployment request has been cancelled', |
|
164
|
|
|
'deployment' => $this->formatter->getDeploymentData($deployment) |
|
|
|
|
|
|
165
|
|
|
], 200); |
|
166
|
|
|
} |
|
167
|
|
|
|
|
168
|
|
|
/** |
|
169
|
|
|
* @param \SS_HTTPRequest $request |
|
170
|
|
|
* @return \SS_HTTPResponse |
|
171
|
|
|
*/ |
|
172
|
|
|
public function approve(\SS_HTTPRequest $request) { |
|
173
|
|
|
if ($request->httpMethod() !== 'POST') { |
|
174
|
|
|
return $this->getAPIResponse(['message' => 'Method not allowed, requires POST'], 405); |
|
175
|
|
|
} |
|
176
|
|
|
|
|
177
|
|
|
$this->checkSecurityToken(); |
|
178
|
|
|
|
|
179
|
|
|
$deployment = \DNDeployment::get()->byId($request->postVar('id')); |
|
180
|
|
|
$errorResponse = $this->validateDeployment($deployment); |
|
|
|
|
|
|
181
|
|
|
if ($errorResponse instanceof \SS_HTTPResponse) { |
|
182
|
|
|
return $errorResponse; |
|
183
|
|
|
} |
|
184
|
|
|
|
|
185
|
|
|
$canBypass = self::can_bypass_approval($this->environment); |
|
186
|
|
|
$canApprove = self::can_approve($this->environment); |
|
187
|
|
|
|
|
188
|
|
|
// ensure we have either bypass or approval permission of the logged in user |
|
189
|
|
|
if (!$canBypass || !$canBypass) { |
|
190
|
|
|
return $this->getAPIResponse(['message' => 'You are not authorised to approve or bypass this deployment'], 403); |
|
191
|
|
|
} |
|
192
|
|
|
|
|
193
|
|
|
// check for specific permission depending on the current state of the deployment: |
|
194
|
|
|
// submitted => approved requires approval permissions |
|
195
|
|
|
// new => approved requires bypass permissions. |
|
196
|
|
View Code Duplication |
if ($deployment->State === \DNDeployment::STATE_SUBMITTED && !$canApprove) { |
|
|
|
|
|
|
197
|
|
|
return $this->getAPIResponse(['message' => 'You are not authorised to approve this deployment'], 403); |
|
198
|
|
|
} |
|
199
|
|
View Code Duplication |
if ($deployment->State === \DNDeployment::STATE_NEW && !$canBypass) { |
|
|
|
|
|
|
200
|
|
|
return $this->getAPIResponse(['message' => 'You are not authorised to bypass approval of this deployment'], 403); |
|
201
|
|
|
} |
|
202
|
|
|
|
|
203
|
|
|
if ($deployment->State === \DNDeployment::STATE_NEW) { |
|
204
|
|
|
// Bypassing approval: Ensure that approver is not set. This may happen when someone has requested approval, |
|
205
|
|
|
// cancelled approval, then bypassed. |
|
206
|
|
|
$deployment->ApproverID = 0; |
|
207
|
|
|
} else { |
|
208
|
|
|
// if the current user is not the person who was selected for approval on submit, but they got |
|
209
|
|
|
// here because they still have permission, then change the approver to the current user |
|
210
|
|
|
if (\Member::currentUserID() !== $deployment->ApproverID) { |
|
211
|
|
|
$deployment->ApproverID = \Member::currentUserID(); |
|
212
|
|
|
} |
|
213
|
|
|
} |
|
214
|
|
|
|
|
215
|
|
|
// title and summary may have changed, ensure they are saved |
|
216
|
|
|
if ($request->postVar('title')) { |
|
217
|
|
|
$deployment->Title = $request->postVar('title'); |
|
218
|
|
|
} |
|
219
|
|
|
if ($request->postVar('summary')) { |
|
220
|
|
|
$deployment->Summary = $request->postVar('summary'); |
|
|
|
|
|
|
221
|
|
|
} |
|
222
|
|
|
|
|
223
|
|
|
try { |
|
224
|
|
|
$deployment->getMachine()->apply(\DNDeployment::TR_APPROVE); |
|
225
|
|
|
} catch (\Exception $e) { |
|
226
|
|
|
return $this->getAPIResponse([ |
|
227
|
|
|
'message' => $e->getMessage() |
|
228
|
|
|
], 400); |
|
229
|
|
|
} |
|
230
|
|
|
|
|
231
|
|
|
return $this->getAPIResponse([ |
|
232
|
|
|
'message' => 'Deployment request has been approved', |
|
233
|
|
|
'deployment' => $this->formatter->getDeploymentData($deployment) |
|
|
|
|
|
|
234
|
|
|
], 200); |
|
235
|
|
|
} |
|
236
|
|
|
|
|
237
|
|
|
/** |
|
238
|
|
|
* @param \SS_HTTPRequest $request |
|
239
|
|
|
* @return \SS_HTTPResponse |
|
240
|
|
|
*/ |
|
241
|
|
|
public function reject(\SS_HTTPRequest $request) { |
|
242
|
|
|
if ($request->httpMethod() !== 'POST') { |
|
243
|
|
|
return $this->getAPIResponse(['message' => 'Method not allowed, requires POST'], 405); |
|
244
|
|
|
} |
|
245
|
|
|
|
|
246
|
|
|
$this->checkSecurityToken(); |
|
247
|
|
|
|
|
248
|
|
|
$deployment = \DNDeployment::get()->byId($request->postVar('id')); |
|
249
|
|
|
$errorResponse = $this->validateDeployment($deployment); |
|
|
|
|
|
|
250
|
|
|
if ($errorResponse instanceof \SS_HTTPResponse) { |
|
251
|
|
|
return $errorResponse; |
|
252
|
|
|
} |
|
253
|
|
|
|
|
254
|
|
|
// reject permissions are the same as can approve |
|
255
|
|
|
if (!self::can_approve($this->environment)) { |
|
256
|
|
|
return $this->getAPIResponse(['message' => 'You are not authorised to reject this deployment'], 403); |
|
257
|
|
|
} |
|
258
|
|
|
|
|
259
|
|
|
// if the current user is not the person who was selected for approval on submit, but they got |
|
260
|
|
|
// here because they still have permission, then change the approver to the current user |
|
261
|
|
|
if (\Member::currentUserID() !== $deployment->ApproverID) { |
|
262
|
|
|
$deployment->ApproverID = \Member::currentUserID(); |
|
263
|
|
|
} |
|
264
|
|
|
|
|
265
|
|
|
if ($request->postVar('rejected_reason')) { |
|
266
|
|
|
$deployment->RejectedReason = $request->postVar('rejected_reason'); |
|
267
|
|
|
} |
|
268
|
|
|
|
|
269
|
|
|
try { |
|
270
|
|
|
$deployment->getMachine()->apply(\DNDeployment::TR_REJECT); |
|
271
|
|
|
} catch (\Exception $e) { |
|
272
|
|
|
return $this->getAPIResponse([ |
|
273
|
|
|
'message' => $e->getMessage() |
|
274
|
|
|
], 400); |
|
275
|
|
|
} |
|
276
|
|
|
|
|
277
|
|
|
return $this->getAPIResponse([ |
|
278
|
|
|
'message' => 'Deployment request has been rejected', |
|
279
|
|
|
'deployment' => $this->formatter->getDeploymentData($deployment) |
|
|
|
|
|
|
280
|
|
|
], 200); |
|
281
|
|
|
} |
|
282
|
|
|
|
|
283
|
|
|
/** |
|
284
|
|
|
* Check if a DNDeployment exists and do permission checks on it. If there is something wrong it will return |
|
285
|
|
|
* an APIResponse with the error, otherwise null. |
|
286
|
|
|
* |
|
287
|
|
|
* @param \DNDeployment $deployment |
|
288
|
|
|
* |
|
289
|
|
|
* @return null|SS_HTTPResponse |
|
290
|
|
|
*/ |
|
291
|
|
View Code Duplication |
protected function validateDeployment($deployment) { |
|
|
|
|
|
|
292
|
|
|
if (!$deployment || !$deployment->exists()) { |
|
293
|
|
|
return $this->getAPIResponse(['message' => 'This deployment does not exist'], 404); |
|
294
|
|
|
} |
|
295
|
|
|
if ($deployment->EnvironmentID != $this->environment->ID) { |
|
296
|
|
|
return $this->getAPIResponse(['message' => 'This deployment does not belong to the environment'], 403); |
|
297
|
|
|
} |
|
298
|
|
|
if (!$deployment->canView()) { |
|
299
|
|
|
return $this->getAPIResponse(['message' => 'You are not authorised to view this deployment'], 403); |
|
300
|
|
|
} |
|
301
|
|
|
return null; |
|
302
|
|
|
} |
|
303
|
|
|
|
|
304
|
|
|
/** |
|
305
|
|
|
* @param string $name |
|
306
|
|
|
* @return array |
|
307
|
|
|
*/ |
|
308
|
|
|
public function getModel($name = '') { |
|
309
|
|
|
return []; |
|
310
|
|
|
} |
|
311
|
|
|
|
|
312
|
|
|
/** |
|
313
|
|
|
* @param string $action |
|
314
|
|
|
* @return string |
|
315
|
|
|
*/ |
|
316
|
|
|
public function Link($action = '') { |
|
317
|
|
|
return \Controller::join_links($this->environment->Link(), self::ACTION_APPROVALS, $action); |
|
318
|
|
|
} |
|
319
|
|
|
|
|
320
|
|
|
} |
|
321
|
|
|
|
silverstripe /
deploynaut
Loading history...
This check marks property names that have not been written in camelCase.
In camelCase names are written without any punctuation, the start of each new word being marked by a capital letter. Thus the name database connection string becomes
databaseConnectionString.