build_from_repo_id policy
This commit is contained in:
Mike McLean
parent
dc92b0ec7c
commit
ee651710c8
2 changed files with 19 additions and 11 deletions
|
|
@ -1560,19 +1560,23 @@ class BuildTask(BaseTaskHandler):
|
|||
if not taginfo:
|
||||
raise koji.GenericError, 'neither tag nor target: %s' % target
|
||||
dest_tag = taginfo['id']
|
||||
#policy checks...
|
||||
policy_data = {
|
||||
'user_id' : task_info['owner'],
|
||||
'source' : src,
|
||||
'task_id' : self.id,
|
||||
'build_tag' : build_tag, #id
|
||||
}
|
||||
if target_info:
|
||||
policy_data['target'] = target_info['id'],
|
||||
if not self.opts.get('skip_tag'):
|
||||
policy_data['tag'] = dest_tag #id
|
||||
if not SCM.is_scm_url(src) and not opts.get('scratch'):
|
||||
#let hub policy decide
|
||||
policy_data = {
|
||||
'user_id' : task_info['owner'],
|
||||
'source' : src,
|
||||
'task_id' : self.id,
|
||||
'build_tag' : build_tag, #id
|
||||
}
|
||||
if target_info:
|
||||
policy_data['target'] : target_info['id'],
|
||||
if not self.opts.get('skip_tag'):
|
||||
policy_data['tag'] = dest_tag #id
|
||||
session.assertPolicy('build_from_srpm', policy_data)
|
||||
session.host.assertPolicy('build_from_srpm', policy_data)
|
||||
if opts.get('repo_id') is not None:
|
||||
# use of this option is governed by policy
|
||||
session.host.assertPolicy('build_from_repo_id', policy_data)
|
||||
srpm = self.getSRPM(src)
|
||||
h = self.readSRPMHeader(srpm)
|
||||
data = koji.get_header_fields(h,['name','version','release','epoch'])
|
||||
|
|
|
|||
|
|
@ -446,6 +446,10 @@ _default_policies = {
|
|||
has_perm admin :: allow
|
||||
all :: deny
|
||||
''',
|
||||
'build_from_repo_id' : '''
|
||||
has_perm admin :: allow
|
||||
all :: deny
|
||||
''',
|
||||
}
|
||||
|
||||
def get_policy(opts, plugins):
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue