Merge pull request #2957 from zendesk/sathish/BRE-926

Disabled `Does not deploy code` for non admin users
zendesk · Oct 4, 2018 · f50a206 · f50a206
2 parents 9e44cb0 + 0043ef1
commit f50a206
Show file tree

Hide file tree

Showing 3 changed files with 51 additions and 8 deletions.
diff --git a/app/controllers/stages_controller.rb b/app/controllers/stages_controller.rb
@@ -8,6 +8,7 @@ class StagesController < ApplicationController
   before_action :authorize_resource!
   before_action :check_token, if: :badge?
   before_action :find_stage, only: [:show, :edit, :update, :destroy, :clone]
+  helper_method :can_change_no_code_deployed?
 
   def index
     @stages = @project.stages
@@ -95,6 +96,10 @@ def clone
 
   private
 
+  def can_change_no_code_deployed?
+    current_user.admin?
+  end
+
   def badge_safe(string)
     CGI.escape(string).
       gsub('+', '%20').
@@ -120,7 +125,7 @@ def find_stage
   end
 
   def stage_permitted_params
-    [
+    permitted_params = [
       :builds_in_environment,
       :cancel_queued_deploys,
       :confirm,
@@ -130,7 +135,6 @@ def stage_permitted_params
       :email_committers_on_automated_deploy_failure,
       :is_template,
       :name,
-      :no_code_deployed,
       :no_reference_selection,
       :notify_email_address,
       :periodical_deploy,
@@ -142,6 +146,8 @@ def stage_permitted_params
         deploy_group_ids: [],
         command_ids: []
       }
-    ] + Samson::Hooks.fire(:stage_permitted_params).flatten
+    ]
+    permitted_params << :no_code_deployed if can_change_no_code_deployed?
+    permitted_params + Samson::Hooks.fire(:stage_permitted_params).flatten
   end
 end
diff --git a/app/views/stages/_fields.html.erb b/app/views/stages/_fields.html.erb
@@ -23,19 +23,21 @@
       " When selected with '#{no_code_label}' and '#{confirm_label}' is disabled the stage can be directly executed."
   %>
 
-  <% help = "Bypass " + [("buddy check" if BuddyCheck.enabled?), "release tracking"].compact.to_sentence %>
-  <%= form.input :no_code_deployed, as: :check_box, label: no_code_label, help: help %>
+  <% help = "Bypass " + [("buddy check" if BuddyCheck.enabled?), "release tracking"].compact.to_sentence \
+      + ". Must be a global admin to change."
+  %>
+  <%= form.input :no_code_deployed, as: :check_box, label: no_code_label, help: help, input_html: {disabled: !can_change_no_code_deployed?} %>
 
-  <%= form.input :run_in_parallel, as: :check_box, label: "Can run in parallel", help: "Deploys are not queued. Executed immediately" %>
+  <%= form.input :run_in_parallel, as: :check_box, label: "Can run in parallel", help: "Deploys are not queued. Executed immediately." %>
 
   <%= form.input :cancel_queued_deploys, as: :check_box, label: "Max 1 queued deploy per user", help: "When a new deploy is created for a user. Any queued deploys for that user are cancelled. This most useful when trying to not deploy every push for frequently updated projects." %>
 
-  <%= form.input :confirm, as: :check_box, label: confirm_label, help: "Show a review page before starting a deploy" %>
+  <%= form.input :confirm, as: :check_box, label: confirm_label, help: "Show a review page before starting a deploy." %>
 
   <%= form.input :no_reference_selection, as: :check_box, label: "Disable reference selection", help: no_ref_label %>
 
   <% if interval = Samson::Periodical.interval(:periodical_deploy) %>
-    <%= form.input :periodical_deploy, as: :check_box, help: "Deploy every #{distance_of_time_in_words(interval)} if last deploy succeeded, enable automated deploy failure email to be alerted " %>
+    <%= form.input :periodical_deploy, as: :check_box, help: "Deploy every #{distance_of_time_in_words(interval)} if last deploy succeeded, enable automated deploy failure email to be alerted. " %>
   <% end %>
 
   <% if @project.releases.any? %>

diff --git a/test/controllers/stages_controller_test.rb b/test/controllers/stages_controller_test.rb
@@ -11,6 +11,13 @@
   unauthorized :get, :show, project_id: :foo, id: 1, token: Rails.application.config.samson.badge_token
   unauthorized :get, :index, project_id: :foo, token: Rails.application.config.samson.badge_token, format: :svg
 
+  def stage_no_code_deployed_disabled
+    get :new, params: {project_id: subject.project.to_param}
+    assert_select "#stage_no_code_deployed" do |input|
+      return input.attr("disabled").present?
+    end
+  end
+
   describe 'GET to :show with svg' do
     let(:valid_params) do
       {
@@ -172,6 +179,10 @@
         it 'adds no commands by default' do
           assigns(:stage).command_ids.must_equal []
         end
+
+        it 'disabled to alter `does not deploy code`' do
+          assert stage_no_code_deployed_disabled
+        end
       end
 
       it 'fails for non-existent project' do
@@ -222,6 +233,12 @@ def create_stage(overrides = {})
         end
       end
 
+      it "fails when trying to set no code deployed" do
+        assert_raises ActionController::UnpermittedParameters do
+          create_stage(stage: {name: "test", no_code_deployed: true})
+        end
+      end
+
       it "fails with unknown project" do
         assert_raises ActiveRecord::RecordNotFound do
           post :create, params: {project_id: :foo23123}
@@ -396,4 +413,22 @@ def clone(method, format, extra = {})
       end
     end
   end
+
+  as_an_admin do
+    describe '#new' do
+      it 'can alter `does not deploy code`' do
+        refute stage_no_code_deployed_disabled
+      end
+    end
+
+    describe '#create' do
+      subject { assigns(:stage) }
+      it 'permits `no_code_deployed` in params' do
+        params = {project_id: projects(:test).to_param, stage: {name: 'test', no_code_deployed: true}}
+        post :create, params: params
+        subject.reload
+        assert subject.no_code_deployed
+      end
+    end
+  end
 end