PTFE-2196 authorize self bypass for admins

scality · Dec 11, 2024 · 1c35490 · 1c35490
1 parent b533cae
commit 1c35490
Show file tree

Hide file tree

Showing 3 changed files with 37 additions and 6 deletions.
diff --git a/bert_e/templates/not_enough_credentials.md b/bert_e/templates/not_enough_credentials.md
@@ -9,11 +9,7 @@ I'm afraid I cannot do that, @{{ author }}:
 
 > {{ comment|replace('\n', '\n> ') }}
 
-{% if self_pr %}
-You cannot use `{{ command }}` in your own pull request.
-{% else %}
 You don't have enough credentials to use `{{ command }}`.
-{% endif %}
 
 Please **edit** or **delete** the corresponding comment so I can move on.
 {% endblock %}
diff --git a/bert_e/tests/test_bert_e.py b/bert_e/tests/test_bert_e.py
@@ -4978,6 +4978,41 @@ def test_dev_major_lonely_stab(self):
         with self.assertRaises(exns.DevBranchDoesNotExist):
             self.handle(pr.id, options=self.bypass_all, backtrace=True)
 
+    def test_admin_self_bypass(self):
+        """Test an admin can bypass its own PR."""
+        feature_branch = 'feature/TEST-00001'
+        from_branch = 'development/4.3'
+        create_branch(self.gitrepo, feature_branch,
+                      from_branch=from_branch, file_=True)
+        pr = self.admin_bb.create_pull_request(
+            title="title",
+            name="name",
+            src_branch=feature_branch,
+            dst_branch=from_branch,
+            description="",
+        )
+        # Expect a jira check
+        with self.assertRaises(exns.IncorrectFixVersion):
+            self.handle(pr.id, backtrace=True)
+        # Ensure peers cannot bypass the jira check without admin credentials
+        peer = self.contributor_bb.get_pull_request(pull_request_id=pr.id)
+        comment = peer.add_comment('/bypass_jira_check')
+        # Expect a lack of credentials
+        with self.assertRaises(exns.NotEnoughCredentials):
+            self.handle(pr.id, backtrace=True)
+        comment.delete()
+        # Ensure the admin can bypass its own PR
+        pr.add_comment('/bypass_jira_check')
+        with self.assertRaises(exns.ApprovalRequired):
+            self.handle(pr.id, backtrace=True)
+        pr.add_comment('/bypass_peer_approval')
+        pr.approve()
+        with self.assertRaises(exns.BuildNotStarted):
+            self.handle(pr.id, backtrace=True)
+        pr.add_comment('/bypass_build_status')
+        with self.assertRaises(exns.SuccessMessage):
+            self.handle(pr.id, backtrace=True)
+
 
 class TestQueueing(RepositoryTests):
     """Tests which validate all things related to the merge queue.

diff --git a/bert_e/workflow/gitwaterflow/__init__.py b/bert_e/workflow/gitwaterflow/__init__.py
@@ -305,7 +305,7 @@ def handle_comments(job):
     # Look for options in all of the pull request's comments.
     for comment in job.pull_request.comments:
         author = comment.author
-        privileged = author in admins and author != pr_author
+        privileged = author in admins
         authored = author == pr_author
         text = comment.text
         try:
@@ -318,7 +318,7 @@ def handle_comments(job):
         except NotPrivileged as err:
             raise messages.NotEnoughCredentials(
                 active_options=job.active_options, command=err.keyword,
-                author=author, self_pr=(author == pr_author), comment=text
+                author=author, comment=text
             ) from err
         except NotAuthored as err:
             raise messages.NotAuthor(