From 0b12e85e974347dcc743eb4fa4c597d546297d2f Mon Sep 17 00:00:00 2001
From: Jan Kaluža <jkaluza@redhat.com>
Date: Mar 29 2017 12:46:45 +0000
Subject: Merge #466 `Introduce 'admins' config option and allow users defined there to cancel any module build.`


---

diff --git a/module_build_service/config.py b/module_build_service/config.py
index a4e4f89..3176eab 100644
--- a/module_build_service/config.py
+++ b/module_build_service/config.py
@@ -303,6 +303,10 @@ class Config(object):
             'type': bool,
             'default': False,
             'desc': 'Disable client authentication.'},
+        'admins': {
+            'type': list,
+            'default': [],
+            'desc': 'List of names of users with admin privileges.'},
     }
 
     def __init__(self, conf_section_obj):
diff --git a/module_build_service/views.py b/module_build_service/views.py
index 81fbf29..8a1608c 100644
--- a/module_build_service/views.py
+++ b/module_build_service/views.py
@@ -165,7 +165,7 @@ class ModuleBuildAPI(MethodView):
         if not module:
             raise NotFound('No such module found.')
 
-        if module.owner != username:
+        if module.owner != username and username not in conf.admins:
             raise Forbidden('You are not owner of this build and '
                             'therefore cannot modify it.')
 
diff --git a/tests/test_views/test_views.py b/tests/test_views/test_views.py
index 55be092..d6f0ec1 100644
--- a/tests/test_views/test_views.py
+++ b/tests/test_views/test_views.py
@@ -535,7 +535,7 @@ class TestViews(unittest.TestCase):
         self.assertEquals(data['state_reason'], 'Canceled by some_other_user.')
 
     @patch('module_build_service.auth.get_user', return_value=('sammy', set()))
-    def test_cancel_build_unauthorized(self, mocked_get_user):
+    def test_cancel_build_unauthorized_no_groups(self, mocked_get_user):
         rv = self.client.patch('/module-build-service/1/module-builds/30',
                                data=json.dumps({'state': 'failed'}))
         data = json.loads(rv.data)
@@ -543,6 +543,26 @@ class TestViews(unittest.TestCase):
         self.assertEquals(data['status'], 403)
         self.assertEquals(data['error'], 'Forbidden')
 
+    @patch('module_build_service.auth.get_user', return_value=('sammy', set(["packager"])))
+    def test_cancel_build_unauthorized_not_owner(self, mocked_get_user):
+        rv = self.client.patch('/module-build-service/1/module-builds/30',
+                               data=json.dumps({'state': 'failed'}))
+        data = json.loads(rv.data)
+
+        self.assertEquals(data['status'], 403)
+        self.assertEquals(data['error'], 'Forbidden')
+
+    @patch('module_build_service.auth.get_user', return_value=('sammy', set(["packager"])))
+    def test_cancel_build_admin(self, mocked_get_user):
+        with patch("module_build_service.config.Config.admins",
+                new_callable=PropertyMock, return_value = ["sammy"]):
+            rv = self.client.patch('/module-build-service/1/module-builds/30',
+                                data=json.dumps({'state': 'failed'}))
+            data = json.loads(rv.data)
+
+            self.assertEquals(data['state'], 4)
+            self.assertEquals(data['state_reason'], 'Canceled by sammy.')
+
     @patch('module_build_service.auth.get_user', return_value=other_user)
     def test_cancel_build_wrong_param(self, mocked_get_user):
         rv = self.client.patch('/module-build-service/1/module-builds/30',