/**
* @param \DNEnvironment $environment
* @param \Member|null $member
* @return bool
*/
public static function can_bypass_approval(\DNEnvironment $environment, \Member $member = null)
{
if ($member === null) {
$member = \Member::currentUser();
}
// special case for non-Production environments: users who can deploy are able to bypass approval.
if ($environment->Usage !== \DNEnvironment::PRODUCTION && $environment->canDeploy($member)) {
return true;
}
return $environment->Project()->allowed(self::ALLOW_APPROVAL_BYPASS, $member);
}
/**
* Check if this member can move archive into the environment.
*
* @param DNEnvironment $targetEnv Environment to check.
* @param Member|null $member The {@link Member} object to test against. If null, uses Member::currentMember();
*
* @return boolean true if $member can upload archives linked to this environment, false if they can't.
*/
public function canMoveTo($targetEnv, $member = null)
{
if ($this->Environment()->Project()->ID != $targetEnv->Project()->ID) {
// We don't permit moving snapshots between projects at this stage.
return false;
}
if (!$member) {
$member = Member::currentUser();
}
// Must be logged in to check permissions
if (!$member) {
return false;
}
// Admin can always move.
if (Permission::checkMember($member, 'ADMIN')) {
return true;
}
// Checks if the user can actually access the archive.
if (!$this->canDownload($member)) {
return false;
}
// Hooks into ArchiveUploaders permission to prevent proliferation of permission checkboxes.
// Bypasses the quota check - we don't need to check for it as long as we move the snapshot within the project.
return $targetEnv->ArchiveUploaders()->byID($member->ID) || $member->inGroups($targetEnv->ArchiveUploaderGroups());
}
/**
* @param string $action Capistrano action to be executed
* @param string $roles Defining a server role is required to target only the required servers.
* @param DNEnvironment $environment
* @param array<string>|null $args Additional arguments for process
* @param DeploynautLogFile $log
* @return \Symfony\Component\Process\Process
*/
public function getCommand($action, $roles, DNEnvironment $environment, $args = null, DeploynautLogFile $log)
{
$name = $environment->getFullName();
$env = $environment->Project()->getProcessEnv();
if (!$args) {
$args = array();
}
$args['history_path'] = realpath(DEPLOYNAUT_LOG_PATH . '/');
// Inject env string directly into the command.
// Capistrano doesn't like the $process->setEnv($env) we'd normally do below.
$envString = '';
if (!empty($env)) {
$envString .= 'env ';
foreach ($env as $key => $value) {
$envString .= "{$key}=\"{$value}\" ";
}
}
$data = DNData::inst();
// Generate a capfile from a template
$capTemplate = file_get_contents(BASE_PATH . '/deploynaut/Capfile.template');
$cap = str_replace(array('<config root>', '<ssh key>', '<base path>'), array($data->getEnvironmentDir(), DEPLOYNAUT_SSH_KEY, BASE_PATH), $capTemplate);
if (defined('DEPLOYNAUT_CAPFILE')) {
$capFile = DEPLOYNAUT_CAPFILE;
} else {
$capFile = ASSETS_PATH . '/Capfile';
}
file_put_contents($capFile, $cap);
$command = "{$envString}cap -f " . escapeshellarg($capFile) . " -vv {$name} {$action} ROLES={$roles}";
foreach ($args as $argName => $argVal) {
$command .= ' -s ' . escapeshellarg($argName) . '=' . escapeshellarg($argVal);
}
$log->write(sprintf('Running command: %s', $command));
$process = new Process($command);
$process->setTimeout(3600);
return $process;
}
