/** * @param \DNEnvironment $environment * @param \Member|null $member * @return bool */ public static function can_bypass_approval(\DNEnvironment $environment, \Member $member = null) { if ($member === null) { $member = \Member::currentUser(); } // special case for non-Production environments: users who can deploy are able to bypass approval. if ($environment->Usage !== \DNEnvironment::PRODUCTION && $environment->canDeploy($member)) { return true; } return $environment->Project()->allowed(self::ALLOW_APPROVAL_BYPASS, $member); }
/** * Check if this member can move archive into the environment. * * @param DNEnvironment $targetEnv Environment to check. * @param Member|null $member The {@link Member} object to test against. If null, uses Member::currentMember(); * * @return boolean true if $member can upload archives linked to this environment, false if they can't. */ public function canMoveTo($targetEnv, $member = null) { if ($this->Environment()->Project()->ID != $targetEnv->Project()->ID) { // We don't permit moving snapshots between projects at this stage. return false; } if (!$member) { $member = Member::currentUser(); } // Must be logged in to check permissions if (!$member) { return false; } // Admin can always move. if (Permission::checkMember($member, 'ADMIN')) { return true; } // Checks if the user can actually access the archive. if (!$this->canDownload($member)) { return false; } // Hooks into ArchiveUploaders permission to prevent proliferation of permission checkboxes. // Bypasses the quota check - we don't need to check for it as long as we move the snapshot within the project. return $targetEnv->ArchiveUploaders()->byID($member->ID) || $member->inGroups($targetEnv->ArchiveUploaderGroups()); }
/** * @param string $action Capistrano action to be executed * @param string $roles Defining a server role is required to target only the required servers. * @param DNEnvironment $environment * @param array<string>|null $args Additional arguments for process * @param DeploynautLogFile $log * @return \Symfony\Component\Process\Process */ public function getCommand($action, $roles, DNEnvironment $environment, $args = null, DeploynautLogFile $log) { $name = $environment->getFullName(); $env = $environment->Project()->getProcessEnv(); if (!$args) { $args = array(); } $args['history_path'] = realpath(DEPLOYNAUT_LOG_PATH . '/'); // Inject env string directly into the command. // Capistrano doesn't like the $process->setEnv($env) we'd normally do below. $envString = ''; if (!empty($env)) { $envString .= 'env '; foreach ($env as $key => $value) { $envString .= "{$key}=\"{$value}\" "; } } $data = DNData::inst(); // Generate a capfile from a template $capTemplate = file_get_contents(BASE_PATH . '/deploynaut/Capfile.template'); $cap = str_replace(array('<config root>', '<ssh key>', '<base path>'), array($data->getEnvironmentDir(), DEPLOYNAUT_SSH_KEY, BASE_PATH), $capTemplate); if (defined('DEPLOYNAUT_CAPFILE')) { $capFile = DEPLOYNAUT_CAPFILE; } else { $capFile = ASSETS_PATH . '/Capfile'; } file_put_contents($capFile, $cap); $command = "{$envString}cap -f " . escapeshellarg($capFile) . " -vv {$name} {$action} ROLES={$roles}"; foreach ($args as $argName => $argVal) { $command .= ' -s ' . escapeshellarg($argName) . '=' . escapeshellarg($argVal); } $log->write(sprintf('Running command: %s', $command)); $process = new Process($command); $process->setTimeout(3600); return $process; }