Send an api request to confirm if user is admin

screwdriver-cd · Nov 16, 2018 · 1b130c5 · 1b130c5
1 parent 826ff30
commit 1b130c5
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 4 deletions.
diff --git a/config/custom-environment-variables.yaml b/config/custom-environment-variables.yaml
@@ -65,3 +65,4 @@ strategy:
 
 ecosystem:
     ui: ECOSYSTEM_UI
+    api: ECOSYSTEM_API
diff --git a/config/default.yaml b/config/default.yaml
@@ -73,3 +73,4 @@ strategy:
 
 ecosystem:
     ui: https://cd.screwdriver.cd
+    api: https://api.screwdriver.cd
diff --git a/package.json b/package.json
@@ -72,6 +72,7 @@
     "hoek": "^5.0.3",
     "inert": "^5.1.0",
     "joi": "13.1.2",
+    "request": "^2.88.0",
     "screwdriver-data-schema": "^18.11.5",
     "vision": "^5.3.0",
     "winston": "^2.2.0"

diff --git a/plugins/caches.js b/plugins/caches.js
@@ -4,6 +4,7 @@ const joi = require('joi');
 const boom = require('boom');
 const config = require('config');
 const AwsClient = require('../helpers/aws');
+const req = require('request');
 
 const SCHEMA_SCOPE_NAME = joi.string().valid(['events', 'jobs', 'pipelines']).label('Scope Name');
 const SCHEMA_SCOPE_ID = joi.number().integer().positive().label('Event/Job/Pipeline ID');
@@ -336,21 +337,44 @@ exports.plugin = {
             method: 'DELETE',
             path: '/caches/{scope}/{id}',
             handler: async (request, h) => {
+                if (strategyConfig.plugin !== 's3') {
+                    return h.response();
+                }
+
                 let cachePath;
+                const { username } = request.auth.credentials;
+                const apiUrl = config.get('ecosystem.api');
+                const payload = {
+                    url: `${apiUrl}/v4/users/${username}/isAdmin`,
+                    method: 'GET',
+                    headers: {
+                        Authorization: `Bearer ${request.auth.token}`,
+                        'Content-Type': 'application/json'
+                    },
+                    json: true
+                };
 
                 switch (request.params.scope) {
                 case 'events': {
-                    break;
+                    return h.response();
                 }
                 case 'jobs': {
                     const jobIdParam = request.params.id;
 
+                    payload.body = {
+                        jobId: jobIdParam
+                    };
+
                     cachePath = `jobs/${jobIdParam}/`;
                     break;
                 }
                 case 'pipelines': {
                     const pipelineIdParam = request.params.id;
 
+                    payload.body = {
+                        pipelineId: pipelineIdParam
+                    };
+
                     cachePath = `pipelines/${pipelineIdParam}`;
                     break;
                 }
@@ -359,10 +383,16 @@ exports.plugin = {
                 }
 
                 try {
-                    await awsClient.invalidateCache(cachePath, (e) => {
-                        if (e) {
-                            console.log('Failed to invalidate cache: ', e);
+                    await req(payload, (err, response) => {
+                        if (!err && response.statusCode === 200) {
+                            return awsClient.invalidateCache(cachePath, (e) => {
+                                if (e) {
+                                    console.log('Failed to invalidate cache: ', e);
+                                }
+                            });
                         }
+
+                        return Promise.reject(err);
                     });
 
                     return h.response();