PTFE-2196 authorize self bypass for admins (#230)

tcarmet · web-flow · commit 8d99fddaed72 · 2024-12-11T14:26:48.000-08:00
diff --git a/CHANGELOG b/CHANGELOG
@@ -12,6 +12,7 @@ All notable changes to this project will be documented in this file.
 # Changed
 - Integration queue branches pattern is now `q/w/{pr.id}/{integration.branch}`
   instead of `q/{pr.id}/{integration.branch}`.
+- Allow admins to self-bypass their own PRs.
 
 ## [3.12.0] - 2024-02-26
 # Added
diff --git a/bert_e/docs/USER_DOC.md b/bert_e/docs/USER_DOC.md
@@ -480,7 +480,7 @@ to progress to the next step.  message code
 | 120   | After pull request | The after_pull_request option has been activated, and the target pull request is not merged yet work on merging the pending pull request or remove the option
 | 121   | Integration data created | __Bert-E__ notifies the owner that he succesfully created the integration branches and the related pull requests, and provides a link to them. No action required
 | 122   | Unknown command | One of the participants asked __Bert-E__ to activate an option, or execute a command he doesn't know. Edit the corresponding message if it contains a typo. Delete it otherwise
-| 123   | Not authorized | One of the participants asked __Bert-E__ to activate a privileged option, or execute a privileged  command, but doesn't have enough credentials to do so. Delete the corresponding command ask a __Bert-E__ administrator to run/set the desired command/option. Note that the even if the author of the pull request has administrator credentials, he cannot use privileged commands or options on his own pull requests.
+| 123   | Not authorized | One of the participants asked __Bert-E__ to activate a privileged option, or execute a privileged command, but doesn't have enough credentials to do so. Delete the corresponding command ask a __Bert-E__ administrator to run/set the desired command/option.
 | 134   | Not author | One of the participants asked __Bert-E__ to activate an authored option, but the participant is not the author of the pull request.
 
 Queues
diff --git a/bert_e/templates/not_enough_credentials.md b/bert_e/templates/not_enough_credentials.md
@@ -9,11 +9,7 @@ I'm afraid I cannot do that, @{{ author }}:
 
 > {{ comment|replace('\n', '\n> ') }}
 
-{% if self_pr %}
-You cannot use `{{ command }}` in your own pull request.
-{% else %}
 You don't have enough credentials to use `{{ command }}`.
-{% endif %}
 
 Please **edit** or **delete** the corresponding comment so I can move on.
 {% endblock %}
diff --git a/bert_e/tests/test_bert_e.py b/bert_e/tests/test_bert_e.py
@@ -4978,6 +4978,41 @@ def test_dev_major_lonely_stab(self):
         with self.assertRaises(exns.DevBranchDoesNotExist):
             self.handle(pr.id, options=self.bypass_all, backtrace=True)
 
+    def test_admin_self_bypass(self):
+        """Test an admin can bypass its own PR."""
+        feature_branch = 'feature/TEST-00001'
+        from_branch = 'development/4.3'
+        create_branch(self.gitrepo, feature_branch,
+                      from_branch=from_branch, file_=True)
+        pr = self.admin_bb.create_pull_request(
+            title="title",
+            name="name",
+            src_branch=feature_branch,
+            dst_branch=from_branch,
+            description="",
+        )
+        # Expect a jira check
+        with self.assertRaises(exns.IncorrectFixVersion):
+            self.handle(pr.id, backtrace=True)
+        # Ensure peers cannot bypass the jira check without admin credentials
+        peer = self.contributor_bb.get_pull_request(pull_request_id=pr.id)
+        comment = peer.add_comment('/bypass_jira_check')
+        # Expect a lack of credentials
+        with self.assertRaises(exns.NotEnoughCredentials):
+            self.handle(pr.id, backtrace=True)
+        comment.delete()
+        # Ensure the admin can bypass its own PR
+        pr.add_comment('/bypass_jira_check')
+        with self.assertRaises(exns.ApprovalRequired):
+            self.handle(pr.id, backtrace=True)
+        pr.add_comment('/bypass_peer_approval')
+        pr.approve()
+        with self.assertRaises(exns.BuildNotStarted):
+            self.handle(pr.id, backtrace=True)
+        pr.add_comment('/bypass_build_status')
+        with self.assertRaises(exns.SuccessMessage):
+            self.handle(pr.id, backtrace=True)
+
 
 class TestQueueing(RepositoryTests):
     """Tests which validate all things related to the merge queue.
diff --git a/bert_e/workflow/gitwaterflow/__init__.py b/bert_e/workflow/gitwaterflow/__init__.py
@@ -305,7 +305,7 @@ def handle_comments(job):
     # Look for options in all of the pull request's comments.
     for comment in job.pull_request.comments:
         author = comment.author
-        privileged = author in admins and author != pr_author
+        privileged = author in admins
         authored = author == pr_author
         text = comment.text
         try:
@@ -318,7 +318,7 @@ def handle_comments(job):
         except NotPrivileged as err:
             raise messages.NotEnoughCredentials(
                 active_options=job.active_options, command=err.keyword,
-                author=author, self_pr=(author == pr_author), comment=text
+                author=author, comment=text
             ) from err
         except NotAuthored as err:
             raise messages.NotAuthor(
