gocd
diff --git a/‎server/webapp/WEB-INF/rails.new/app/controllers/api_v2/admin/pipelines_controller.rb‎
Lines changed: 121 additions & 0 deletions b/‎server/webapp/WEB-INF/rails.new/app/controllers/api_v2/admin/pipelines_controller.rb‎
Lines changed: 121 additions & 0 deletions
diff --git a/‎server/webapp/WEB-INF/rails.new/app/helpers/api_v2/authentication_helper.rb‎
Lines changed: 20 additions & 1 deletion b/‎server/webapp/WEB-INF/rails.new/app/helpers/api_v2/authentication_helper.rb‎
Lines changed: 20 additions & 1 deletion
diff --git a/‎server/webapp/WEB-INF/rails.new/app/presenters/api_v2/agent_representer.rb‎
Lines changed: 1 addition & 1 deletion b/‎server/webapp/WEB-INF/rails.new/app/presenters/api_v2/agent_representer.rb‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎server/webapp/WEB-INF/rails.new/app/presenters/api_v2/base_representer.rb‎
Lines changed: 0 additions & 18 deletions b/‎server/webapp/WEB-INF/rails.new/app/presenters/api_v2/base_representer.rb‎
Lines changed: 0 additions & 18 deletions
diff --git a/‎server/webapp/WEB-INF/rails.new/app/presenters/api_v2/config/approval_representer.rb‎
Lines changed: 29 additions & 0 deletions b/‎server/webapp/WEB-INF/rails.new/app/presenters/api_v2/config/approval_representer.rb‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎server/webapp/WEB-INF/rails.new/app/presenters/api_v2/config/artifact_representer.rb‎
Lines changed: 49 additions & 0 deletions b/‎server/webapp/WEB-INF/rails.new/app/presenters/api_v2/config/artifact_representer.rb‎
Lines changed: 49 additions & 0 deletions
diff --git a/‎server/webapp/WEB-INF/rails.new/app/presenters/api_v2/config/environment_variable_representer.rb‎
Lines changed: 46 additions & 0 deletions b/‎server/webapp/WEB-INF/rails.new/app/presenters/api_v2/config/environment_variable_representer.rb‎
Lines changed: 46 additions & 0 deletions
@@ -0,0 +1,121 @@
+##########################################################################
+# Copyright 2016 ThoughtWorks, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+module ApiV2
+  module Admin
+    class PipelinesController < ApiV2::BaseController
+      before_action :check_pipeline_group_admin_user_and_401
+      before_action :load_pipeline, only: [:show, :destroy]
+      before_action :check_if_pipeline_by_same_name_already_exists, :check_group_not_blank, only: [:create]
+      before_action :check_for_stale_request, :check_for_attempted_pipeline_rename, only: [:update]
+
+      def show
+        if stale?(etag: get_etag_for_pipeline(@pipeline_config.name.to_s))
+          json = ApiV2::Config::PipelineConfigRepresenter.new(@pipeline_config).to_hash(url_builder: self)
+          render DEFAULT_FORMAT => json
+        end
+      end
+
+      def create
+        result = HttpLocalizedOperationResult.new
+        get_pipeline_from_request
+        pipeline_config_service.createPipelineConfig(current_user, @pipeline_config_from_request, result, params[:group])
+        handle_config_save_or_update_result(result, @pipeline_config_from_request.name.to_s)
+        if result.isSuccessful
+          pipeline_pause_service.pause(@pipeline_config_from_request.name.to_s, "Under construction", current_user)
+        end
+      end
+
+      def update
+        result = HttpLocalizedOperationResult.new
+        get_pipeline_from_request
+        pipeline_config_service.updatePipelineConfig(current_user, @pipeline_config_from_request, get_etag_for_pipeline(params[:pipeline_name]), result)
+        handle_config_save_or_update_result(result)
+      end
+
+      def destroy
+        result = HttpLocalizedOperationResult.new
+        pipeline_config_service.deletePipelineConfig(current_user, @pipeline_config, result)
+        render_http_operation_result(result)
+      end
+
+      private
+
+      def get_pipeline_from_request
+        @pipeline_config_from_request ||= PipelineConfig.new.tap do |config|
+          ApiV2::Config::PipelineConfigRepresenter.new(config).from_hash(params[:pipeline], {go_config: go_config_service.getCurrentConfig()})
+        end
+      end
+
+      def handle_config_save_or_update_result(result, pipeline_name = params[:pipeline_name])
+        if result.isSuccessful
+          load_pipeline(pipeline_name)
+          json = ApiV2::Config::PipelineConfigRepresenter.new(@pipeline_config).to_hash(url_builder: self)
+          response.etag = [get_etag_for_pipeline(@pipeline_config.name.to_s)]
+          render DEFAULT_FORMAT => json
+        else
+          json = ApiV2::Config::PipelineConfigRepresenter.new(@pipeline_config_from_request).to_hash(url_builder: self)
+          render_http_operation_result(result, {data: json})
+        end
+      end
+
+      def check_for_attempted_pipeline_rename
+        unless CaseInsensitiveString.new(params[:pipeline][:name]) == CaseInsensitiveString.new(params[:pipeline_name])
+          result = HttpLocalizedOperationResult.new
+          result.notAcceptable(LocalizedMessage::string("PIPELINE_RENAMING_NOT_ALLOWED"))
+          render_http_operation_result(result)
+        end
+      end
+
+      def get_etag_for_pipeline(pipeline_name)
+        entity_hashing_service.md5ForPipelineConfig(pipeline_name)
+      end
+
+      def check_for_stale_request
+        return unless stale_request?
+
+        result = HttpLocalizedOperationResult.new
+        result.stale(LocalizedMessage::string("STALE_RESOURCE_CONFIG", 'pipeline', params[:pipeline_name]))
+        render_http_operation_result(result)
+      end
+
+      def stale_request?
+        request.env["HTTP_IF_MATCH"] != "\"#{Digest::MD5.hexdigest(get_etag_for_pipeline(params[:pipeline_name]))}\""
+      end
+
+      def load_pipeline(pipeline_name = params[:pipeline_name])
+        @pipeline_config = pipeline_config_service.getPipelineConfig(pipeline_name)
+        raise RecordNotFound if @pipeline_config.nil?
+      end
+
+      def check_if_pipeline_by_same_name_already_exists
+        if (!pipeline_config_service.getPipelineConfig(params[:pipeline_name]).nil?)
+          result = HttpLocalizedOperationResult.new
+          result.unprocessableEntity(LocalizedMessage::string("CANNOT_CREATE_PIPELINE_ALREADY_EXISTS", params[:pipeline_name]))
+          render_http_operation_result(result)
+        end
+      end
+
+      def check_group_not_blank
+        if (params[:group].blank?)
+          result = HttpLocalizedOperationResult.new
+          result.unprocessableEntity(LocalizedMessage::string("PIPELINE_GROUP_MANDATORY_FOR_PIPELINE_CREATE"))
+          render_http_operation_result(result)
+        end
+      end
+    end
+  end
+end
@@ -1,5 +1,5 @@
 ##########################################################################
-# Copyright 2015 ThoughtWorks, Inc.
+# Copyright 2016 ThoughtWorks, Inc.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -40,6 +40,16 @@ def check_admin_user_and_401
       end
     end
 
+    def check_pipeline_group_admin_user_and_401
+      groupName = params[:group] || go_config_service.findGroupNameByPipeline(com.thoughtworks.go.config.CaseInsensitiveString.new(params[:pipeline_name]))
+      return unless security_service.isSecurityEnabled()
+      unless is_user_an_admin_for_group?(current_user, groupName)
+        Rails.logger.info("User '#{current_user.getUsername}' attempted to perform an unauthorized action!")
+        render_unauthorized_error
+      end
+    end
+
+
     def verify_content_type_on_post
       if [:put, :post, :patch].include?(request.request_method_symbol) && !request.raw_post.blank? && request.content_mime_type != :json
         render ApiV2::BaseController::DEFAULT_FORMAT => { message: "You must specify a 'Content-Type' of 'application/json'" }, status: :unsupported_media_type
@@ -58,5 +68,14 @@ def render_unauthorized_error
       render ApiV2::BaseController::DEFAULT_FORMAT => { :message => 'You are not authorized to perform this action.' }, :status => 401
     end
 
+    private
+    def is_user_an_admin_for_group?(current_user, group_name)
+      if go_config_service.groups().hasGroup(group_name)
+        return security_service.isUserAdminOfGroup(current_user.getUsername, group_name)
+      else
+        return security_service.isUserAdmin(current_user)
+      end
+    end
+
   end
 end
@@ -47,7 +47,7 @@ class AgentRepresenter < ApiV2::BaseRepresenter
     property :build_state, exec_context: :decorator
     property :resources, exec_context: :decorator
     property :environments, exec_context: :decorator
-    property :errors, exec_context: :decorator, decorator: ApiV1::Config::ErrorRepresenter, skip_parse: true, skip_render: lambda { |object, options| object.empty? }
+    property :errors, exec_context: :decorator, decorator: ApiV2::Config::ErrorRepresenter, skip_parse: true, skip_render: lambda { |object, options| object.empty? }
 
     def agent_config_state
       agent.getAgentConfigStatus()
 
@@ -117,23 +117,5 @@ def with_default_values(hash)
         memo
       end
     end
-
-    def from_hash(data, options={})
-      super(with_default_values(data), options)
-    end
-
-    private
-    def with_default_values(hash)
-      hash ||= {}
-
-      if hash.respond_to?(:has_key?)
-        hash = hash.deep_symbolize_keys
-      end
-
-      self.collection_items.inject(hash) do |memo, item|
-        memo[item] ||= []
-        memo
-      end
-    end
   end
 end
@@ -0,0 +1,29 @@
+##########################################################################
+# Copyright 2016 ThoughtWorks, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+module ApiV2
+  module Config
+    class ApprovalRepresenter < ApiV2::BaseRepresenter
+      alias_method :approval, :represented
+
+      error_representer
+
+      property :type
+      property :auth_config, as: :authorization, decorator: ApiV2::Config::StageAuthorizationRepresenter, class: AuthConfig
+    end
+  end
+
+end
@@ -0,0 +1,49 @@
+##########################################################################
+# Copyright 2016 ThoughtWorks, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+module ApiV2
+  module Config
+    class ArtifactRepresenter < ApiV2::BaseRepresenter
+      alias_method :artifact, :represented
+
+      error_representer({"src" => "source", "dest" => "destination"})
+
+      ARTIFACT_TYPE_TO_STRING_TYPE_MAP = {
+        ArtifactType::unit => 'test',
+        ArtifactType::file => 'build'
+      }
+
+      ARTIFACT_TYPE_TO_ARTIFACT_CLASS_MAP = {
+        'test'  => TestArtifactPlan,
+        'build' => ArtifactPlan
+      }
+
+      property :src, as: :source
+      property :dest, as: :destination
+      property :type, exec_context: :decorator, skip_parse: true
+
+      def type
+        ARTIFACT_TYPE_TO_STRING_TYPE_MAP[artifact.getArtifactType]
+      end
+
+      class << self
+        def get_class_for_artifact_type(type)
+          ARTIFACT_TYPE_TO_ARTIFACT_CLASS_MAP[type] || (raise ApiV2::UnprocessableEntity, "Invalid Artifact type: '#{type}'. It has to be one of #{ARTIFACT_TYPE_TO_ARTIFACT_CLASS_MAP.keys.join(', ')}")
+        end
+      end
+    end
+  end
+end
@@ -0,0 +1,46 @@
+##########################################################################
+# Copyright 2016 ThoughtWorks, Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+##########################################################################
+
+module ApiV2
+  module Config
+    class EnvironmentVariableRepresenter < ApiV2::BaseRepresenter
+      alias_method :environment_variable, :represented
+
+      error_representer({'encryptedValue' => 'encrypted_value'})
+
+      property :isSecure, as: :secure, writable: false
+      property :name, writable: false
+      property :value, skip_nil: true, writable: false, exec_context: :decorator
+      property :encrypted_value, skip_nil: true, writable: false, exec_context: :decorator
+      property :errors, exec_context: :decorator, decorator: ApiV2::Config::ErrorRepresenter, skip_parse: true, skip_render: lambda { |object, options| object.empty? }
+
+      def value
+        environment_variable.getValueForDisplay() if environment_variable.isPlain
+      end
+
+      def encrypted_value
+        environment_variable.getValueForDisplay() if environment_variable.isSecure
+      end
+
+      def from_hash(data, options={})
+        data = data.with_indifferent_access
+        environment_variable.deserialize(data[:name], data[:value], data[:secure].to_bool, data[:encrypted_value])
+        environment_variable
+      end
+
+    end
+  end
+end