FIX update devops process

app/controllers/application_controller.rb

@@ -744,11 +744,6 @@ class ApplicationController < ActionController::Base
 		interactor.success? ? render_ok : render_error(interactor.error)
 	end
 
-	# devops 权限验证
-	def devops_authorize!
-		render_forbidden unless @project.owner?(current_user)
-	end
-
   private
 	def object_not_found
 		uid_logger("Missing template or cant't find record, responding with 404")

app/controllers/concerns/devopsable.rb

@@ -0,0 +1,32 @@
+module Devopsable
+  extend ActiveSupport::Concern
+
+  included do
+  end
+
+  # devops 权限验证
+	def devops_authorize!
+		render_forbidden unless @project.owner?(current_user)
+	end
+
+	def auto_load_project
+		@project = Project.find_by(id: params[:project_id]) || Project.find_by(identifier: params[:project_id])
+		render_not_found('未找到相关的项目') if @project.blank?
+	end
+
+  # TODO 暂时限制项目拥有者才有权限操作
+  def limit_owner_can_devops!(user)
+    return if @project.owner? user
+    render_forbidden
+  end
+
+  def find_cloud_account
+    @cloud_account = DevOps::CloudAccount.find params[:id]
+  end
+
+  def set_drone_token!(user, cloud_account, drone_token)
+    return if user.devops_has_token?
+    cloud_account.update_column(:drone_token, drone_token)
+    user.set_drone_step!(User::DEVOPS_HAS_TOKEN)
+  end
+end

app/controllers/dev_ops/cloud_accounts_controller.rb

@@ -1,7 +1,10 @@
 class DevOps::CloudAccountsController < ApplicationController
+  include Devopsable
+
   before_action :require_login
-  before_action :find_project
+  before_action :auto_load_project
   before_action :devops_authorize!
+  before_action :find_cloud_account, only: %i[activate]
 
   def create
     ActiveRecord::Base.transaction do
@@ -14,8 +17,6 @@ class DevOps::CloudAccountsController < ApplicationController
       else
         cloud_account = DevOps::CloudAccount.new(create_params)
         cloud_account.user = current_user
-        cloud_account.repo_id = @project.repository.id
-        cloud_account.project_id = @project.id
         cloud_account.save!
       end
 
@@ -50,6 +51,7 @@ class DevOps::CloudAccountsController < ApplicationController
       logger.info "######### redirect_url: #{redirect_url}"
 
       if result && !result.blank?
+        current_user.set_drone_step!(User::DEVOPS_UNVERIFIED)
         render_ok(redirect_url: redirect_url)
       else
         render_error('激活失败, 请检查你的云服务器信息是否正确.')
@@ -60,12 +62,28 @@ class DevOps::CloudAccountsController < ApplicationController
     render_error(ex.message)
   end
 
+  def activate
+    result =
+      if current_user.devops_has_token?
+        # 已有drone_token的，直接激活项目
+         DevOps::Drone::API.new(@cloud_account.drone_token, @cloud_account.drone_url, @project.owner.login, @project.identifier).activate
+      else
+        # 没有token，说明是第一次激活devops, 需要用户填写token值
+        return render_error('请先在CI服务端做用户认证.') if !current_user.devops_verified?
+        DevOps::Drone::API.new(params[:drone_token], @cloud_account.drone_url, @project.owner.login, @project.identifier).activate
+      end
+
+    if result
+      set_drone_token!(current_user, @cloud_account, params[:drone_token])
+      @project.update_column(:open_devops, true)
+      render_ok
+    else
+      render_error("激活失败，请检查你的token值是否正确.")
+    end
+  end
+
   private
     def devops_params
       params.permit(:account, :secret, :ip_num, :project_id)
     end
-
-    def find_project
-      @project = Project.find params[:project_id]
-    end
 end

app/controllers/dev_ops/languages_controller.rb

@@ -1,4 +1,5 @@
 class DevOps::LanguagesController < ApplicationController
+  # TODO 需要开启权限认证，只有该项目devops初始化成功后才能获取语言列表
   before_action :require_login
   before_action :find_langugae, only: :show
 

app/controllers/users_controller.rb

@@ -1,8 +1,10 @@
 class UsersController < ApplicationController
+  include Devopsable
 
   before_action :load_user, only: [:show, :homepage_info, :sync_token, :sync_gitea_pwd, :projects, :watch_users, :fan_users]
   before_action :check_user_exist, only: [:show, :homepage_info,:projects, :watch_users, :fan_users]
-  before_action :require_login, only: %i[me list]
+  before_action :require_login, only: %i[me list devops_authenticate devops]
+  before_action :auto_load_project, only: %i[devops devops_authenticate]
   skip_before_action :check_sign, only: [:attachment_show]
 
   def list
@@ -177,7 +179,7 @@ class UsersController < ApplicationController
   def trustie_projects
     user_id = User.select(:id, :login).where(login: params[:login])&.first&.id
     projects = Project.visible
-    
+
     projects = projects.joins(:members).where(members: { user_id: user_id })
 
     search = params[:search].to_s.strip
@@ -212,6 +214,19 @@ class UsersController < ApplicationController
     render_ok
   end
 
+  def devops
+    @user = current_user
+    limit_owner_can_devops!(user)
+    @cloud_account = @user.dev_ops_cloud_account
+  end
+
+  # devops 认证
+  def devops_authenticate
+    limit_owner_can_devops!(current_user)
+    current_user.set_drone_step!(User::DEVOPS_VERIFIED)
+    render_ok
+  end
+
   private
   def load_user
     @user = User.find_by_login(params[:id]) || User.find_by(id: params[:id])