Allow build triggers to be invoked by any repo admin

Fixes #1079

endpoints/api/build.py

@@ -19,7 +19,6 @@ from endpoints.exception import Unauthorized, NotFound, InvalidRequest
 from endpoints.building import start_build, PreparedBuild
 from data import database
 from data import model
-from auth.auth_context import get_authenticated_user
 from auth.permissions import (ReadRepositoryPermission, ModifyRepositoryPermission,
                               AdministerRepositoryPermission, AdministerOrganizationPermission,
                               SuperUserPermission)
@@ -58,14 +57,7 @@ def trigger_view(trigger, can_read=False, can_admin=False, for_build=False):
     build_source = build_trigger.config.get('build_source')
 
     repo_url = build_trigger.get_repository_url() if build_source else None
-
+    can_read = can_read or can_admin
-    if can_admin:
-      can_read = True
-
-    is_connected_user = False
-    if (can_admin and get_authenticated_user() and
-        trigger.connected_user_id == get_authenticated_user().id):
-       is_connected_user = True
 
     trigger_data = {
       'id': trigger.uuid,
@@ -76,7 +68,7 @@ def trigger_view(trigger, can_read=False, can_admin=False, for_build=False):
       'repository_url': repo_url if can_read else None,
 
       'config': build_trigger.config if can_admin else {},
-      'can_invoke': is_connected_user,
+      'can_invoke': can_admin,
     }
 
     if not for_build and can_admin and trigger.pull_robot:

endpoints/api/trigger.py

@@ -21,7 +21,7 @@ from endpoints.api.build import build_status_view, trigger_view, RepositoryBuild
 from endpoints.building import start_build
 from data import model
 from auth.permissions import (UserAdminPermission, AdministerOrganizationPermission,
-                              ReadRepositoryPermission)
+                              ReadRepositoryPermission, AdministerRepositoryPermission)
 from util.names import parse_robot_username
 from util.dockerfileparse import parse_dockerfile
 
@@ -194,7 +194,7 @@ class BuildTriggerActivate(RepositoryParamResource):
           raise NotFound()
 
         # Make sure the user has administer permissions for the robot's namespace.
-        (robot_namespace, shortname) = parse_robot_username(pull_robot_name)
+        (robot_namespace, _) = parse_robot_username(pull_robot_name)
         if not AdministerOrganizationPermission(robot_namespace).can():
           raise Unauthorized()
 
@@ -480,8 +480,7 @@ class BuildTriggerFieldValues(RepositoryParamResource):
       raise NotFound()
 
     config = request.get_json() or None
-    user_permission = UserAdminPermission(trigger.connected_user.username)
+    if AdministerRepositoryPermission(namespace_name, repo_name).can():
-    if user_permission.can():
       handler = BuildTriggerHandler.get_handler(trigger, config)
       values = handler.list_field_values(field_name, limit=FIELD_VALUE_LIMIT)