Fix job retry permissions to prevent bypassing stages by retrying
Summary
Users can run jobs out of order by cancelling the pipeline and manually running the jobs they want. This lets the users bypass any jobs that act as quality/validation checks which removes the guard-rails we put in place.
This is a continuation from https://gitlab.com/gitlab-org/gitlab-ce/issues/53064 in which we deal with the frontend aspect of this. This issue is for resolving it in the API and correcting the policy that allows this bypass.
Steps to reproduce
- Cancel pipeline
- Click retry on later jobs in pipeline.
What is the current bug behavior?
Canceled pipelines don't properly enforce that jobs can't run unless the previous stages succeeded
What is the expected correct behavior?
Jobs will not be runnable if the previous jobs didn't succeed, even if the pipeline is canceled.
Possible fixes
When a job is executed on a canceled pipeline, verify that the previous stages succeeded.