Skip to content

Commit

Permalink
Merge pull request #379 from amuniz/JENKINS-73163
Browse files Browse the repository at this point in the history
[JENKINS-73163] Follow up on Overall/Manage permission support
  • Loading branch information
KostyaSha authored May 13, 2024
2 parents c6481b4 + 3ce945b commit 57e76cb
Show file tree
Hide file tree
Showing 4 changed files with 30 additions and 5 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,13 @@
import com.google.common.base.Function;
import com.google.common.base.Predicate;
import com.google.common.base.Predicates;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.Util;
import hudson.XmlFile;
import hudson.model.Descriptor;
import hudson.model.Item;
import hudson.security.Permission;
import hudson.util.FormValidation;
import jenkins.model.GlobalConfiguration;
import jenkins.model.Jenkins;
Expand Down Expand Up @@ -212,7 +214,7 @@ public String getDisplayName() {
@SuppressWarnings("unused")
@RequirePOST
public FormValidation doReRegister() {
Jenkins.getActiveInstance().checkPermission(Jenkins.ADMINISTER);
Jenkins.getActiveInstance().checkPermission(Jenkins.MANAGE);

Check warning on line 217 in src/main/java/org/jenkinsci/plugins/github/config/GitHubPluginConfig.java

View check run for this annotation

ci.jenkins.io / Code Coverage

Not covered line

Line 217 is not covered by tests
if (!GitHubPlugin.configuration().isManageHooks()) {
return FormValidation.warning("Works only when Jenkins manages hooks (one or more creds specified)");
}
Expand All @@ -227,7 +229,7 @@ public FormValidation doReRegister() {
@Restricted(DoNotUse.class) // WebOnly
@SuppressWarnings("unused")
public FormValidation doCheckHookUrl(@QueryParameter String value) {
Jenkins.getActiveInstance().checkPermission(Jenkins.ADMINISTER);
Jenkins.getActiveInstance().checkPermission(Jenkins.MANAGE);
try {
HttpURLConnection con = (HttpURLConnection) new URL(value).openConnection();
con.setRequestMethod("POST");
Expand Down Expand Up @@ -317,4 +319,10 @@ private URL parseHookUrl(String hookUrl) {
return null;
}
}

@NonNull
@Override
public Permission getRequiredGlobalConfigPagePermission() {
return Jenkins.MANAGE;
}
}
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,7 @@
import hudson.model.AbstractDescribableImpl;
import hudson.model.Descriptor;
import hudson.security.ACL;
import hudson.security.Permission;
import hudson.util.FormValidation;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
Expand Down Expand Up @@ -345,6 +346,12 @@ public String getDisplayName() {
return "GitHub Server";
}

@NonNull
@Override
public Permission getRequiredGlobalConfigPagePermission() {
return Jenkins.MANAGE;

Check warning on line 352 in src/main/java/org/jenkinsci/plugins/github/config/GitHubServerConfig.java

View check run for this annotation

ci.jenkins.io / Code Coverage

Not covered line

Line 352 is not covered by tests
}

@SuppressWarnings("unused")
public ListBoxModel doFillCredentialsIdItems(@QueryParameter String apiUrl,
@QueryParameter String credentialsId) {
Expand Down Expand Up @@ -419,4 +426,6 @@ protected GitHub applyNullSafe(@NonNull GitHubServerConfig github) {
return github.getCachedClient();
}
}


}
Original file line number Diff line number Diff line change
Expand Up @@ -92,7 +92,7 @@ public String getDisplayName() {

@SuppressWarnings("unused")
public ListBoxModel doFillCredentialsIdItems(@QueryParameter String apiUrl, @QueryParameter String credentialsId) {
if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) {
if (!Jenkins.getInstance().hasPermission(Jenkins.MANAGE)) {
return new StandardUsernameListBoxModel().includeCurrentValue(credentialsId);
}
return new StandardUsernameListBoxModel()
Expand All @@ -118,7 +118,7 @@ public ListBoxModel doFillCredentialsIdItems(@QueryParameter String apiUrl, @Que
public FormValidation doCreateTokenByCredentials(
@QueryParameter String apiUrl,
@QueryParameter String credentialsId) {
Jenkins.getActiveInstance().checkPermission(Jenkins.ADMINISTER);
Jenkins.getActiveInstance().checkPermission(Jenkins.MANAGE);
if (isEmpty(credentialsId)) {
return FormValidation.error("Please specify credentials to create token");
}
Expand Down Expand Up @@ -167,7 +167,7 @@ public FormValidation doCreateTokenByPassword(
@QueryParameter String apiUrl,
@QueryParameter String login,
@QueryParameter String password) {
Jenkins.getActiveInstance().checkPermission(Jenkins.ADMINISTER);
Jenkins.getActiveInstance().checkPermission(Jenkins.MANAGE);

Check warning on line 170 in src/main/java/org/jenkinsci/plugins/github/config/GitHubTokenCredentialsCreator.java

View check run for this annotation

ci.jenkins.io / Code Coverage

Not covered lines

Lines 95-170 are not covered by tests
try {
GHAuthorization token = createToken(login, password, defaultIfBlank(apiUrl, GITHUB_URL));
StandardCredentials credentials = createCredentials(apiUrl, token.getToken(), login);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -3,10 +3,12 @@
import com.cloudbees.plugins.credentials.CredentialsMatchers;
import com.cloudbees.plugins.credentials.common.StandardListBoxModel;
import com.cloudbees.plugins.credentials.domains.DomainRequirement;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.Extension;
import hudson.model.AbstractDescribableImpl;
import hudson.model.Descriptor;
import hudson.security.ACL;
import hudson.security.Permission;
import hudson.util.ListBoxModel;
import hudson.util.Secret;
import jenkins.model.Jenkins;
Expand Down Expand Up @@ -76,5 +78,11 @@ public ListBoxModel doFillCredentialsIdItems(@QueryParameter String credentialsI
CredentialsMatchers.always()
);
}

@NonNull
@Override
public Permission getRequiredGlobalConfigPagePermission() {
return Jenkins.MANAGE;

Check warning on line 85 in src/main/java/org/jenkinsci/plugins/github/config/HookSecretConfig.java

View check run for this annotation

ci.jenkins.io / Code Coverage

Not covered line

Line 85 is not covered by tests
}
}
}

0 comments on commit 57e76cb

Please sign in to comment.