From f6fba3e644c46dca0f2febeb6f361694d34f091b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Antonio=20Mu=C3=B1iz?= Date: Mon, 13 May 2024 14:11:59 +0200 Subject: [PATCH] [JENKINS-73163] Follow up on Overall/Manage permission support In #378 some features were left out, but I see now that they are all part of the same global configuration section. So it does not make sense to leave them behind. They all require Overall/Manage now (instead of Administer). --- .../plugins/github/config/GitHubPluginConfig.java | 12 ++++++++++-- .../plugins/github/config/GitHubServerConfig.java | 9 +++++++++ .../github/config/GitHubTokenCredentialsCreator.java | 6 +++--- .../plugins/github/config/HookSecretConfig.java | 8 ++++++++ 4 files changed, 30 insertions(+), 5 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/github/config/GitHubPluginConfig.java b/src/main/java/org/jenkinsci/plugins/github/config/GitHubPluginConfig.java index c4eb51cfb..020159987 100644 --- a/src/main/java/org/jenkinsci/plugins/github/config/GitHubPluginConfig.java +++ b/src/main/java/org/jenkinsci/plugins/github/config/GitHubPluginConfig.java @@ -4,11 +4,13 @@ import com.google.common.base.Function; import com.google.common.base.Predicate; import com.google.common.base.Predicates; +import edu.umd.cs.findbugs.annotations.NonNull; import hudson.Extension; import hudson.Util; import hudson.XmlFile; import hudson.model.Descriptor; import hudson.model.Item; +import hudson.security.Permission; import hudson.util.FormValidation; import jenkins.model.GlobalConfiguration; import jenkins.model.Jenkins; @@ -212,7 +214,7 @@ public String getDisplayName() { @SuppressWarnings("unused") @RequirePOST public FormValidation doReRegister() { - Jenkins.getActiveInstance().checkPermission(Jenkins.ADMINISTER); + Jenkins.getActiveInstance().checkPermission(Jenkins.MANAGE); if (!GitHubPlugin.configuration().isManageHooks()) { return FormValidation.warning("Works only when Jenkins manages hooks (one or more creds specified)"); } @@ -227,7 +229,7 @@ public FormValidation doReRegister() { @Restricted(DoNotUse.class) // WebOnly @SuppressWarnings("unused") public FormValidation doCheckHookUrl(@QueryParameter String value) { - Jenkins.getActiveInstance().checkPermission(Jenkins.ADMINISTER); + Jenkins.getActiveInstance().checkPermission(Jenkins.MANAGE); try { HttpURLConnection con = (HttpURLConnection) new URL(value).openConnection(); con.setRequestMethod("POST"); @@ -317,4 +319,10 @@ private URL parseHookUrl(String hookUrl) { return null; } } + + @NonNull + @Override + public Permission getRequiredGlobalConfigPagePermission() { + return Jenkins.MANAGE; + } } diff --git a/src/main/java/org/jenkinsci/plugins/github/config/GitHubServerConfig.java b/src/main/java/org/jenkinsci/plugins/github/config/GitHubServerConfig.java index c0ed535cf..9fed6de8d 100644 --- a/src/main/java/org/jenkinsci/plugins/github/config/GitHubServerConfig.java +++ b/src/main/java/org/jenkinsci/plugins/github/config/GitHubServerConfig.java @@ -14,6 +14,7 @@ import hudson.model.AbstractDescribableImpl; import hudson.model.Descriptor; import hudson.security.ACL; +import hudson.security.Permission; import hudson.util.FormValidation; import hudson.util.ListBoxModel; import hudson.util.Secret; @@ -345,6 +346,12 @@ public String getDisplayName() { return "GitHub Server"; } + @NonNull + @Override + public Permission getRequiredGlobalConfigPagePermission() { + return Jenkins.MANAGE; + } + @SuppressWarnings("unused") public ListBoxModel doFillCredentialsIdItems(@QueryParameter String apiUrl, @QueryParameter String credentialsId) { @@ -419,4 +426,6 @@ protected GitHub applyNullSafe(@NonNull GitHubServerConfig github) { return github.getCachedClient(); } } + + } diff --git a/src/main/java/org/jenkinsci/plugins/github/config/GitHubTokenCredentialsCreator.java b/src/main/java/org/jenkinsci/plugins/github/config/GitHubTokenCredentialsCreator.java index 60f5c9d26..38cbb73ed 100644 --- a/src/main/java/org/jenkinsci/plugins/github/config/GitHubTokenCredentialsCreator.java +++ b/src/main/java/org/jenkinsci/plugins/github/config/GitHubTokenCredentialsCreator.java @@ -92,7 +92,7 @@ public String getDisplayName() { @SuppressWarnings("unused") public ListBoxModel doFillCredentialsIdItems(@QueryParameter String apiUrl, @QueryParameter String credentialsId) { - if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) { + if (!Jenkins.getInstance().hasPermission(Jenkins.MANAGE)) { return new StandardUsernameListBoxModel().includeCurrentValue(credentialsId); } return new StandardUsernameListBoxModel() @@ -118,7 +118,7 @@ public ListBoxModel doFillCredentialsIdItems(@QueryParameter String apiUrl, @Que public FormValidation doCreateTokenByCredentials( @QueryParameter String apiUrl, @QueryParameter String credentialsId) { - Jenkins.getActiveInstance().checkPermission(Jenkins.ADMINISTER); + Jenkins.getActiveInstance().checkPermission(Jenkins.MANAGE); if (isEmpty(credentialsId)) { return FormValidation.error("Please specify credentials to create token"); } @@ -167,7 +167,7 @@ public FormValidation doCreateTokenByPassword( @QueryParameter String apiUrl, @QueryParameter String login, @QueryParameter String password) { - Jenkins.getActiveInstance().checkPermission(Jenkins.ADMINISTER); + Jenkins.getActiveInstance().checkPermission(Jenkins.MANAGE); try { GHAuthorization token = createToken(login, password, defaultIfBlank(apiUrl, GITHUB_URL)); StandardCredentials credentials = createCredentials(apiUrl, token.getToken(), login); diff --git a/src/main/java/org/jenkinsci/plugins/github/config/HookSecretConfig.java b/src/main/java/org/jenkinsci/plugins/github/config/HookSecretConfig.java index 6c45e5d00..248348907 100644 --- a/src/main/java/org/jenkinsci/plugins/github/config/HookSecretConfig.java +++ b/src/main/java/org/jenkinsci/plugins/github/config/HookSecretConfig.java @@ -3,10 +3,12 @@ import com.cloudbees.plugins.credentials.CredentialsMatchers; import com.cloudbees.plugins.credentials.common.StandardListBoxModel; import com.cloudbees.plugins.credentials.domains.DomainRequirement; +import edu.umd.cs.findbugs.annotations.NonNull; import hudson.Extension; import hudson.model.AbstractDescribableImpl; import hudson.model.Descriptor; import hudson.security.ACL; +import hudson.security.Permission; import hudson.util.ListBoxModel; import hudson.util.Secret; import jenkins.model.Jenkins; @@ -76,5 +78,11 @@ public ListBoxModel doFillCredentialsIdItems(@QueryParameter String credentialsI CredentialsMatchers.always() ); } + + @NonNull + @Override + public Permission getRequiredGlobalConfigPagePermission() { + return Jenkins.MANAGE; + } } }