Skip to content

Commit

Permalink
TW-85499 - added access check to request for S3 specific resources
Browse files Browse the repository at this point in the history
  • Loading branch information
dmitrii.kirkhmeier committed Dec 14, 2023
1 parent ab732e9 commit 8d620ce
Showing 1 changed file with 12 additions and 5 deletions.
17 changes: 12 additions & 5 deletions ...age-server/src/main/java/jetbrains/buildServer/artifacts/s3/web/S3SettingsController.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,6 +34,7 @@
import jetbrains.buildServer.serverSide.ProjectManager;
import jetbrains.buildServer.serverSide.SProject;
import jetbrains.buildServer.serverSide.ServerPaths;
import jetbrains.buildServer.serverSide.auth.AccessChecker;
import jetbrains.buildServer.serverSide.connections.credentials.ConnectionCredentialsException;
import jetbrains.buildServer.web.openapi.PluginDescriptor;
import jetbrains.buildServer.web.openapi.WebControllerManager;
Expand All @@ -51,14 +52,17 @@ public class S3SettingsController extends BaseFormXmlController {
private final Map<String, S3ClientResourceFetcher> myHandlers = new HashMap<>();
private final ServerPaths myServerPaths;
private final ProjectManager myProjectManager;
@NotNull private final AccessChecker myAccessChecker;

public S3SettingsController(@NotNull final WebControllerManager manager,
@NotNull final PluginDescriptor descriptor,
@NotNull final ServerPaths serverPaths,
@NotNull final AmazonS3Provider amazonS3Provider,
@NotNull final ProjectManager projectManager) {
@NotNull final ProjectManager projectManager,
@NotNull final AccessChecker accessChecker) {
myServerPaths = serverPaths;
myProjectManager = projectManager;
myAccessChecker = accessChecker;
final String path = descriptor.getPluginResourcesPath(S3Constants.S3_SETTINGS_PATH + ".html");
manager.registerController(path, this);
myHandlers.put("buckets", new ListBucketsResourceFetcher(amazonS3Provider));
Expand Down Expand Up @@ -92,8 +96,11 @@ protected void doPost(@NotNull final HttpServletRequest request,
errors.addError("resource", "Invalid request: unsupported resource " + resource);
} else {
try {
final String projectId = getInternalProjectId(request);
xmlResponse.addContent(IOGuard.allowNetworkCall(() -> handler.fetchAsElement(parameters, projectId)));
final SProject project = getProject(request);

myAccessChecker.checkCanEditProject(project);

xmlResponse.addContent(IOGuard.allowNetworkCall(() -> handler.fetchAsElement(parameters, project.getProjectId())));
} catch (ConnectionCredentialsException e) {
LOG.warn("Failed to get content", e);
String errorMessage = getUiFriendlyErrorMessage(e);
Expand Down Expand Up @@ -193,7 +200,7 @@ private Map<String, String> getProperties(final HttpServletRequest request) {
}

@NotNull
private String getInternalProjectId(@NotNull final HttpServletRequest request) throws ConnectionCredentialsException {
private SProject getProject(@NotNull final HttpServletRequest request) throws ConnectionCredentialsException {
String externalProjectId = request.getParameter(PROJECT_ID_PARAM);
if (externalProjectId == null) {
String errMsg = "Invalid request: projectId parameter was not set";
Expand All @@ -206,6 +213,6 @@ private String getInternalProjectId(@NotNull final HttpServletRequest request) t
throw new ConnectionCredentialsException(errMsg);
}

return project.getProjectId();
return project;
}
}

0 comments on commit 8d620ce

Please sign in to comment.