Skip to content

Commit

Permalink
Suppress modify permissions in OrganizationFolder when it is a direct…
Browse files Browse the repository at this point in the history 
… child of a ComputedFolder.
  • Loading branch information
@awittha
awittha committed Mar 27, 2019
1 parent 196795e commit 2dd56e1
Showing 1 changed file with 75 additions and 37 deletions.
112 changes: 75 additions & 37 deletions src/main/java/jenkins/branch/OrganizationFolder.java
View file
Expand Up @@ -24,7 +24,43 @@

package jenkins.branch;

import antlr.ANTLRException;
import static jenkins.scm.api.SCMEvent.Type.CREATED;
import static jenkins.scm.api.SCMEvent.Type.UPDATED;

import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;

import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.servlet.ServletException;

import org.acegisecurity.AccessDeniedException;
import org.acegisecurity.Authentication;
import org.apache.commons.io.Charsets;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.jenkins.ui.icon.Icon;
import org.jenkins.ui.icon.IconSet;
import org.jenkins.ui.icon.IconSpec;
import org.jvnet.localizer.LocaleProvider;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;

import com.cloudbees.hudson.plugins.folder.AbstractFolderDescriptor;
import com.cloudbees.hudson.plugins.folder.ChildNameGenerator;
import com.cloudbees.hudson.plugins.folder.FolderIcon;
Expand All @@ -35,7 +71,10 @@
import com.cloudbees.hudson.plugins.folder.computed.FolderComputation;
import com.cloudbees.hudson.plugins.folder.computed.PeriodicFolderTrigger;
import com.cloudbees.hudson.plugins.folder.views.AbstractFolderViewHolder;
import com.google.common.collect.ImmutableSet;
import com.thoughtworks.xstream.XStreamException;

import antlr.ANTLRException;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.BulkChange;
import hudson.Extension;
Expand All @@ -56,26 +95,10 @@
import hudson.model.TopLevelItem;
import hudson.model.View;
import hudson.model.listeners.SaveableListener;
import hudson.security.ACL;
import hudson.security.Permission;
import hudson.util.DescribableList;
import hudson.util.StreamTaskListener;
import java.io.File;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.TimeUnit;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.servlet.ServletException;
import jenkins.model.Jenkins;
import jenkins.model.TransientActionFactory;
import jenkins.scm.api.SCMEvent;
Expand All @@ -94,21 +117,6 @@
import jenkins.scm.api.metadata.ObjectMetadataAction;
import jenkins.scm.impl.SingleSCMNavigator;
import jenkins.scm.impl.UncategorizedSCMSourceCategory;
import org.acegisecurity.AccessDeniedException;
import org.apache.commons.io.Charsets;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.jenkins.ui.icon.Icon;
import org.jenkins.ui.icon.IconSet;
import org.jenkins.ui.icon.IconSpec;
import org.jvnet.localizer.LocaleProvider;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;
import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse;

import static jenkins.scm.api.SCMEvent.Type.CREATED;
import static jenkins.scm.api.SCMEvent.Type.UPDATED;

/**
* A folder-like collection of {@link MultiBranchProject}s, one per repository.
Expand Down Expand Up @@ -628,6 +636,33 @@ public String getDisplayName() {
return super.getDisplayName();
}

/**
* {@inheritDoc}
*/
@Override
public ACL getACL() {
final ACL acl = super.getACL();
if (getParent() instanceof ComputedFolder<?>) {
return new ACL() {
@Override
public boolean hasPermission(Authentication a, Permission permission) {
if (ACL.SYSTEM.equals(a)) {
return true;
} else if (SUPPRESSED_PERMISSIONS.contains(permission)) {
return false;
} else {
return acl.hasPermission(a, permission);
}
}
};
} else {
return acl;
}
}

private static final Set<Permission> SUPPRESSED_PERMISSIONS =
ImmutableSet.of(Item.CONFIGURE, Item.DELETE, View.CONFIGURE, View.CREATE, View.DELETE);

/**
* Our descriptor
*/
Expand Down Expand Up @@ -665,7 +700,8 @@ public TopLevelItem newInstance(ItemGroup parent, String name) {
*
* @return A string with the category identifier. {@code TopLevelItemDescriptor#getCategoryId()}
*/
//@Override TODO once baseline is 2.x
@Override
//@Override TODO once baseline is 2.x
@NonNull
public String getCategoryId() {
return "nested-projects";
Expand All @@ -676,7 +712,8 @@ public String getCategoryId() {
*
* @return A string with the description. {@code TopLevelItemDescriptor#getDescription()}.
*/
//@Override TODO once baseline is 2.x
@Override
//@Override TODO once baseline is 2.x
@NonNull
public String getDescription() {
if (Jenkins.getActiveInstance().getInitLevel().compareTo(InitMilestone.EXTENSIONS_AUGMENTED) > 0) {
Expand All @@ -696,7 +733,8 @@ public String getDescription() {
}

//@Override TODO once baseline is 2.x
public String getIconFilePathPattern() {
@Override
public String getIconFilePathPattern() {
List<SCMNavigatorDescriptor> descriptors =
remove(ExtensionList.lookup(SCMNavigatorDescriptor.class),
SingleSCMNavigator.DescriptorImpl.class);
Expand Down

0 comments on commit 2dd56e1

Please sign in to comment.