Skip to content
Permalink
Browse files

[FIXED JENKINS-21113] Enforce subitem restrictions better.

  • Loading branch information...
jglick committed Dec 20, 2013
1 parent d5a2ea3 commit a54c2cd4793bd4e55772b2cdeed8f2131ba28666
@@ -594,7 +594,17 @@ public void onDeleted(TopLevelItem item) throws IOException {
}

public TopLevelItem doCreateItem(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException {
return mixin.createTopLevelItem(req, rsp);
TopLevelItem nue = mixin.createTopLevelItem(req, rsp);
if (!isAllowedChild(nue)) {
// TODO would be better to intercept it before creation, if mode is set
try {
nue.delete();
} catch (InterruptedException x) {
throw (IOException) new IOException(x.toString()).initCause(x);
}
throw new IOException("forbidden child type");
}
return nue;
}

public synchronized void doCreateView(StaplerRequest req, StaplerResponse rsp)
@@ -647,11 +657,23 @@ public FormValidation doCheckJobName(@QueryParameter String value) {
* Copies an existing {@link TopLevelItem} to into this folder with a new name.
*/
public <T extends TopLevelItem> T copy(T src, String name) throws IOException {
if (!isAllowedChild(src)) {
throw new IOException("forbidden child type");
}
return mixin.copy(src, name);
}

public TopLevelItem createProjectFromXML(String name, InputStream xml) throws IOException {
return mixin.createProjectFromXML(name, xml);
TopLevelItem nue = mixin.createProjectFromXML(name, xml);
if (!isAllowedChild(nue)) {
try {
nue.delete();
} catch (InterruptedException x) {
throw (IOException) new IOException(x.toString()).initCause(x);
}
throw new IOException("forbidden child type");
}
return nue;
}

public <T extends TopLevelItem> T createProject(Class<T> type, String name) throws IOException {
@@ -663,6 +685,9 @@ public TopLevelItem createProject(TopLevelItemDescriptor type, String name) thro
}

public TopLevelItem createProject(TopLevelItemDescriptor type, String name, boolean notify) throws IOException {
if (!isAllowedChildDescriptor(type)) {
throw new IOException("forbidden child type");
}
return mixin.createProject(type, name, notify);
}

@@ -739,6 +764,7 @@ public void doDoRename(StaplerRequest req, StaplerResponse rsp) throws IOExcepti

/**
* Items that can be created in this {@link Folder}.
* @see FolderAddFilter
*/
public List<TopLevelItemDescriptor> getItemDescriptors() {
List<TopLevelItemDescriptor> r = new ArrayList<TopLevelItemDescriptor>();
@@ -0,0 +1,60 @@
/*
* The MIT License
*
* Copyright 2013 Jesse Glick.
*
* Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal
* in the Software without restriction, including without limitation the rights
* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
* copies of the Software, and to permit persons to whom the Software is
* furnished to do so, subject to the following conditions:
*
* The above copyright notice and this permission notice shall be included in
* all copies or substantial portions of the Software.
*
* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/

package com.cloudbees.hudson.plugins.folder;

import hudson.Extension;
import hudson.model.Descriptor;
import hudson.model.DescriptorVisibilityFilter;
import hudson.model.TopLevelItemDescriptor;
import hudson.model.View;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest;

/**
* Restricts additions to a folder via {@code View/newJob.jelly}.
* @see Folder#getItemDescriptors
*/
@Extension public class FolderAddFilter extends DescriptorVisibilityFilter {

@Override public boolean filter(Object context, Descriptor descriptor) {
StaplerRequest req = Stapler.getCurrentRequest();
if (req == null || !req.getRequestURI().endsWith("/newJob")) {
return true;
}
if (!(descriptor instanceof TopLevelItemDescriptor)) {
return true;
}
Folder d;
if (context instanceof Folder) {
d = ((Folder) context);
} else if (context instanceof View && ((View) context).getOwnerItemGroup() instanceof Folder) {
d = (Folder) ((View) context).getOwnerItemGroup();
} else {
return true;
}
return d.isAllowedChildDescriptor((TopLevelItemDescriptor) descriptor);
}

}

0 comments on commit a54c2cd

Please sign in to comment.
You can’t perform that action at this time.