New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[JENKINS-46925] add support for custom folder types. #42
Conversation
It looks like the code was mostly working with AbstractFolder however the important Action was looking for types of Folder. This widens the type to AbstractFolder. This is not binary compatable with old code calling FolderConfigiFileAction, but I could not find any occurences in the wild. Any existing configuration should be re-read without issues.
@@ -96,7 +108,7 @@ public ContentType getContentTypeForProvider(String providerId) { | |||
|
|||
@Override | |||
public HttpResponse doSaveConfig(StaplerRequest req) throws IOException, ServletException { | |||
checkPermission(Job.CONFIGURE); | |||
checkPermission(Item.CONFIGURE); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
unrelated - but it is actually defined on Item not Job...
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ideally file this as a separate PR in general, this + the reorganized imports would have made a nice candidate for this, to keep only the gist here and make this more quickly reviewed/mergeable IMO.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah - but I blame eclipse for sorting the stuff when the new import was added. (I did keep the removing unused imports in a different commit at least :-o )
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Eclipse, contrary to IDEA, actually has a view for staging chunks selectively, which anyone should always do with Git :).
Or use git gui
ugly but functional OOTB tool.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I [probably need to start using that again - but I tend to code and then build using command line and then commit in the command line cos well Jenkins extensions and eclipse just gives wired errors :-/
Will leave this to the maintaner as their choice if they want me to rewrite history or leave it as is.
@@ -147,7 +159,7 @@ public void doEditConfig(StaplerRequest req, StaplerResponse rsp, @QueryParamete | |||
|
|||
@Override | |||
public void doAddConfig(StaplerRequest req, StaplerResponse rsp, @QueryParameter("providerId") String providerId, @QueryParameter("configId") String configId) throws IOException, ServletException { | |||
checkPermission(Job.CONFIGURE); | |||
checkPermission(Item.CONFIGURE); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
unrelated - but it is actually defined on Item not Job...
This pull request originates from a CloudBees employee. At CloudBees, we require that all pull requests be reviewed by other CloudBees employees before we seek to have the change accepted. If you want to learn more about our process please see this explanation. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
SecurityContextHolder.setContext(impersonate); | ||
} | ||
} | ||
|
||
return folder.hasPermission(Item.EXTENDED_READ) ? ConfigFilesManagement.ICON_PATH : null; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks like this line needs to make use of hasPerm
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🐝 LGTM
import com.cloudbees.hudson.plugins.folder.AbstractFolder; | ||
|
||
import jenkins.model.TransientActionFactory; | ||
import net.sf.json.JSONObject; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Probably a lot of this could have been not staged, and possibly filed as a separate PR. It's hard to see what is really belonging to that PR and what is just like org.kohsuke.stapler.*
expansion and so on.
@@ -96,7 +108,7 @@ public ContentType getContentTypeForProvider(String providerId) { | |||
|
|||
@Override | |||
public HttpResponse doSaveConfig(StaplerRequest req) throws IOException, ServletException { | |||
checkPermission(Job.CONFIGURE); | |||
checkPermission(Item.CONFIGURE); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ideally file this as a separate PR in general, this + the reorganized imports would have made a nice candidate for this, to keep only the gist here and make this more quickly reviewed/mergeable IMO.
The action was still showing up on projects that could never have configuration added. When you tried to add configuration you would get the User X is missing the Item.Configure permission, but its just not good UX, so hide the action in case System can not configure the thing (ie it can never have config files)
b6420ee
to
21fa629
Compare
return folder; | ||
} | ||
|
||
@Override | ||
public String getIconFileName() { | ||
return folder.hasPermission(Item.EXTENDED_READ) ? ConfigFilesManagement.ICON_PATH : null; | ||
// whilst you may be able to read configuration of a ComputedFolder they are not configurable, so the link should never be shown. | ||
boolean hasPerm = folder.hasPermission(Item.EXTENDED_READ); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This code does not work....
I wonder if it would be better to only show it when you have Item.CONFIGURE || (Item.EXTENDED_READ && hasatLeastOneManagedFile()
)
final SecurityContext impersonate = ACL.impersonate(ACL.SYSTEM); | ||
try { | ||
hasPerm = folder.hasPermission(Item.CONFIGURE); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am not sure I follow this, will not this be always true since you are impersonating as system?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
exactly see my above comment.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
so why even bothering doing it, can you just check Item.EXTENDED_READ
and then hasPerm
is true and you show it. Why do you check configure if hasPerm is already true
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
because you can have extended_read for say a computed folder. but no user can ever have configure for that computed folder - so there can never be any managed files for it - so this was the case I want to not show the Action for. But does not seem to be easily possible so the use case needs to be adapted slightly to only show the action if you can "create new files, or there are some files and you have permission to see their configuration"
this.folder = folder; | ||
} | ||
|
||
public Folder getFolder() { | ||
public AbstractFolder<?> getFolder() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
formally it is a breaking change. But it is reasonable in this case, not the first time. Folders plugin just has confusing class naming
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
called out in the main PR description.
This is not binary compatible with old code calling
FolderConfigiFileAction
, but I could not find any occurrences in the wild.
The previous attempt did not work as SYSTEM always has configure. This approach uses a compromise, only show the action if you have configure permission or, there is one managed file AND you have extended read permission
@daniel-beck issues resolved. |
🐝 |
@reviewbybees done. |
@imod can you take a look, if you are short on time to make a release if the change looks ok I am happy to do the release for you. |
👍 |
@jtnord release done |
@imod thank you. |
JENKINS-46925
It looks like the code was mostly working with
AbstractFolder
however the important Action was looking for types of Folder thus a user was not able to add configuration to those types of jobs. This widens the type toAbstractFolder
.This is not binary compatable with old code calling
FolderConfigiFileAction
, but I could not find any occurrences in the wild.Any existing configuration should be re-read without issues.
and example of these are
jenkins.branch.OrganizationFolder
andorg.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject
(whose parent is not an OrganisationFolder)Generally I think this can be simplified to be any
AbstractFolder
that is not an descendant of aComputedFolder
, which in turn can be simplified to anyAbstractFolder
that can be configured, which is what is implemented in this PR (this is already taken care of in the WorkflowMultiBranchProject ACL.Tested manually with an OrganizationFolder and a MultiBranch project that the config files are present in the UI and can be used in the jobs.
@reviewbybees