Skip to content
Permalink
Browse files
[FIXED JENKINS-23131] Make CredentialsStore implement AccessControlled
- a525728 already addressed the scoping issue
  • Loading branch information
stephenc committed Dec 18, 2014
1 parent 1d51a48 commit 445667250c9d8f5e7b55a6f0f4da7d70425c28cc
@@ -26,6 +26,8 @@
import com.cloudbees.plugins.credentials.domains.Domain;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.model.ModelObject;
import hudson.security.ACL;
import hudson.security.AccessControlled;
import hudson.security.AccessDeniedException2;
import hudson.security.Permission;
import jenkins.model.Jenkins;
@@ -44,7 +46,7 @@
* @author Stephen Connolly
* @since 1.8
*/
public abstract class CredentialsStore {
public abstract class CredentialsStore implements AccessControlled {

private transient Boolean domainsModifiable;

@@ -88,6 +90,18 @@ public final boolean hasPermission(@NonNull Permission p) {
*/
public abstract boolean hasPermission(@NonNull Authentication a, @NonNull Permission permission);

/** {@inheritDoc} */
public ACL getACL() {
// we really want people to implement this one, but in case of legacy implementations we need to provide
// an effective ACL implementation.
return new ACL() {
@Override
public boolean hasPermission(Authentication a, Permission permission) {
return CredentialsStore.this.hasPermission(a, permission);
}
};
}

/**
* Returns all the {@link com.cloudbees.plugins.credentials.domains.Domain}s that this credential provider has.
* Most implementers of {@link CredentialsStore} will probably want to override this method.
@@ -560,13 +560,17 @@ public ModelObject getContext() {
return Jenkins.getInstance();
}

public ACL getACL() {
return Jenkins.getInstance().getACL();
}

/**
* {@inheritDoc}
*/
@Override
public boolean hasPermission(@NonNull Authentication a, @NonNull Permission permission) {
// we follow the permissions of Jenkins itself
return Jenkins.getInstance().getACL().hasPermission(a, permission);
return getACL().hasPermission(a, permission);
}

/**
@@ -639,6 +643,7 @@ public boolean updateCredentials(@NonNull Domain domain, @NonNull Credentials cu
@NonNull Credentials replacement) throws IOException {
return SystemCredentialsProvider.getInstance().updateCredentials(domain, current, replacement);
}

}

@ExportedBean
@@ -566,6 +566,11 @@ public boolean hasPermission(@NonNull Authentication a, @NonNull Permission perm
return user.equals(User.get(a.getName()));
}

@Override
public ACL getACL() {
return user.getACL();
}

/**
* {@inheritDoc}
*/

0 comments on commit 4456672

Please sign in to comment.