Reverted jelly changes; assert global scope; fixed null Item handling

src/main/java/org/jenkinsci/plugins/graniteclient/GraniteAHCFactory.java

@@ -67,7 +67,7 @@ public final class GraniteAHCFactory extends Descriptor<GraniteAHCFactory>
     private static final Logger LOGGER = Logger.getLogger(GraniteAHCFactory.class.getName());
     private static final TaskListener DEFAULT_LISTENER = new LogTaskListener(LOGGER, Level.INFO);
 
-    private static final long serialVersionUID = 1329103722879551701L;
+    private static final long serialVersionUID = 1329103722879551702L;
     private static final int DEFAULT_TIMEOUT = GraniteClientGlobalConfig.DEFAULT_TIMEOUT;
 
     private String credentialsId;
@@ -146,10 +146,9 @@ public String getDisplayName() {
     }
 
     @RequirePOST
-    public AbstractIdCredentialsListBoxModel doFillCredentialsIdItems(@AncestorInPath Item context,
-                                                                      @QueryParameter("value") String value) {
-        context.checkPermission(Item.CONFIGURE);
-        return GraniteCredentialsListBoxModel.fillItems(value, context);
+    public AbstractIdCredentialsListBoxModel doFillCredentialsIdItems(@QueryParameter("value") String value) {
+        Jenkins.getActiveInstance().checkPermission(Jenkins.ADMINISTER);
+        return GraniteCredentialsListBoxModel.fillItems(value, null);
     }
 
     public Credentials getDefaultCredentials() {

src/main/java/org/jenkinsci/plugins/graniteclient/GraniteCredentialsListBoxModel.java

@@ -34,22 +34,26 @@
 import com.cloudbees.plugins.credentials.Credentials;
 import com.cloudbees.plugins.credentials.CredentialsNameProvider;
 import com.cloudbees.plugins.credentials.CredentialsProvider;
+import com.cloudbees.plugins.credentials.CredentialsScope;
 import com.cloudbees.plugins.credentials.common.AbstractIdCredentialsListBoxModel;
 import com.cloudbees.plugins.credentials.common.IdCredentials;
 import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials;
 import com.cloudbees.plugins.credentials.domains.DomainRequirement;
 import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder;
 import edu.umd.cs.findbugs.annotations.NonNull;
 import hudson.model.Item;
+import hudson.model.Queue;
+import hudson.model.queue.Tasks;
 import hudson.security.ACL;
 import hudson.security.AccessControlled;
+import jenkins.model.Jenkins;
 
 /**
  *
  */
 public class GraniteCredentialsListBoxModel extends AbstractIdCredentialsListBoxModel<GraniteCredentialsListBoxModel, IdCredentials> {
 
-    private static final long serialVersionUID = 6621529150670191090L;
+    private static final long serialVersionUID = 6621529150670191091L;
 
     @NonNull
     @Override
@@ -77,27 +81,44 @@ private static AbstractIdCredentialsListBoxModel fillItems(final String currentV
         AbstractIdCredentialsListBoxModel<GraniteCredentialsListBoxModel, IdCredentials> model =
                 new GraniteCredentialsListBoxModel().withEmptySelection();
 
-        if (context == null || !context.hasPermission(Item.CONFIGURE)) {
+        // when a context is provided (by a job config) but lacks configure permissions
+        // return the existing value
+        if (context != null && !context.hasPermission(Item.CONFIGURE)) {
+            Credentials _credentials = GraniteNamedIdCredentials.getCredentialsById(currentValue);
+            return model.with(GraniteNamedIdCredentials.maybeWrap(_credentials));
+        }
+
+        // when a context is not provided (by global config) but lacks admin permissions
+        // return the existing value
+        if (context == null && !Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER)) {
             Credentials _credentials = GraniteNamedIdCredentials.getCredentialsById(currentValue);
             return model.with(GraniteNamedIdCredentials.maybeWrap(_credentials));
         }
 
         List<SSHUserPrivateKey> keys = CredentialsProvider.lookupCredentials(SSHUserPrivateKey.class,
-                context, ACL.SYSTEM, reqs);
+                context,
+                context instanceof Queue.Task ? Tasks.getAuthenticationOf((Queue.Task) context) : ACL.SYSTEM,
+                reqs);
 
         if (!keys.isEmpty()) {
             for (SSHUserPrivateKey key : keys) {
-                model = model.with(GraniteNamedIdCredentials.wrap(key));
+                if (key.getScope() == CredentialsScope.GLOBAL) {
+                    model = model.with(GraniteNamedIdCredentials.wrap(key));
+                }
             }
         }
 
         List<StandardUsernamePasswordCredentials> basicAuthCredsList =
                 CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class,
-                        context, ACL.SYSTEM, reqs);
+                        context,
+                        context instanceof Queue.Task ? Tasks.getAuthenticationOf((Queue.Task) context) : ACL.SYSTEM,
+                        reqs);
 
         if (!basicAuthCredsList.isEmpty()) {
             for (StandardUsernamePasswordCredentials creds : basicAuthCredsList) {
-                model = model.with(GraniteNamedIdCredentials.wrap(creds));
+                if (creds.getScope() == CredentialsScope.GLOBAL) {
+                    model = model.with(GraniteNamedIdCredentials.wrap(creds));
+                }
             }
         }
 

src/main/java/org/jenkinsci/plugins/graniteclient/GraniteNamedIdCredentials.java

@@ -289,7 +289,8 @@ private CredentialsIdMatcher(String credentialsId) {
         }
 
         public boolean matches(@NonNull Credentials item) {
-            if (credentialsId != null && !credentialsId.isEmpty()) {
+            if ((item.getScope() == CredentialsScope.GLOBAL)
+                    && credentialsId != null && !credentialsId.isEmpty()) {
                 if (item instanceof SSHUserPrivateKey) {
                     return credentialsId.equals(((SSHUserPrivateKey) item).getId());
                 } else if (item instanceof IdCredentials) {

src/main/resources/org/jenkinsci/plugins/graniteclient/BuildPackageBuilder/config.jelly

@@ -54,7 +54,7 @@
 
     <f:advanced title="Connection Options">
         <f:entry title="Credentials" field="credentialsId">
-            <creds:select checkMethod="post"/>
+            <creds:select/>
         </f:entry>
 
         <f:validateButton

src/main/resources/org/jenkinsci/plugins/graniteclient/DeployPackagesBuilder/config.jelly

@@ -69,7 +69,7 @@
     <f:advanced title="Connection Options">
 
         <f:entry title="Credentials" field="credentialsId">
-            <creds:select checkMethod="post"/>
+            <creds:select/>
         </f:entry>
 
         <f:validateButton

src/main/resources/org/jenkinsci/plugins/graniteclient/DownloadPackagesBuilder/config.jelly

@@ -51,7 +51,7 @@
     <f:advanced title="Connection Options">
 
         <f:entry title="Credentials" field="credentialsId">
-            <creds:select checkMethod="post"/>
+            <creds:select/>
         </f:entry>
 
         <f:validateButton

src/main/resources/org/jenkinsci/plugins/graniteclient/GraniteAHCFactory/global.jelly

@@ -30,7 +30,7 @@
     <f:section title="CRX Content Package Deployer - HTTP Client" name="GraniteAHCFactory">
 
         <f:entry title="Default Credentials" field="credentialsId">
-            <creds:select checkMethod="post"/>
+            <creds:select/>
         </f:entry>
 
         <f:entry title="Preempt Login Base URL Patterns" field="preemptLoginForBaseUrls">

src/main/resources/org/jenkinsci/plugins/graniteclient/PackageChoiceParameterDefinition/config.jelly

@@ -68,7 +68,7 @@
     <f:advanced title="Connection Options">
 
         <f:entry title="Credentials" field="credentialsId">
-            <creds:select checkMethod="post"/>
+            <creds:select/>
         </f:entry>
 
         <f:validateButton

src/main/resources/org/jenkinsci/plugins/graniteclient/ReplicatePackagesBuilder/config.jelly

@@ -43,7 +43,7 @@
     <f:advanced title="Connection Options">
 
         <f:entry title="Credentials" field="credentialsId">
-            <creds:select checkMethod="post"/>
+            <creds:select/>
         </f:entry>
 
         <f:validateButton