From 06cd0e7e1b3f2fb87b3fa332ee1da710ca94b8e1 Mon Sep 17 00:00:00 2001 From: Mark Adamcin Date: Wed, 2 Oct 2019 10:12:12 -0700 Subject: [PATCH] Reverted jelly changes; assert global scope; fixed null Item handling --- .../graniteclient/GraniteAHCFactory.java | 9 +++-- .../GraniteCredentialsListBoxModel.java | 33 +++++++++++++++---- .../GraniteNamedIdCredentials.java | 3 +- .../BuildPackageBuilder/config.jelly | 2 +- .../DeployPackagesBuilder/config.jelly | 2 +- .../DownloadPackagesBuilder/config.jelly | 2 +- .../GraniteAHCFactory/global.jelly | 2 +- .../config.jelly | 2 +- .../ReplicatePackagesBuilder/config.jelly | 2 +- 9 files changed, 39 insertions(+), 18 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/graniteclient/GraniteAHCFactory.java b/src/main/java/org/jenkinsci/plugins/graniteclient/GraniteAHCFactory.java index ec5d04a..571d604 100644 --- a/src/main/java/org/jenkinsci/plugins/graniteclient/GraniteAHCFactory.java +++ b/src/main/java/org/jenkinsci/plugins/graniteclient/GraniteAHCFactory.java @@ -67,7 +67,7 @@ public final class GraniteAHCFactory extends Descriptor private static final Logger LOGGER = Logger.getLogger(GraniteAHCFactory.class.getName()); private static final TaskListener DEFAULT_LISTENER = new LogTaskListener(LOGGER, Level.INFO); - private static final long serialVersionUID = 1329103722879551701L; + private static final long serialVersionUID = 1329103722879551702L; private static final int DEFAULT_TIMEOUT = GraniteClientGlobalConfig.DEFAULT_TIMEOUT; private String credentialsId; @@ -146,10 +146,9 @@ public String getDisplayName() { } @RequirePOST - public AbstractIdCredentialsListBoxModel doFillCredentialsIdItems(@AncestorInPath Item context, - @QueryParameter("value") String value) { - context.checkPermission(Item.CONFIGURE); - return GraniteCredentialsListBoxModel.fillItems(value, context); + public AbstractIdCredentialsListBoxModel doFillCredentialsIdItems(@QueryParameter("value") String value) { + Jenkins.getActiveInstance().checkPermission(Jenkins.ADMINISTER); + return GraniteCredentialsListBoxModel.fillItems(value, null); } public Credentials getDefaultCredentials() { diff --git a/src/main/java/org/jenkinsci/plugins/graniteclient/GraniteCredentialsListBoxModel.java b/src/main/java/org/jenkinsci/plugins/graniteclient/GraniteCredentialsListBoxModel.java index 09a885a..ea98248 100644 --- a/src/main/java/org/jenkinsci/plugins/graniteclient/GraniteCredentialsListBoxModel.java +++ b/src/main/java/org/jenkinsci/plugins/graniteclient/GraniteCredentialsListBoxModel.java @@ -34,6 +34,7 @@ import com.cloudbees.plugins.credentials.Credentials; import com.cloudbees.plugins.credentials.CredentialsNameProvider; import com.cloudbees.plugins.credentials.CredentialsProvider; +import com.cloudbees.plugins.credentials.CredentialsScope; import com.cloudbees.plugins.credentials.common.AbstractIdCredentialsListBoxModel; import com.cloudbees.plugins.credentials.common.IdCredentials; import com.cloudbees.plugins.credentials.common.StandardUsernamePasswordCredentials; @@ -41,15 +42,18 @@ import com.cloudbees.plugins.credentials.domains.URIRequirementBuilder; import edu.umd.cs.findbugs.annotations.NonNull; import hudson.model.Item; +import hudson.model.Queue; +import hudson.model.queue.Tasks; import hudson.security.ACL; import hudson.security.AccessControlled; +import jenkins.model.Jenkins; /** * */ public class GraniteCredentialsListBoxModel extends AbstractIdCredentialsListBoxModel { - private static final long serialVersionUID = 6621529150670191090L; + private static final long serialVersionUID = 6621529150670191091L; @NonNull @Override @@ -77,27 +81,44 @@ private static AbstractIdCredentialsListBoxModel fillItems(final String currentV AbstractIdCredentialsListBoxModel model = new GraniteCredentialsListBoxModel().withEmptySelection(); - if (context == null || !context.hasPermission(Item.CONFIGURE)) { + // when a context is provided (by a job config) but lacks configure permissions + // return the existing value + if (context != null && !context.hasPermission(Item.CONFIGURE)) { + Credentials _credentials = GraniteNamedIdCredentials.getCredentialsById(currentValue); + return model.with(GraniteNamedIdCredentials.maybeWrap(_credentials)); + } + + // when a context is not provided (by global config) but lacks admin permissions + // return the existing value + if (context == null && !Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER)) { Credentials _credentials = GraniteNamedIdCredentials.getCredentialsById(currentValue); return model.with(GraniteNamedIdCredentials.maybeWrap(_credentials)); } List keys = CredentialsProvider.lookupCredentials(SSHUserPrivateKey.class, - context, ACL.SYSTEM, reqs); + context, + context instanceof Queue.Task ? Tasks.getAuthenticationOf((Queue.Task) context) : ACL.SYSTEM, + reqs); if (!keys.isEmpty()) { for (SSHUserPrivateKey key : keys) { - model = model.with(GraniteNamedIdCredentials.wrap(key)); + if (key.getScope() == CredentialsScope.GLOBAL) { + model = model.with(GraniteNamedIdCredentials.wrap(key)); + } } } List basicAuthCredsList = CredentialsProvider.lookupCredentials(StandardUsernamePasswordCredentials.class, - context, ACL.SYSTEM, reqs); + context, + context instanceof Queue.Task ? Tasks.getAuthenticationOf((Queue.Task) context) : ACL.SYSTEM, + reqs); if (!basicAuthCredsList.isEmpty()) { for (StandardUsernamePasswordCredentials creds : basicAuthCredsList) { - model = model.with(GraniteNamedIdCredentials.wrap(creds)); + if (creds.getScope() == CredentialsScope.GLOBAL) { + model = model.with(GraniteNamedIdCredentials.wrap(creds)); + } } } diff --git a/src/main/java/org/jenkinsci/plugins/graniteclient/GraniteNamedIdCredentials.java b/src/main/java/org/jenkinsci/plugins/graniteclient/GraniteNamedIdCredentials.java index 6606e3d..e1d3a63 100644 --- a/src/main/java/org/jenkinsci/plugins/graniteclient/GraniteNamedIdCredentials.java +++ b/src/main/java/org/jenkinsci/plugins/graniteclient/GraniteNamedIdCredentials.java @@ -289,7 +289,8 @@ private CredentialsIdMatcher(String credentialsId) { } public boolean matches(@NonNull Credentials item) { - if (credentialsId != null && !credentialsId.isEmpty()) { + if ((item.getScope() == CredentialsScope.GLOBAL) + && credentialsId != null && !credentialsId.isEmpty()) { if (item instanceof SSHUserPrivateKey) { return credentialsId.equals(((SSHUserPrivateKey) item).getId()); } else if (item instanceof IdCredentials) { diff --git a/src/main/resources/org/jenkinsci/plugins/graniteclient/BuildPackageBuilder/config.jelly b/src/main/resources/org/jenkinsci/plugins/graniteclient/BuildPackageBuilder/config.jelly index e2278a5..8f56f17 100644 --- a/src/main/resources/org/jenkinsci/plugins/graniteclient/BuildPackageBuilder/config.jelly +++ b/src/main/resources/org/jenkinsci/plugins/graniteclient/BuildPackageBuilder/config.jelly @@ -54,7 +54,7 @@ - + - + - + - + diff --git a/src/main/resources/org/jenkinsci/plugins/graniteclient/PackageChoiceParameterDefinition/config.jelly b/src/main/resources/org/jenkinsci/plugins/graniteclient/PackageChoiceParameterDefinition/config.jelly index c54df81..3cc3fa0 100644 --- a/src/main/resources/org/jenkinsci/plugins/graniteclient/PackageChoiceParameterDefinition/config.jelly +++ b/src/main/resources/org/jenkinsci/plugins/graniteclient/PackageChoiceParameterDefinition/config.jelly @@ -68,7 +68,7 @@ - + - +