Skip to content

Commit

Permalink
[SECURITY-2309]
Browse files Browse the repository at this point in the history
  • Loading branch information
horodchukanton committed Apr 16, 2021
1 parent fe6308b commit 597cbb1
Showing 1 changed file with 23 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@
import hudson.model.Action;
import hudson.model.Cause;
import hudson.model.CauseAction;
import hudson.model.Item;
import hudson.model.Job;
import hudson.model.ParameterDefinition;
import hudson.model.ParameterValue;
Expand Down Expand Up @@ -73,6 +74,28 @@ public void doBuild(StaplerRequest req, StaplerResponse rsp
// @QueryParameter("value") final String value,
// JSONObject formData
) throws IOException, ServletException {

if (!project.hasPermission(Item.BUILD)){
String message = String.format(
"User is not authorized to queue builds for project '%s'", project.getDisplayName()
);

JSONObject responseObject = new JSONObject();

rsp.setStatus(403);
responseObject.put("status", "fail");
responseObject.put("reason", message);

OutputStream out = rsp.getOutputStream();
String responseString = responseObject.toString();
byte[] responseBytes = responseString.getBytes("UTF-8");
rsp.setContentLength(responseBytes.length);
out.write(responseBytes);
out.flush();

return;
}

rsp.setStatus(201);
// ServletInputStream is = req.getInputStream();
BufferedReader br = req.getReader();
Expand Down

0 comments on commit 597cbb1

Please sign in to comment.