Skip to content
Permalink
Browse files
[FIX JENKINS-7874] Autocomplete admin links only when admin
  • Loading branch information
daniel-beck committed Jan 2, 2017
1 parent 499eadb commit 250ce5b22a43523a13957b3adf26bbfee23e6cce
Showing with 52 additions and 26 deletions.
  1. +29 −26 core/src/main/java/jenkins/model/Jenkins.java
  2. +23 −0 test/src/test/java/hudson/search/SearchTest.java
@@ -2241,32 +2241,35 @@ public String getSearchUrl() {

@Override
public SearchIndexBuilder makeSearchIndex() {
return super.makeSearchIndex()
.add("configure", "config","configure")
.add("manage")
.add("log")
.add(new CollectionSearchIndex<TopLevelItem>() {
protected SearchItem get(String key) { return getItemByFullName(key, TopLevelItem.class); }
protected Collection<TopLevelItem> all() { return getAllItems(TopLevelItem.class); }
@Nonnull
@Override
protected Iterable<TopLevelItem> allAsIterable() {
return allItems(TopLevelItem.class);
}
})
.add(getPrimaryView().makeSearchIndex())
.add(new CollectionSearchIndex() {// for computers
protected Computer get(String key) { return getComputer(key); }
protected Collection<Computer> all() { return computers.values(); }
})
.add(new CollectionSearchIndex() {// for users
protected User get(String key) { return User.get(key,false); }
protected Collection<User> all() { return User.getAll(); }
})
.add(new CollectionSearchIndex() {// for views
protected View get(String key) { return getView(key); }
protected Collection<View> all() { return views; }
});
SearchIndexBuilder builder = super.makeSearchIndex();
if (hasPermission(ADMINISTER)) {
builder.add("configure", "config", "configure")
.add("manage")
.add("log");
}
builder.add(new CollectionSearchIndex<TopLevelItem>() {
protected SearchItem get(String key) { return getItemByFullName(key, TopLevelItem.class); }
protected Collection<TopLevelItem> all() { return getAllItems(TopLevelItem.class); }
@Nonnull
@Override
protected Iterable<TopLevelItem> allAsIterable() {
return allItems(TopLevelItem.class);
}
})
.add(getPrimaryView().makeSearchIndex())
.add(new CollectionSearchIndex() {// for computers
protected Computer get(String key) { return getComputer(key); }
protected Collection<Computer> all() { return computers.values(); }
})
.add(new CollectionSearchIndex() {// for users
protected User get(String key) { return User.get(key,false); }
protected Collection<User> all() { return User.getAll(); }
})
.add(new CollectionSearchIndex() {// for views
protected View get(String key) { return getView(key); }
protected Collection<View> all() { return views; }
});
return builder;
}

public String getUrlChildPrefix() {
@@ -37,6 +37,10 @@
import java.util.ArrayList;
import java.util.List;

import hudson.model.User;
import hudson.security.ACL;
import hudson.security.ACLContext;
import jenkins.model.Jenkins;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import net.sf.json.JSONSerializer;
@@ -46,6 +50,7 @@
import org.jvnet.hudson.test.Issue;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.JenkinsRule.WebClient;
import org.jvnet.hudson.test.MockAuthorizationStrategy;
import org.jvnet.hudson.test.MockFolder;

import com.gargoylesoftware.htmlunit.AlertHandler;
@@ -390,6 +395,24 @@ public void testSearchWithinFolders() throws Exception {
assertTrue(suggest.contains(p2));
}


@Test
@Issue("JENKINS-7874")
public void adminOnlyLinksNotShownToRegularUser() {
j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
MockAuthorizationStrategy mas = new MockAuthorizationStrategy();
mas.grant(Jenkins.READ).onRoot().toEveryone();
j.jenkins.setAuthorizationStrategy(mas);

try(ACLContext _ = ACL.as(User.get("alice"))) {
List<SearchItem> results = new ArrayList<>();
j.jenkins.getSearchIndex().find("config", results);
j.jenkins.getSearchIndex().find("manage", results);
j.jenkins.getSearchIndex().find("log", results);
assertEquals("empty results list", 0, results.size());
}
}

private List<SearchItem> suggest(SearchIndex index, String term) {
List<SearchItem> result = new ArrayList<SearchItem>();
index.suggest(term, result);

0 comments on commit 250ce5b

Please sign in to comment.