Skip to content
Permalink
Browse files
Merge pull request #453 from lacostej/lacostej-JENKINS-8214-access-pr…
…ivate-URL-2

[FIXED JENKINS-8214] Added a DISCOVER permission to allow anonymous users to be presented the login screen when accessing job URLs
  • Loading branch information
lacostej committed Apr 24, 2012
2 parents 5f92a03 + 84f0837 commit 3c349c0cd460bea2f017b52e92550bab0f91247e
@@ -58,6 +58,10 @@
<li class=bug>
End up more gracefully if there's some problem when searching for user partipication in the build
(<a href="https://issues.jenkins-ci.org/browse/JENKINS-13564">issue 13564</a>)
<li class=rfe>
Added a DISCOVER permission to allow anonymous users to be presented the login screen
when accessing job URLs.
(<a href="https://issues.jenkins-ci.org/browse/JENKINS-8214">issue 8214</a>)
</ul>
</div><!--=TRUNK-END=-->

@@ -224,6 +224,7 @@
Permission DELETE = new Permission(PERMISSIONS, "Delete", null, Permission.DELETE, PermissionScope.ITEM);
Permission CONFIGURE = new Permission(PERMISSIONS, "Configure", null, Permission.CONFIGURE, PermissionScope.ITEM);
Permission READ = new Permission(PERMISSIONS, "Read", null, Permission.READ, PermissionScope.ITEM);
Permission DISCOVER = new Permission(PERMISSIONS, "Discover", Messages._AbstractProject_DiscoverPermission_Description(), Permission.READ, PermissionScope.ITEM);
Permission EXTENDED_READ = new Permission(PERMISSIONS,"ExtendedRead", Messages._AbstractProject_ExtendedReadPermission_Description(), CONFIGURE, Boolean.getBoolean("hudson.security.ExtendedReadPermission"), new PermissionScope[]{PermissionScope.ITEM});
Permission BUILD = new Permission(PERMISSIONS, "Build", Messages._AbstractProject_BuildPermission_Description(), Permission.UPDATE, PermissionScope.ITEM);
Permission WORKSPACE = new Permission(PERMISSIONS, "Workspace", Messages._AbstractProject_WorkspacePermission_Description(), Permission.READ, PermissionScope.ITEM);
@@ -200,7 +200,6 @@
import org.acegisecurity.Authentication;
import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.context.SecurityContext;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
import org.acegisecurity.ui.AbstractProcessingFilter;
@@ -2111,8 +2110,14 @@ public void setNumExecutors(int n) throws IOException {
public TopLevelItem getItem(String name) {
if (name==null) return null;
TopLevelItem item = items.get(name);
if (item==null || !item.hasPermission(Item.READ))
if (item==null)
return null;
if (!item.hasPermission(Item.READ)) {
if (item.hasPermission(Item.DISCOVER)) {
throw new AccessDeniedException("Please login to access job " + name);
}
return null;
}
return item;
}

@@ -57,6 +57,10 @@ AbstractProject.ExtendedReadPermission.Description=\
This permission grants read-only access to project configurations. Please be \
aware that sensitive information in your builds, such as passwords, will be \
exposed to a wider audience by granting this permission.
AbstractProject.DiscoverPermission.Description=\
This permission grants discover access to jobs. Lower than read permissions, it allows you to \
redirect anonymous users to the login page when they try to access a job url. \
Without it they would get a 404 error and wouldn't be able to discover project names.
AbstractProject.WipeOutPermission.Description=\
This permission grants the ability to wipe out the contents of a workspace.
AbstractProject.CancelPermission.Description=\

0 comments on commit 3c349c0

Please sign in to comment.