[FIXED JENKINS-18485] Introduce Computer.EXTENDED_READ permission

From now on user needs: Computer.CREATE to use 'create-node' CLI command Computer.DELETE to use 'delete-node' CLI command Computer.CONFIGURE to use 'update-node' CLI command and its REST alternative Computer.EXTENDED_READ to use 'get-node' CLI command and its REST alternative
jenkinsci · Aug 13, 2013 · 5db147e · 5db147e
1 parent 3e45ce9
commit 5db147e
Show file tree

Hide file tree

Showing 5 changed files with 8 additions and 11 deletions.
diff --git a/core/src/main/java/hudson/cli/GetNodeCommand.java b/core/src/main/java/hudson/cli/GetNodeCommand.java
@@ -52,7 +52,7 @@ public String getShortDescription() {
     @Override
     protected int run() throws IOException {
 
-        node.checkPermission(Computer.READ);
+        node.checkPermission(Computer.EXTENDED_READ);
 
         Jenkins.XSTREAM2.toXMLUTF8(node, stdout);
 

diff --git a/core/src/main/java/hudson/model/Computer.java b/core/src/main/java/hudson/model/Computer.java
@@ -1189,7 +1189,7 @@ public void doConfigDotXml(StaplerRequest req, StaplerResponse rsp)
 
         if (req.getMethod().equals("GET")) {
             // read
-            checkPermission(READ);
+            checkPermission(EXTENDED_READ);
             rsp.setContentType("application/xml");
             Jenkins.XSTREAM2.toXMLUTF8(getNode(), rsp.getOutputStream());
             return;
@@ -1350,11 +1350,8 @@ public boolean accept(File dir, String name) {
     }
 
     public static final PermissionGroup PERMISSIONS = new PermissionGroup(Computer.class,Messages._Computer_Permissions_Title());
-    /**
-     * Permission to configure slaves.
-     */
-    public static final Permission READ = new Permission(PERMISSIONS,"Read", Messages._Computer_ReadPermission_Description(), Permission.READ, PermissionScope.COMPUTER);
     public static final Permission CONFIGURE = new Permission(PERMISSIONS,"Configure", Messages._Computer_ConfigurePermission_Description(), Permission.CONFIGURE, PermissionScope.COMPUTER);
+    public static final Permission EXTENDED_READ = new Permission(PERMISSIONS,"ExtendedRead", Messages._Computer_ExtendedReadPermission_Description(), CONFIGURE, PermissionScope.COMPUTER);
     public static final Permission DELETE = new Permission(PERMISSIONS,"Delete", Messages._Computer_DeletePermission_Description(), Permission.DELETE, PermissionScope.COMPUTER);
     public static final Permission CREATE = new Permission(PERMISSIONS,"Create", Messages._Computer_CreatePermission_Description(), Permission.CREATE, PermissionScope.COMPUTER);
     public static final Permission DISCONNECT = new Permission(PERMISSIONS,"Disconnect", Messages._Computer_DisconnectPermission_Description(), Jenkins.ADMINISTER, PermissionScope.COMPUTER);

diff --git a/core/src/main/resources/hudson/model/Messages.properties b/core/src/main/resources/hudson/model/Messages.properties
@@ -102,7 +102,7 @@ CLI.wait-node-offline.shortDescription=Wait for a node to become offline
 Computer.Caption=Slave {0}
 Computer.NoSuchSlaveExists=No such slave "{0}" exists. Did you mean "{1}"?
 Computer.Permissions.Title=Slave
-Computer.ReadPermission.Description=This permission allows users to read slave configuration.
+Computer.ExtendedReadPermission.Description=This permission allows users to read slave configuration.
 Computer.ConfigurePermission.Description=This permission allows users to configure slaves.
 Computer.DeletePermission.Description=This permission allows users to delete existing slaves.
 Computer.CreatePermission.Description=This permission allows users to create slaves.

diff --git a/test/src/test/java/hudson/cli/GetNodeCommandTest.java b/test/src/test/java/hudson/cli/GetNodeCommandTest.java
@@ -57,7 +57,7 @@ public class GetNodeCommandTest {
                 .invokeWithArgs("MySlave")
         ;
 
-        assertThat(result.stderr(), containsString("user is missing the Slave/Read permission"));
+        assertThat(result.stderr(), containsString("user is missing the Slave/ExtendedRead permission"));
         assertThat("No output expected", result.stdout(), isEmptyString());
         assertThat("Command is expected to fail", result.returnCode(), equalTo(-1));
     }
@@ -67,7 +67,7 @@ public class GetNodeCommandTest {
         j.createSlave("MySlave", null, null);
 
         final CLICommandInvoker.Result result = command
-                .authorizedTo(Computer.READ, Jenkins.READ)
+                .authorizedTo(Computer.EXTENDED_READ, Jenkins.READ)
                 .invokeWithArgs("MySlave")
         ;
 
@@ -80,7 +80,7 @@ public class GetNodeCommandTest {
     @Test public void getNodeShouldFailIfNodeDoesNotExist() throws Exception {
 
         final CLICommandInvoker.Result result = command
-                .authorizedTo(Computer.READ, Jenkins.READ)
+                .authorizedTo(Computer.EXTENDED_READ, Jenkins.READ)
                 .invokeWithArgs("MySlave")
         ;
 

diff --git a/test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java b/test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java
@@ -107,7 +107,7 @@ public void configXmlGetShouldYieldNodeConfiguration() throws Exception {
 
         GlobalMatrixAuthorizationStrategy auth = new GlobalMatrixAuthorizationStrategy();
         rule.jenkins.setAuthorizationStrategy(auth);
-        auth.add(Computer.READ, "user");
+        auth.add(Computer.EXTENDED_READ, "user");
 
         final OutputStream outputStream = captureOutput();