Permalink
Browse files

[FIXED JENKINS-3681] Added View.READ permission.

The trick for backward compatibility is in the default implementation
that grants View.READ to those who have access to items.
  • Loading branch information...
1 parent fff931e commit 85e13303f8cfbebeb7dab347fda8ccf4069070b6 @kohsuke kohsuke committed Apr 1, 2012
View
@@ -64,6 +64,9 @@
<li class=bug>
Loading All Build History Fails.
(<a href="https://issues.jenkins-ci.org/browse/JENKINS-13238">issue 13238</a>)
+ <li class=rfe>
+ Added the View.READ permission to control visibility of views, and updated the default implementation to hide empty views.
+ (<a href="https://issues.jenkins-ci.org/browse/JENKINS-3681">issue 3681</a>)
</ul>
</div><!--=TRUNK-END=-->
@@ -841,6 +841,7 @@ public int compare(View lhs, View rhs) {
public static final Permission CREATE = new Permission(PERMISSIONS,"Create", Messages._View_CreatePermission_Description(), Permission.CREATE, PermissionScope.ITEM_GROUP);
public static final Permission DELETE = new Permission(PERMISSIONS,"Delete", Messages._View_DeletePermission_Description(), Permission.DELETE, PermissionScope.ITEM_GROUP);
public static final Permission CONFIGURE = new Permission(PERMISSIONS,"Configure", Messages._View_ConfigurePermission_Description(), Permission.CONFIGURE, PermissionScope.ITEM_GROUP);
+ public static final Permission READ = new Permission(PERMISSIONS,"Read", Messages._View_ReadPermission_Description(), Permission.READ, PermissionScope.ITEM_GROUP);
// to simplify access from Jelly
public static Permission getItemCreatePermission() {
@@ -32,6 +32,7 @@
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
+import java.util.Iterator;
import java.util.List;
/**
@@ -108,7 +109,12 @@ public View getView(String name) {
*/
@Exported
public Collection<View> getViews() {
- List<View> copy = new ArrayList<View>(views());
+ List<View> orig = views();
+ List<View> copy = new ArrayList<View>(orig.size());
+ for (View v : orig) {
+ if (v.hasPermission(View.READ))
+ copy.add(v);
+ }
Collections.sort(copy, View.SORTER);
return copy;
}
@@ -38,6 +38,7 @@
import net.sf.json.JSONObject;
import org.acegisecurity.Authentication;
+import org.acegisecurity.acls.sid.Sid;
import org.kohsuke.stapler.StaplerRequest;
/**
@@ -87,12 +88,24 @@ public ACL getACL(Job<?,?> project) {
* This can be used as a basis for more fine-grained access control.
*
* <p>
- * The default implementation returns the ACL of the ViewGroup.
+ * The default implementation makes the view visible if any of the items are visible
+ * or the view is configurable.
*
* @since 1.220
*/
- public ACL getACL(View item) {
- return item.getOwner().getACL();
+ public ACL getACL(final View item) {
+ return new ACL() {
+ @Override
+ public boolean hasPermission(Authentication a, Permission permission) {
+ ACL base = item.getOwner().getACL();
+
+ if (permission==View.READ) {
+ return base.hasPermission(a,View.CONFIGURE) || !item.getItems().isEmpty();
+ }
+
+ return base.hasPermission(a, permission);
+ }
+ };
}
/**
@@ -243,6 +243,8 @@ View.DeletePermission.Description=\
This permission allows users to delete existing views.
View.ConfigurePermission.Description=\
This permission allows users to change the configuration of views.
+View.ReadPermission.Description=\
+ This permission allows users to see views (implied by generic read access).
View.MissingMode=No view type is specified
UpdateCenter.Status.CheckingInternet=Checking internet connectivity

0 comments on commit 85e1330

Please sign in to comment.