Skip to content
Permalink
Browse files

[FIX JENKINS-22028] Allow MarkupFormatter without enabling security

Given the current default of 'Escaped HTML', it makes no sense
to require users to 'Enable Security' to set up a less secure
alternative. So show it on the global security configuration page
on top level.
  • Loading branch information...
daniel-beck committed May 11, 2014
1 parent 016f304 commit ac3a5cd61461c5f7f063c57fba81a5aec6409664
@@ -99,15 +99,16 @@ public boolean configure(StaplerRequest req, JSONObject json) throws hudson.mode
} catch (IOException e) {
throw new hudson.model.Descriptor.FormException(e, "slaveAgentPortType");
}
if (security.has("markupFormatter")) {
j.setMarkupFormatter(req.bindJSON(MarkupFormatter.class, security.getJSONObject("markupFormatter")));
} else {
j.setMarkupFormatter(null);
}
} else {
j.disableSecurity();
}

if (json.has("markupFormatter")) {
j.setMarkupFormatter(req.bindJSON(MarkupFormatter.class, json.getJSONObject("markupFormatter")));
} else {
j.setMarkupFormatter(null);
}

// persist all the additional security configs
boolean result = true;
for(Descriptor<?> d : Functions.getSortedDescriptorsForGlobalConfig(FILTER)){
@@ -2081,7 +2081,6 @@ public void disableSecurity() {
useSecurity = null;
setSecurityRealm(SecurityRealm.NO_AUTHENTICATION);
authorizationStrategy = AuthorizationStrategy.UNSECURED;
markupFormatter = null;
}

public void setProjectNamingStrategy(ProjectNamingStrategy ns) {
@@ -33,8 +33,6 @@ l.layout(norefresh:true, permission:app.ADMINISTER, title:my.displayName) {
f.checkbox()
}

f.dropdownDescriptorSelector(title:_("Markup Formatter"),descriptors: MarkupFormatterDescriptor.all(), field: 'markupFormatter')

f.entry(title:_("Access Control")) {
table(style:"width:100%") {
f.descriptorRadioList(title:_("Security Realm"),varName:"realm", instance:app.securityRealm, descriptors:SecurityRealm.all())
@@ -43,6 +41,8 @@ l.layout(norefresh:true, permission:app.ADMINISTER, title:my.displayName) {
}
}

f.dropdownDescriptorSelector(title:_("Markup Formatter"),descriptors: MarkupFormatterDescriptor.all(), field: 'markupFormatter')

Functions.getSortedDescriptorsForGlobalConfig(my.FILTER).each { Descriptor descriptor ->
set("descriptor",descriptor)
set("instance",descriptor)

0 comments on commit ac3a5cd

Please sign in to comment.
You can’t perform that action at this time.