Merge remote-tracking branch 'upstream/master' into SECURITY-367_UNRE…

…STRICTED_GROOVY_SCRIPTING_VULN

# Conflicts:
#	src/main/java/org/jenkinsci/plugins/scriptler/config/Script.java
#	src/main/java/org/jenkinsci/plugins/scriptler/config/ScriptlerConfiguration.java
#	src/main/resources/org/jenkinsci/plugins/scriptler/ScriptlerManagement/index.jelly

src/main/java/org/jenkinsci/plugins/scriptler/ScriptlerManagement.java

@@ -308,10 +308,11 @@ private GitScriptlerRepository getGitRepo() {
      * @return redirects to the repo entry page at <code>http://jenkins.orga.com/scriptler.git</code>
      * @throws IOException
      */
+    @RequirePOST
     public HttpResponse doHardResetGit() throws IOException {
         checkPermission(ScriptlerPluginImpl.CONFIGURE);
         getGitRepo().hardReset();
-        return new HttpRedirect("/scriptler.git");
+        return new HttpRedirect("../scriptler.git");
     }
 
     /**

src/main/java/org/jenkinsci/plugins/scriptler/builder/ScriptlerBuilder.java

@@ -11,7 +11,8 @@
 import hudson.tasks.Builder;
 
 import java.io.Serializable;
-import java.util.HashSet;
+import java.util.ArrayList;
+import java.util.Collections;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Set;
@@ -211,15 +212,16 @@ public ScriptlerBuilder newInstance(StaplerRequest req, JSONObject formData) thr
             return builder;
         }
 
-        public Set<Script> getScripts() {
+        public List<Script> getScripts() {
             // TODO currently only script for RUN_SCRIPT permissions are returned?
-            final Set<Script> scripts = getConfig().getScripts();
-            final Set<Script> scriptsForBuilder = new HashSet<Script>();
+            Set<Script> scripts = getConfig().getScripts();
+            List<Script> scriptsForBuilder = new ArrayList<Script>();
             for (Script script : scripts) {
                 if (script.nonAdministerUsing) {
                     scriptsForBuilder.add(script);
                 }
             }
+            Collections.sort(scriptsForBuilder, Script.COMPARATOR_BY_NAME);
             return scriptsForBuilder;
         }
 

src/main/java/org/jenkinsci/plugins/scriptler/config/Script.java

@@ -23,6 +23,8 @@
  */
 package org.jenkinsci.plugins.scriptler.config;
 
+import java.util.Comparator;
+
 public class Script implements Comparable<Script>, NamedResource {
 
     private String id;
@@ -189,4 +191,11 @@ public boolean equals(Object obj) {
         return true;
     }
 
+    public static Comparator<Script> COMPARATOR_BY_NAME = new Comparator<Script>() {
+        @Override public int compare(Script a, Script b) {
+            String nameA = a.getName() != null ? a.getName() : "";
+            String nameB = b.getName() != null ? b.getName() : "";
+            return nameA.compareToIgnoreCase(nameB);
+        }
+    };
 }

src/main/java/org/jenkinsci/plugins/scriptler/config/ScriptlerConfiguration.java

@@ -35,6 +35,7 @@
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
+import jenkins.model.Jenkins;
 import org.jenkinsci.plugins.scriptler.ScriptlerManagement;
 import org.jenkinsci.plugins.scriptler.share.CatalogInfo;
 import org.jenkinsci.plugins.scriptler.util.ByIdSorter;
@@ -134,4 +135,34 @@ public boolean isDisbableRemoteCatalog() {
     public void setDisbableRemoteCatalog(boolean disbableRemoteCatalog) {
         this.disbableRemoteCatalog = disbableRemoteCatalog;
     }
+
+    public void setAllowRunScriptEdit(boolean allowRunScriptEdit) {
+        this.allowRunScriptEdit = allowRunScriptEdit;
+    }
+
+    public void setAllowRunScriptPermission(boolean allowRunScriptPermission) {
+        this.allowRunScriptPermission = allowRunScriptPermission;
+    }
+
+    public boolean isAllowRunScriptEdit() {
+        return allowRunScriptEdit;
+    }
+
+    public boolean isAllowRunScriptPermission() {
+        return allowRunScriptPermission;
+    }
+
+    // for Jelly view
+    public List<Script> getSortedScripts(){
+        List<Script> sortedScripts;
+        if(Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)){
+            sortedScripts = new ArrayList<Script>(this.getScripts());
+        }else{
+            sortedScripts = new ArrayList<Script>(this.getUserScripts());
+        }
+
+        Collections.sort(sortedScripts, Script.COMPARATOR_BY_NAME);
+
+        return sortedScripts;
+    }
 }

src/main/java/org/jenkinsci/plugins/scriptler/share/ScriptInfo.java

@@ -1,6 +1,7 @@
 package org.jenkinsci.plugins.scriptler.share;
 
 import java.util.ArrayList;
+import java.util.Comparator;
 import java.util.List;
 
 import org.jenkinsci.plugins.scriptler.config.NamedResource;
@@ -140,4 +141,11 @@ public String getName() {
         }
     }
 
+    public static Comparator<ScriptInfo> COMPARATOR_BY_NAME = new Comparator<ScriptInfo>() {
+        @Override public int compare(ScriptInfo a, ScriptInfo b) {
+            String nameA = a.getName() != null ? a.getName() : "";
+            String nameB = b.getName() != null ? b.getName() : "";
+            return nameA.compareToIgnoreCase(nameB);
+        }
+    };
 }

src/main/java/org/jenkinsci/plugins/scriptler/share/gh/CentralScriptJsonCatalog.java

@@ -1,6 +1,7 @@
 package org.jenkinsci.plugins.scriptler.share.gh;
 
 import hudson.Extension;
+import hudson.ExtensionList;
 import hudson.model.DownloadService.Downloadable;
 
 import java.io.IOException;
@@ -32,4 +33,7 @@ public ScriptInfoList toList() throws IOException {
         return (ScriptInfoList) JSONObject.toBean(d, ScriptInfoList.class);
     }
 
+    public static CentralScriptJsonCatalog getCatalog() {
+        return ExtensionList.lookup(CentralScriptJsonCatalog.class).get(CentralScriptJsonCatalog.class);
+    }
 }

src/main/java/org/jenkinsci/plugins/scriptler/share/gh/GHCatalog.java

@@ -9,6 +9,7 @@
 import java.net.URL;
 import java.util.Arrays;
 import java.util.Collections;
+import java.util.Comparator;
 import java.util.List;
 import java.util.logging.Level;
 import java.util.logging.Logger;
@@ -17,6 +18,8 @@
 import org.jenkinsci.plugins.scriptler.share.ScriptInfo;
 import org.jenkinsci.plugins.scriptler.share.ScriptInfoCatalog;
 
+import javax.annotation.CheckForNull;
+
 /**
  * Provides access to the scriptler scripts shared at https://github.com/jenkinsci/jenkins-scripts
  * 
@@ -35,12 +38,7 @@ public class GHCatalog extends ScriptInfoCatalog<ScriptInfo> {
 
     @Override
     public List<ScriptInfo> getEntries() {
-        try {
-            return Arrays.asList(CentralScriptJsonCatalog.all().get(CentralScriptJsonCatalog.class).toList().list);
-        } catch (IOException e) {
-            LOGGER.log(Level.SEVERE, "not abe to load script infos from GH", e);
-        }
-        return Collections.emptyList();
+        return getEntries(ScriptInfo.COMPARATOR_BY_NAME);
     }
 
     @Override
@@ -50,14 +48,29 @@ public String getDisplayName() {
 
     @Override
     public ScriptInfo getEntryById(String id) {
-        for (ScriptInfo info : getEntries()) {
+        for (ScriptInfo info : getEntries(null)) {
             if (id.equals(info.getId())) {
                 return info;
             }
         }
         return null;
     }
 
+    private List<ScriptInfo> getEntries(@CheckForNull Comparator<ScriptInfo> comparator){
+        ScriptInfo[] scriptInfoArray = new ScriptInfo[0];
+        try {
+            scriptInfoArray = CentralScriptJsonCatalog.getCatalog().toList().list;
+        } catch (IOException e) {
+            LOGGER.log(Level.SEVERE, "not abe to load script infos from GH", e);
+        }
+        List<ScriptInfo> sortedScriptInfoList = Arrays.asList(scriptInfoArray);
+
+        if(comparator != null)
+            Collections.sort(sortedScriptInfoList, comparator);
+
+        return sortedScriptInfoList;
+    }
+
     @Override
     public CatalogInfo getInfo() {
         return CATALOG_INFO;

src/main/resources/org/jenkinsci/plugins/scriptler/ScriptlerManagement/index.jelly

@@ -33,7 +33,7 @@
 					</h3>
 				</j:if>
 				<table class="pane">
-					<j:set var="items" value="${it.configuration.scripts}" />
+					<j:set var="items" value="${it.configuration.sortedScripts}" />
 					<j:forEach var="t" items="${items}">
 						<tr valign="center" style="border-top: 0px;">
 							<td class="pane scriptler-nowrap" width="104">

src/main/resources/org/jenkinsci/plugins/scriptler/builder/ScriptlerBuilder/config.jelly

@@ -3,7 +3,7 @@
 
     <st:adjunct assumes="org.kohsuke.stapler.framework.prototype.prototype" includes="org.kohsuke.stapler.bind"/>
 	<st:once>
-		<script type="text/javascript" src="${rootURL}/plugin/scriptler/lib/scriptler.js" />
+		<script type="text/javascript" src="${resURL}/plugin/scriptler/lib/scriptler.js" />
 	</st:once>
 	<j:choose>
 		<j:when test="${empty(descriptor.scripts)}">

src/main/resources/org/jenkinsci/plugins/scriptler/git/GitScriptlerRepository/index.groovy

@@ -2,6 +2,7 @@ import jenkins.model.Jenkins
 import org.jenkinsci.plugins.scriptler.git.GitScriptlerRepository
 
 def l=namespace(lib.LayoutTagLib)
+def f=namespace(lib.FormTagLib)
 
 l.layout {
     l.main_panel {
@@ -26,10 +27,8 @@ l.layout {
         if(app.hasPermission(org.jenkinsci.plugins.scriptler.ScriptlerPluginImpl.CONFIGURE)){
             p {
                 raw _("reset")
-                br {
-                    button (type: "button", onclick: "document.location.href=${app.rootUrl}scriptler/hardResetGit"){
-                       raw "hard reset"
-                    }
+                f.form(method:"POST", action: "${app.rootUrl}scriptler/hardResetGit") {
+                    f.submit(value:_('Hard reset'))
                 }
             } 
         }