Example 6 with ACL
use of hudson.security.ACL in project blueocean-plugin by jenkinsci.
the class UserImplPermissionTest method useTestAgainstJenkinsRoot.
/**
* Tests against jenkins
*/
@Test
public void useTestAgainstJenkinsRoot() {
try {
// https://github.com/powermock/powermock/issues/428
OrganizationImpl baseOrg = new OrganizationImpl("jenkins", jenkins);
UserImpl userImpl = new UserImpl(baseOrg, user, baseOrg);
checkPermissions(userImpl.getPermission(), false, false);
when(jenkins.getACL()).thenReturn(new ACL() {
public boolean hasPermission(Authentication a, Permission permission) {
return true;
}
});
checkPermissions(userImpl.getPermission(), true, true);
} catch (AssumptionViolatedException x) {
System.err.println(x);
}
}
Also used :
AssumptionViolatedException(org.junit.AssumptionViolatedException)
Authentication(org.acegisecurity.Authentication)
Permission(hudson.security.Permission)
BlueUserPermission(io.jenkins.blueocean.rest.model.BlueUserPermission)
ACL(hudson.security.ACL)
PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest)
Test(org.junit.Test)
Example 7 with ACL
use of hudson.security.ACL in project blueocean-plugin by jenkinsci.
the class UserImplPermissionTest method setup.
@Before
public void setup() throws IOException {
testOrganization = new TestOrganization("org", "orgDisplayName");
user = mock(User.class);
when(user.getId()).thenReturn("some_user");
authentication = new Authentication() {
public String getName() {
return "some_user";
}
public GrantedAuthority[] getAuthorities() {
return null;
}
public Object getCredentials() {
return null;
}
public Object getDetails() {
return null;
}
public Object getPrincipal() {
return null;
}
public boolean isAuthenticated() {
return false;
}
public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
}
};
jenkins = mock(Jenkins.class);
when(jenkins.getACL()).thenReturn(new ACL() {
public boolean hasPermission(Authentication a, Permission permission) {
return false;
}
});
mockStatic(Jenkins.class);
when(Jenkins.getAuthentication()).thenReturn(authentication);
when(Jenkins.get()).thenReturn(jenkins);
try {
// After Jenkins 2.77 hasPermission is no longer in Node.class and is not final so we need to mock it
// prior to it is called as being final and mocking it will fail for the same reason.
// TODO remove after core base line is >= 2.77
Node.class.getDeclaredMethod("hasPermission", Permission.class);
} catch (NoSuchMethodException e) {
when(jenkins.hasPermission(Mockito.any())).thenAnswer(new Answer<Boolean>() {
public Boolean answer(InvocationOnMock invocation) {
Permission permission = invocation.getArgument(0);
Jenkins j = (Jenkins) invocation.getMock();
ACL acl = j.getACL();
try {
return acl.hasPermission(permission);
} catch (NullPointerException x) {
throw new AssumptionViolatedException("TODO cannot be made to work prior to Spring Security update", x);
}
}
});
}
mockStatic(User.class);
when(User.get("some_user", false, Collections.EMPTY_MAP)).thenReturn(user);
}
Also used :
BlueUser(io.jenkins.blueocean.rest.model.BlueUser)
User(hudson.model.User)
AssumptionViolatedException(org.junit.AssumptionViolatedException)
ACL(hudson.security.ACL)
Jenkins(jenkins.model.Jenkins)
Answer(org.mockito.stubbing.Answer)
Authentication(org.acegisecurity.Authentication)
InvocationOnMock(org.mockito.invocation.InvocationOnMock)
Permission(hudson.security.Permission)
BlueUserPermission(io.jenkins.blueocean.rest.model.BlueUserPermission)
Before(org.junit.Before)
Example 8 with ACL
use of hudson.security.ACL in project blueocean-plugin by jenkinsci.
the class AbstractPipelineCreateRequestImpl method create.
@Nonnull
public TopLevelItem create(ModifiableTopLevelItemGroup parent, String name, String descriptorName, Class<? extends TopLevelItemDescriptor> descriptorClass) throws IOException {
ACL acl = Jenkins.getInstance().getACL();
Authentication a = Jenkins.getAuthentication();
if (!acl.hasPermission(a, Item.CREATE)) {
throw new ServiceException.ForbiddenException(String.format("Failed to create pipeline: %s. User %s doesn't have Job create permission", name, a.getName()));
}
TopLevelItemDescriptor descriptor = Items.all().findByName(descriptorName);
if (descriptor == null || !(descriptorClass.isAssignableFrom(descriptor.getClass()))) {
throw new ServiceException.BadRequestExpception(String.format("Failed to create pipeline: %s, descriptor %s is not found", name, descriptorName));
}
ItemGroup p = Jenkins.getInstance();
if (!descriptor.isApplicableIn(p)) {
throw new ServiceException.ForbiddenException(String.format("Failed to create pipeline: %s. pipeline can't be created in Jenkins root folder", name));
}
if (!acl.hasCreatePermission(a, p, descriptor)) {
throw new ServiceException.ForbiddenException("Missing permission: " + Item.CREATE.group.title + "/" + Item.CREATE.name + Item.CREATE + "/" + descriptor.getDisplayName());
}
return parent.createProject(descriptor, name, true);
}
Also used :
ItemGroup(hudson.model.ItemGroup)
ModifiableTopLevelItemGroup(jenkins.model.ModifiableTopLevelItemGroup)
Authentication(org.acegisecurity.Authentication)
TopLevelItemDescriptor(hudson.model.TopLevelItemDescriptor)
ACL(hudson.security.ACL)
Nonnull(javax.annotation.Nonnull)
Example 9 with ACL
use of hudson.security.ACL in project blueocean-plugin by jenkinsci.
the class GithubPipelineUpdateRequest method update.
@Nonnull
@Override
public BluePipeline update(BluePipeline pipeline) throws IOException {
ACL acl = Jenkins.getInstance().getACL();
Authentication a = Jenkins.getAuthentication();
if (!acl.hasPermission(a, Item.CONFIGURE)) {
throw new ServiceException.ForbiddenException(String.format("Failed to update Git pipeline: %s. User %s doesn't have Job configure permission", pipeline.getName(), a.getName()));
}
User user = User.current();
if (user == null) {
throw new ServiceException.UnauthorizedException("User is not authenticated");
}
Item item = Jenkins.getInstance().getItemByFullName(pipeline.getFullName());
if (item instanceof OrganizationFolder) {
OrganizationFolder folder = (OrganizationFolder) item;
GitHubSCMNavigator gitHubSCMNavigator = getNavigator(folder);
if (gitHubSCMNavigator != null) {
folder.getNavigators().replace(gitHubSCMNavigator);
if (repos.size() == 1) {
SCMSourceEvent.fireNow(new GithubPipelineCreateRequest.SCMSourceEventImpl(repos.get(0), item, gitHubSCMNavigator.getApiUri(), gitHubSCMNavigator));
} else {
folder.scheduleBuild(new Cause.UserIdCause());
}
}
}
return pipeline;
}
Also used :
Item(hudson.model.Item)
User(hudson.model.User)
OrganizationFolder(jenkins.branch.OrganizationFolder)
Authentication(org.acegisecurity.Authentication)
Cause(hudson.model.Cause)
ACL(hudson.security.ACL)
GitHubSCMNavigator(org.jenkinsci.plugins.github_branch_source.GitHubSCMNavigator)
Nonnull(javax.annotation.Nonnull)
Example 10 with ACL
use of hudson.security.ACL in project blueocean-plugin by jenkinsci.
the class GitPipelineUpdateRequest method update.
@CheckForNull
@Override
@SuppressWarnings("unchecked")
public BluePipeline update(BluePipeline pipeline) throws IOException {
Item item = Jenkins.getInstance().getItemByFullName(pipeline.getFullName());
if (item instanceof MultiBranchProject) {
ACL acl = Jenkins.getInstance().getACL();
Authentication a = Jenkins.getAuthentication();
if (!acl.hasPermission(a, Item.CONFIGURE)) {
throw new ServiceException.ForbiddenException(String.format("Failed to update Git pipeline: %s. User %s doesn't have Job configure permission", pipeline.getName(), a.getName()));
}
MultiBranchProject mbp = (MultiBranchProject) item;
BranchSource branchSource = getGitScmSource(mbp);
if (branchSource != null) {
mbp.getSourcesList().replaceBy(Collections.singleton(branchSource));
mbp.scheduleBuild2(0, new CauseAction(new Cause.UserIdCause()));
}
}
return pipeline;
}
Also used :
Item(hudson.model.Item)
Authentication(org.acegisecurity.Authentication)
CauseAction(hudson.model.CauseAction)
MultiBranchProject(jenkins.branch.MultiBranchProject)
ACL(hudson.security.ACL)
BranchSource(jenkins.branch.BranchSource)
CheckForNull(javax.annotation.CheckForNull)
Aggregations
ACL (hudson.security.ACL)11
Authentication (org.acegisecurity.Authentication)8
Permission (hudson.security.Permission)5
User (hudson.model.User)4
Nonnull (javax.annotation.Nonnull)4
ModifiableTopLevelItemGroup (jenkins.model.ModifiableTopLevelItemGroup)3
Test (org.junit.Test)3
PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)3
Authentication (org.springframework.security.core.Authentication)3
ExtensionList (hudson.ExtensionList)2
Item (hudson.model.Item)2
TopLevelItemDescriptor (hudson.model.TopLevelItemDescriptor)2
AccessControlled (hudson.security.AccessControlled)2
BlueUserPermission (io.jenkins.blueocean.rest.model.BlueUserPermission)2
OrganizationFolder (jenkins.branch.OrganizationFolder)2
AssumptionViolatedException (org.junit.AssumptionViolatedException)2
StaplerRequest (org.kohsuke.stapler.StaplerRequest)2
Cause (hudson.model.Cause)1
CauseAction (hudson.model.CauseAction)1
ItemGroup (hudson.model.ItemGroup)1
