Examples with AccessControlled hudson.security.AccessControlled used on opensource projects

Search in sources :

Example 1 with AccessControlled

use of hudson.security.AccessControlled in project hudson-2.x by hudson.

the class Functions method checkPermission.

/**
 * This version is so that the 'checkPermission' on <tt>layout.jelly</tt>
 * degrades gracefully if "it" is not an {@link AccessControlled} object.
 * Otherwise it will perform no check and that problem is hard to notice.
 */
public static void checkPermission(Object object, Permission permission) throws IOException, ServletException {
    if (permission == null)
        return;
    if (object instanceof AccessControlled)
        checkPermission((AccessControlled) object, permission);
    else {
        List<Ancestor> ancs = Stapler.getCurrentRequest().getAncestors();
        for (Ancestor anc : Iterators.reverse(ancs)) {
            Object o = anc.getObject();
            if (o instanceof AccessControlled) {
                checkPermission((AccessControlled) o, permission);
                return;
            }
        }
        checkPermission(Hudson.getInstance(), permission);
    }
}
Also used : AccessControlled(hudson.security.AccessControlled) SearchableModelObject(hudson.search.SearchableModelObject) ModelObject(hudson.model.ModelObject) Ancestor(org.kohsuke.stapler.Ancestor)

Example 2 with AccessControlled

use of hudson.security.AccessControlled in project blueocean-plugin by jenkinsci.

the class AbstractPipelineCreateRequest method checkUserIsAuthenticatedAndHasItemCreatePermission.

protected User checkUserIsAuthenticatedAndHasItemCreatePermission(BlueOrganization organization) {
    ModifiableTopLevelItemGroup p = getParent(organization);
    User authenticatedUser = User.current();
    if (authenticatedUser == null) {
        throw new ServiceException.UnauthorizedException("Must be logged in to create a pipeline");
    }
    Authentication authentication = Jenkins.getAuthentication2();
    ACL acl = (p instanceof AccessControlled) ? ((AccessControlled) p).getACL() : Jenkins.get().getACL();
    if (!acl.hasPermission2(authentication, Item.CREATE)) {
        throw new ServiceException.ForbiddenException(String.format("User %s doesn't have Job create permission", authenticatedUser.getId()));
    }
    return authenticatedUser;
}
Also used : AccessControlled(hudson.security.AccessControlled) User(hudson.model.User) ModifiableTopLevelItemGroup(jenkins.model.ModifiableTopLevelItemGroup) Authentication(org.springframework.security.core.Authentication) ACL(hudson.security.ACL)

Example 3 with AccessControlled

use of hudson.security.AccessControlled in project workflow-cps-plugin by jenkinsci.

the class RunningFlowActions method createFor.

@Override
public Collection<? extends Action> createFor(FlowExecutionOwner.Executable executable) {
    FlowExecutionOwner owner = executable.asFlowExecutionOwner();
    if (owner != null) {
        FlowExecution exec = owner.getOrNull();
        if (exec instanceof CpsFlowExecution && !exec.isComplete()) {
            CpsFlowExecution e = (CpsFlowExecution) exec;
            List<Action> actions = new ArrayList<>();
            actions.add(new CpsThreadDumpAction(e));
            // TODO cf. comment in CpsFlowExecution#pause
            if (!(executable instanceof AccessControlled) || ((AccessControlled) executable).hasPermission(Item.CANCEL)) {
                actions.add(new PauseUnpauseAction(e));
            }
            return actions;
        }
    }
    return Collections.emptySet();
}
Also used : AccessControlled(hudson.security.AccessControlled) Action(hudson.model.Action) FlowExecutionOwner(org.jenkinsci.plugins.workflow.flow.FlowExecutionOwner) FlowExecution(org.jenkinsci.plugins.workflow.flow.FlowExecution) ArrayList(java.util.ArrayList)

Example 4 with AccessControlled

use of hudson.security.AccessControlled in project vsphere-cloud-plugin by jenkinsci.

the class PermissionUtils method checkPermission.

/**
 * Throws unless we have at least one of the specified permissions.
 *
 * @param c
 *            Our context.
 * @param allowablePermission
 *            The first permission we will accept.
 */
private static void checkPermission(final Object c, Permission allowablePermission) {
    final AccessControlled ac = c instanceof AccessControlled ? (AccessControlled) c : Jenkins.getInstance();
    ac.checkPermission(allowablePermission);
}
Also used : AccessControlled(hudson.security.AccessControlled)

Example 5 with AccessControlled

use of hudson.security.AccessControlled in project blueocean-plugin by jenkinsci.

the class AbstractPipelineCreateRequest method createProject.

@Nonnull
protected TopLevelItem createProject(String name, String descriptorName, Class<? extends TopLevelItemDescriptor> descriptorClass, BlueOrganization organization) throws IOException {
    ModifiableTopLevelItemGroup p = getParent(organization);
    final ACL acl = (p instanceof AccessControlled) ? ((AccessControlled) p).getACL() : Jenkins.get().getACL();
    Authentication a = Jenkins.getAuthentication2();
    if (!acl.hasPermission2(a, Item.CREATE)) {
        throw new ServiceException.ForbiddenException(String.format("Failed to create pipeline: %s. User %s doesn't have Job create permission", name, a.getName()));
    }
    TopLevelItemDescriptor descriptor = Items.all().findByName(descriptorName);
    if (descriptor == null || !(descriptorClass.isAssignableFrom(descriptor.getClass()))) {
        throw new ServiceException.BadRequestException(String.format("Failed to create pipeline: %s, descriptor %s is not found", name, descriptorName));
    }
    if (!descriptor.isApplicableIn(p)) {
        throw new ServiceException.ForbiddenException(String.format("Failed to create pipeline: %s. Pipeline can't be created in Jenkins root folder", name));
    }
    if (!acl.hasCreatePermission2(a, p, descriptor)) {
        throw new ServiceException.ForbiddenException("Missing permission: " + Item.CREATE.group.title + "/" + Item.CREATE.name + " " + Item.CREATE + "/" + descriptor.getDisplayName());
    }
    return p.createProject(descriptor, name, true);
}
Also used : AccessControlled(hudson.security.AccessControlled) ModifiableTopLevelItemGroup(jenkins.model.ModifiableTopLevelItemGroup) Authentication(org.springframework.security.core.Authentication) TopLevelItemDescriptor(hudson.model.TopLevelItemDescriptor) ACL(hudson.security.ACL) Nonnull(javax.annotation.Nonnull)

Aggregations

AccessControlled (hudson.security.AccessControlled)5 ACL (hudson.security.ACL)2 ModifiableTopLevelItemGroup (jenkins.model.ModifiableTopLevelItemGroup)2 Authentication (org.springframework.security.core.Authentication)2 Action (hudson.model.Action)1 ModelObject (hudson.model.ModelObject)1 TopLevelItemDescriptor (hudson.model.TopLevelItemDescriptor)1 User (hudson.model.User)1 SearchableModelObject (hudson.search.SearchableModelObject)1 ArrayList (java.util.ArrayList)1 Nonnull (javax.annotation.Nonnull)1 FlowExecution (org.jenkinsci.plugins.workflow.flow.FlowExecution)1 FlowExecutionOwner (org.jenkinsci.plugins.workflow.flow.FlowExecutionOwner)1 Ancestor (org.kohsuke.stapler.Ancestor)1
About Me
UseOf

Java Tutorials :

Simple Java RabbitMQ Example with Spring
Simple Springboot JPA Eclipeslink Example
Simple SpringBoot JPA Hibernate Example
Jackson JSON @JsonIgnore and @JsonIgnoreProperties Examples
Java Infinite recursion (StackOverflowError) Jackson solutions
Simple Java Jackson Serialize Objects to JSON and convert them back To Object
ElasticSearch 5 - Upload files using Java API in binary field Example
Java JAXB marshall unmarshall Examples from String and Stream
Java 8 forEach List and Map examples
ElasticSearch 5 Java API SearchRequestBuilder examples
Java ElasticSearch 5 examples with node index and mapping - running local
Convert String to int or Integer Java 8
Java 9 in action - JShell - Ubuntu
Java - removing invalid characters from a file name
Hello world!? or Hello Tutorial