Search in sources :

Example 6 with Permission

use of hudson.security.Permission in project hudson-2.x by hudson.

the class Job method grantProjectMatrixPermissions.

/**
 * Grants project permissions to the user.
 *
 * @param user user
 */
protected void grantProjectMatrixPermissions(User user) {
    if (Hudson.getInstance().getAuthorizationStrategy() instanceof ProjectMatrixAuthorizationStrategy) {
        Map<Permission, Set<String>> grantedPermissions = new HashMap<Permission, Set<String>>();
        Set<String> users = Sets.newHashSet(user.getId());
        grantedPermissions.put(Item.BUILD, users);
        grantedPermissions.put(Item.CONFIGURE, users);
        grantedPermissions.put(Item.DELETE, users);
        grantedPermissions.put(Item.READ, users);
        grantedPermissions.put(Item.WORKSPACE, users);
        grantedPermissions.put(Run.DELETE, users);
        grantedPermissions.put(Run.UPDATE, users);
        AuthorizationMatrixProperty amp = new AuthorizationMatrixProperty(grantedPermissions);
        amp.setOwner(this);
        properties.add(amp);
    }
}
Also used : RangeSet(hudson.model.Fingerprint.RangeSet) Set(java.util.Set) CopyOnWriteArraySet(java.util.concurrent.CopyOnWriteArraySet) ConcurrentHashMap(java.util.concurrent.ConcurrentHashMap) HashMap(java.util.HashMap) Permission(hudson.security.Permission) ProjectMatrixAuthorizationStrategy(hudson.security.ProjectMatrixAuthorizationStrategy) AuthorizationMatrixProperty(hudson.security.AuthorizationMatrixProperty)

Example 7 with Permission

use of hudson.security.Permission in project blueocean-plugin by jenkinsci.

the class OrganizationFolderTest method testOrganizationFolderFactoryNoPermissionsFolder.

@Test(expected = ServiceException.ForbiddenException.class)
public void testOrganizationFolderFactoryNoPermissionsFolder() throws Exception {
    List<OrganizationFolderPipelineImpl.OrganizationFolderFactory> organizationFolderFactoryList = ExtensionList.lookup(OrganizationFolderPipelineImpl.OrganizationFolderFactory.class);
    OrganizationFolderFactoryTestImpl organizationFolderFactoryTest = ((ExtensionList<OrganizationFolderPipelineImpl.OrganizationFolderFactory>) organizationFolderFactoryList).get(OrganizationFolderFactoryTestImpl.class);
    assertNotNull(organizationFolderFactoryTest);
    OrganizationFolderPipelineImpl folderPipeline = organizationFolderFactoryTest.getFolder(orgFolder, new Reachable() {

        @Override
        public Link getLink() {
            return organization.getLink().rel("/pipelines/");
        }
    }, mockOrganization());
    assertNotNull(folderPipeline);
    assertNotNull(folderPipeline.getQueue());
    assertNotNull(folderPipeline.getQueue().iterator());
    // Make sure the user does not have permissions to that folder
    PowerMockito.when(orgFolder.getACL()).thenReturn(new ACL() {

        @Override
        public boolean hasPermission(Authentication arg0, Permission arg1) {
            return false;
        }
    });
    ScmResourceImpl scmResource = new ScmResourceImpl(orgFolder, folderPipeline);
    StaplerRequest staplerRequest = PowerMockito.mock(StaplerRequest.class);
    assertEquals("hello", scmResource.getContent(staplerRequest));
}
Also used : StaplerRequest(org.kohsuke.stapler.StaplerRequest) ACL(hudson.security.ACL) Authentication(org.acegisecurity.Authentication) ExtensionList(hudson.ExtensionList) Reachable(io.jenkins.blueocean.rest.Reachable) Permission(hudson.security.Permission) Link(io.jenkins.blueocean.rest.hal.Link) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Example 8 with Permission

use of hudson.security.Permission in project blueocean-plugin by jenkinsci.

the class OrganizationFolderTest method testOrganizationFolderFactory.

@Test
public void testOrganizationFolderFactory() throws Exception {
    List<OrganizationFolderPipelineImpl.OrganizationFolderFactory> organizationFolderFactoryList = ExtensionList.lookup(OrganizationFolderPipelineImpl.OrganizationFolderFactory.class);
    OrganizationFolderFactoryTestImpl organizationFolderFactoryTest = ((ExtensionList<OrganizationFolderPipelineImpl.OrganizationFolderFactory>) organizationFolderFactoryList).get(OrganizationFolderFactoryTestImpl.class);
    assertNotNull(organizationFolderFactoryTest);
    OrganizationFolderPipelineImpl folderPipeline = organizationFolderFactoryTest.getFolder(orgFolder, () -> organization.getLink().rel("/pipelines/"), mockOrganization());
    assertNotNull(folderPipeline);
    assertNotNull(folderPipeline.getQueue());
    assertNotNull(folderPipeline.getQueue().iterator());
    // Make sure the user does has permissions to that folder
    PowerMockito.when(orgFolder.getACL()).thenReturn(new ACL() {

        @Override
        public boolean hasPermission(Authentication arg0, Permission arg1) {
            return true;
        }
    });
    ScmResourceImpl scmResource = new ScmResourceImpl(orgFolder, folderPipeline);
    StaplerRequest staplerRequest = PowerMockito.mock(StaplerRequest.class);
    assertEquals("hello", scmResource.getContent(staplerRequest));
}
Also used : Authentication(org.acegisecurity.Authentication) ExtensionList(hudson.ExtensionList) Permission(hudson.security.Permission) StaplerRequest(org.kohsuke.stapler.StaplerRequest) ACL(hudson.security.ACL) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Example 9 with Permission

use of hudson.security.Permission in project blueocean-plugin by jenkinsci.

the class UserImplPermissionTest method useTestAgainstJenkinsRoot.

/**
 * Tests against jenkins
 */
@Test
public void useTestAgainstJenkinsRoot() {
    try {
        // https://github.com/powermock/powermock/issues/428
        OrganizationImpl baseOrg = new OrganizationImpl("jenkins", jenkins);
        UserImpl userImpl = new UserImpl(baseOrg, user, baseOrg);
        checkPermissions(userImpl.getPermission(), false, false);
        when(jenkins.getACL()).thenReturn(new ACL() {

            public boolean hasPermission(Authentication a, Permission permission) {
                return true;
            }
        });
        checkPermissions(userImpl.getPermission(), true, true);
    } catch (AssumptionViolatedException x) {
        System.err.println(x);
    }
}
Also used : AssumptionViolatedException(org.junit.AssumptionViolatedException) Authentication(org.acegisecurity.Authentication) Permission(hudson.security.Permission) BlueUserPermission(io.jenkins.blueocean.rest.model.BlueUserPermission) ACL(hudson.security.ACL) PrepareForTest(org.powermock.core.classloader.annotations.PrepareForTest) Test(org.junit.Test)

Example 10 with Permission

use of hudson.security.Permission in project blueocean-plugin by jenkinsci.

the class UserImplPermissionTest method setup.

@Before
public void setup() throws IOException {
    testOrganization = new TestOrganization("org", "orgDisplayName");
    user = mock(User.class);
    when(user.getId()).thenReturn("some_user");
    authentication = new Authentication() {

        public String getName() {
            return "some_user";
        }

        public GrantedAuthority[] getAuthorities() {
            return null;
        }

        public Object getCredentials() {
            return null;
        }

        public Object getDetails() {
            return null;
        }

        public Object getPrincipal() {
            return null;
        }

        public boolean isAuthenticated() {
            return false;
        }

        public void setAuthenticated(boolean isAuthenticated) throws IllegalArgumentException {
        }
    };
    jenkins = mock(Jenkins.class);
    when(jenkins.getACL()).thenReturn(new ACL() {

        public boolean hasPermission(Authentication a, Permission permission) {
            return false;
        }
    });
    mockStatic(Jenkins.class);
    when(Jenkins.getAuthentication()).thenReturn(authentication);
    when(Jenkins.get()).thenReturn(jenkins);
    try {
        // After Jenkins 2.77 hasPermission is no longer in Node.class and is not final so we need to mock it
        // prior to it is called as being final and mocking it will fail for the same reason.
        // TODO remove after core base line is >= 2.77
        Node.class.getDeclaredMethod("hasPermission", Permission.class);
    } catch (NoSuchMethodException e) {
        when(jenkins.hasPermission(Mockito.any())).thenAnswer(new Answer<Boolean>() {

            public Boolean answer(InvocationOnMock invocation) {
                Permission permission = invocation.getArgument(0);
                Jenkins j = (Jenkins) invocation.getMock();
                ACL acl = j.getACL();
                try {
                    return acl.hasPermission(permission);
                } catch (NullPointerException x) {
                    throw new AssumptionViolatedException("TODO cannot be made to work prior to Spring Security update", x);
                }
            }
        });
    }
    mockStatic(User.class);
    when(User.get("some_user", false, Collections.EMPTY_MAP)).thenReturn(user);
}
Also used : BlueUser(io.jenkins.blueocean.rest.model.BlueUser) User(hudson.model.User) AssumptionViolatedException(org.junit.AssumptionViolatedException) ACL(hudson.security.ACL) Jenkins(jenkins.model.Jenkins) Answer(org.mockito.stubbing.Answer) Authentication(org.acegisecurity.Authentication) InvocationOnMock(org.mockito.invocation.InvocationOnMock) Permission(hudson.security.Permission) BlueUserPermission(io.jenkins.blueocean.rest.model.BlueUserPermission) Before(org.junit.Before)

Aggregations

Permission (hudson.security.Permission)12 ACL (hudson.security.ACL)5 Authentication (org.acegisecurity.Authentication)5 Test (org.junit.Test)4 ProjectMatrixAuthorizationStrategy (hudson.security.ProjectMatrixAuthorizationStrategy)3 PrepareForTest (org.powermock.core.classloader.annotations.PrepareForTest)3 ExtensionList (hudson.ExtensionList)2 AuthorizationMatrixProperty (hudson.security.AuthorizationMatrixProperty)2 BlueUserPermission (io.jenkins.blueocean.rest.model.BlueUserPermission)2 HashMap (java.util.HashMap)2 Set (java.util.Set)2 AssumptionViolatedException (org.junit.AssumptionViolatedException)2 StaplerRequest (org.kohsuke.stapler.StaplerRequest)2 Initializer (hudson.init.Initializer)1 RangeSet (hudson.model.Fingerprint.RangeSet)1 FreeStyleProject (hudson.model.FreeStyleProject)1 User (hudson.model.User)1 GlobalMatrixAuthorizationStrategy (hudson.security.GlobalMatrixAuthorizationStrategy)1 Reachable (io.jenkins.blueocean.rest.Reachable)1 Link (io.jenkins.blueocean.rest.hal.Link)1