use of org.jvnet.hudson.test.MockAuthorizationStrategy in project workflow-cps-plugin by jenkinsci.
the class CpsFlowDefinitionValidatorTest method configureRequired.
@Issue("SECURITY-1266")
@Test
public void configureRequired() throws Exception {
CpsFlowDefinition.DescriptorImpl d = r.jenkins.getDescriptorByType(CpsFlowDefinition.DescriptorImpl.class);
r.jenkins.setSecurityRealm(r.createDummySecurityRealm());
// Set up an administrator, and three developer users with varying levels of access.
r.jenkins.setAuthorizationStrategy(new MockAuthorizationStrategy().grant(Jenkins.ADMINISTER).everywhere().to("admin").grant(Jenkins.READ, Item.CONFIGURE).everywhere().to("dev1").grant(Jenkins.READ).everywhere().to("dev2"));
WorkflowJob job = r.jenkins.createProject(WorkflowJob.class, "w");
try (ACLContext context = ACL.as(User.getById("admin", true))) {
assertThat(d.doCheckScriptCompile(job, "echo 'hello").toString(), containsString("fail"));
}
try (ACLContext context = ACL.as(User.getById("dev1", true))) {
assertThat(d.doCheckScriptCompile(job, "echo 'hello").toString(), containsString("fail"));
}
try (ACLContext context = ACL.as(User.getById("dev2", true))) {
assertThat(d.doCheckScriptCompile(job, "echo 'hello").toString(), containsString("success"));
}
}
use of org.jvnet.hudson.test.MockAuthorizationStrategy in project workflow-job-plugin by jenkinsci.
the class WorkflowRunTest method scriptApproval.
@Test
public void scriptApproval() throws Exception {
r.jenkins.setSecurityRealm(r.createDummySecurityRealm());
r.jenkins.setAuthorizationStrategy(new MockAuthorizationStrategy().grant(Jenkins.READ).everywhere().to("devel").grant(Item.PERMISSIONS.getPermissions().toArray(new Permission[0])).everywhere().to("devel"));
final WorkflowJob p = r.jenkins.createProject(WorkflowJob.class, "p");
final String groovy = "println 'hello'";
ACL.impersonate(User.get("devel").impersonate(), new Runnable() {
@Override
public void run() {
p.setDefinition(new CpsFlowDefinition(groovy));
}
});
r.assertLogContains("UnapprovedUsageException", r.assertBuildStatus(Result.FAILURE, p.scheduleBuild2(0).get()));
Set<ScriptApproval.PendingScript> pendingScripts = ScriptApproval.get().getPendingScripts();
assertEquals(1, pendingScripts.size());
ScriptApproval.PendingScript pendingScript = pendingScripts.iterator().next();
assertEquals(groovy, pendingScript.script);
// only works if configured via WebClient: assertEquals(p, pendingScript.getContext().getItem());
assertEquals("devel", pendingScript.getContext().getUser());
ScriptApproval.get().approveScript(pendingScript.getHash());
r.assertLogContains("hello", r.assertBuildStatusSuccess(p.scheduleBuild2(0)));
}
use of org.jvnet.hudson.test.MockAuthorizationStrategy in project blueocean-plugin by jenkinsci.
the class GithubOrgFolderPermissionsTest method canCreateWhenHavePermissionsOnCustomOrg.
@Test
public void canCreateWhenHavePermissionsOnCustomOrg() throws Exception {
MockAuthorizationStrategy authz = new MockAuthorizationStrategy();
authz.grant(Item.READ, Jenkins.READ).everywhere().to(user);
authz.grant(Item.CREATE, Item.CONFIGURE).onFolders(getOrgRoot()).to(user);
j.jenkins.setAuthorizationStrategy(authz);
// refresh the JWT token otherwise all hell breaks loose.
jwtToken = getJwtToken(j.jenkins, user.getId(), user.getId());
createGithubPipeline(true);
}
use of org.jvnet.hudson.test.MockAuthorizationStrategy in project blueocean-plugin by jenkinsci.
the class GithubOrgFolderPermissionsTest method canCreateWhenHavePermissionsOnDefaultOrg.
@Test
public void canCreateWhenHavePermissionsOnDefaultOrg() throws Exception {
MockAuthorizationStrategy authz = new MockAuthorizationStrategy();
authz.grant(Jenkins.ADMINISTER).everywhere().to(user);
j.jenkins.setAuthorizationStrategy(authz);
// refresh the JWT token otherwise all hell breaks loose.
jwtToken = getJwtToken(j.jenkins, "vivek", "vivek");
createGithubPipeline(true);
}
use of org.jvnet.hudson.test.MockAuthorizationStrategy in project blueocean-plugin by jenkinsci.
the class GithubOrgFolderPermissionsTest method canNotCreateWhenHaveNoPermissionOnCustomOrg.
@Test
public void canNotCreateWhenHaveNoPermissionOnCustomOrg() throws Exception {
MockAuthorizationStrategy authz = new MockAuthorizationStrategy();
authz.grant(Item.READ, Jenkins.READ).everywhere().to(user);
j.jenkins.setAuthorizationStrategy(authz);
// refresh the JWT token otherwise all hell breaks loose.
jwtToken = getJwtToken(j.jenkins, "vivek", "vivek");
createGithubPipeline(false);
}
Aggregations