Skip to content

Commit

Permalink
[FIXED JENKINS-23131] Make CredentialsStore implement AccessControlled
Browse files Browse the repository at this point in the history 
- a525728 already addressed the scoping issue
  • Loading branch information
@stephenc
stephenc committed Dec 18, 2014
1 parent 1d51a48 commit 4456672
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 2 deletions.
16 changes: 15 additions & 1 deletion src/main/java/com/cloudbees/plugins/credentials/CredentialsStore.java
View file
Expand Up @@ -26,6 +26,8 @@
import com.cloudbees.plugins.credentials.domains.Domain;
import edu.umd.cs.findbugs.annotations.NonNull;
import hudson.model.ModelObject;
import hudson.security.ACL;
import hudson.security.AccessControlled;
import hudson.security.AccessDeniedException2;
import hudson.security.Permission;
import jenkins.model.Jenkins;
Expand All @@ -44,7 +46,7 @@
* @author Stephen Connolly
* @since 1.8
*/
public abstract class CredentialsStore {
public abstract class CredentialsStore implements AccessControlled {

private transient Boolean domainsModifiable;

Expand Down Expand Up @@ -88,6 +90,18 @@ public final boolean hasPermission(@NonNull Permission p) {
*/
public abstract boolean hasPermission(@NonNull Authentication a, @NonNull Permission permission);

/** {@inheritDoc} */
public ACL getACL() {
// we really want people to implement this one, but in case of legacy implementations we need to provide
// an effective ACL implementation.
return new ACL() {
@Override
public boolean hasPermission(Authentication a, Permission permission) {
return CredentialsStore.this.hasPermission(a, permission);
}
};
}

/**
* Returns all the {@link com.cloudbees.plugins.credentials.domains.Domain}s that this credential provider has.
* Most implementers of {@link CredentialsStore} will probably want to override this method.
Expand Down
7 changes: 6 additions & 1 deletion src/main/java/com/cloudbees/plugins/credentials/SystemCredentialsProvider.java
View file
Expand Up @@ -560,13 +560,17 @@ public ModelObject getContext() {
return Jenkins.getInstance();
}

public ACL getACL() {
return Jenkins.getInstance().getACL();
}

/**
* {@inheritDoc}
*/
@Override
public boolean hasPermission(@NonNull Authentication a, @NonNull Permission permission) {
// we follow the permissions of Jenkins itself
return Jenkins.getInstance().getACL().hasPermission(a, permission);
return getACL().hasPermission(a, permission);
}

/**
Expand Down Expand Up @@ -639,6 +643,7 @@ public boolean updateCredentials(@NonNull Domain domain, @NonNull Credentials cu
@NonNull Credentials replacement) throws IOException {
return SystemCredentialsProvider.getInstance().updateCredentials(domain, current, replacement);
}

}

@ExportedBean
Expand Down
5 changes: 5 additions & 0 deletions src/main/java/com/cloudbees/plugins/credentials/UserCredentialsProvider.java
View file
Expand Up @@ -566,6 +566,11 @@ public boolean hasPermission(@NonNull Authentication a, @NonNull Permission perm
return user.equals(User.get(a.getName()));
}

@Override
public ACL getACL() {
return user.getACL();
}

/**
* {@inheritDoc}
*/
Expand Down

0 comments on commit 4456672

Please sign in to comment.