Skip to content

Commit

Permalink
[FIXED JENKINS-37616] Make Cloud.PROVISION independent from Jenkins.A…
Browse files Browse the repository at this point in the history 
…DMINISTER (#2521)
  • Loading branch information
@olivergondza @oleg-nenashev
olivergondza authored and oleg-nenashev committed Aug 27, 2016
1 parent 4278804 commit 11af7d0
Show file tree
Hide file tree
Showing 3 changed files with 34 additions and 1 deletion.
8 changes: 7 additions & 1 deletion core/src/main/java/hudson/slaves/Cloud.java
View file
Expand Up @@ -28,6 +28,7 @@
import hudson.DescriptorExtensionList;
import hudson.model.Computer;
import hudson.model.Slave;
import hudson.security.PermissionScope;
import hudson.slaves.NodeProvisioner.PlannedNode;
import hudson.model.Describable;
import jenkins.model.Jenkins;
Expand All @@ -42,6 +43,7 @@
import org.kohsuke.stapler.DataBoundConstructor;

import java.util.Collection;
import java.util.concurrent.Future;

/**
* Creates {@link Node}s to dynamically expand/shrink the agents attached to Hudson.
Expand Down Expand Up @@ -175,10 +177,14 @@ public static DescriptorExtensionList<Cloud,Descriptor<Cloud>> all() {
return Jenkins.getInstance().<Cloud,Descriptor<Cloud>>getDescriptorList(Cloud.class);
}

private static final PermissionScope PERMISSION_SCOPE = new PermissionScope(Cloud.class);

/**
* Permission constant to control mutation operations on {@link Cloud}.
*
* This includes provisioning a new node, as well as removing it.
*/
public static final Permission PROVISION = Jenkins.ADMINISTER;
public static final Permission PROVISION = new Permission(
Computer.PERMISSIONS, "Provision", Messages._Cloud_ProvisionPermission_Description(), Jenkins.ADMINISTER, PERMISSION_SCOPE
);
}
1 change: 1 addition & 0 deletions core/src/main/resources/hudson/slaves/Messages.properties
View file
Expand Up @@ -41,3 +41,4 @@ NodeDescripter.CheckName.Mandatory=Name is mandatory
ComputerLauncher.NoJavaFound=Java version {0} was found but 1.6 or later is needed.
ComputerLauncher.JavaVersionResult={0} -version returned {1}.
ComputerLauncher.UknownJavaVersion=Couldn\u2019t figure out the Java version of {0}
Cloud.ProvisionPermission.Description=Provision new nodes
26 changes: 26 additions & 0 deletions core/src/test/java/hudson/slaves/CloudTest.java
View file
@@ -0,0 +1,26 @@
package hudson.slaves;

import static org.junit.Assert.*;

import hudson.model.Computer;
import hudson.security.Permission;
import hudson.security.SidACL;
import jenkins.model.Jenkins;
import org.acegisecurity.acls.sid.Sid;
import org.junit.Test;

public class CloudTest {

@Test
public void provisionPermissionShouldBeIndependentFromAdminister() throws Exception {
SidACL acl = new SidACL() {
@Override protected Boolean hasPermission(Sid p, Permission permission) {
return permission == Cloud.PROVISION;
}
};

assertTrue(acl.hasPermission(Jenkins.ANONYMOUS, Cloud.PROVISION));
assertFalse(acl.hasPermission(Jenkins.ANONYMOUS, Jenkins.ADMINISTER));
assertEquals(Cloud.PROVISION, Computer.PERMISSIONS.find("Provision"));
}
}

0 comments on commit 11af7d0

Please sign in to comment.