Skip to content

Commit

Permalink
[JENKINS-16502] Permission to see an executor/slave
Browse files Browse the repository at this point in the history 
- This is an initial version of the feature.
- The information about slave names is still exposed via label autocomplete
  • Loading branch information
@stephenc
stephenc committed Sep 24, 2013
1 parent 84a176b commit 647695e
Show file tree
Hide file tree
Showing 10 changed files with 21 additions and 8 deletions.
3 changes: 3 additions & 0 deletions changelog.html
View file
Expand Up @@ -58,6 +58,9 @@
<li class=rfe>
Offer alternate error message for pattern-based project naming strategy.
(<a href="https://github.com/jenkinsci/jenkins/pull/914">pull request 914</a>)
<li class=rfe>
Add support for hiding build slaves from users.
(<a href="https://issues.jenkins-ci.org/browse/JENKINS-16502">issue 16502</a>)
</ul>
</div><!--=TRUNK-END=-->

Expand Down
4 changes: 4 additions & 0 deletions core/src/main/java/hudson/model/Computer.java
View file
Expand Up @@ -1373,6 +1373,10 @@ public boolean accept(File dir, String name) {
public static final Permission DISCONNECT = new Permission(PERMISSIONS,"Disconnect", Messages._Computer_DisconnectPermission_Description(), Jenkins.ADMINISTER, PermissionScope.COMPUTER);
public static final Permission CONNECT = new Permission(PERMISSIONS,"Connect", Messages._Computer_ConnectPermission_Description(), DISCONNECT, PermissionScope.COMPUTER);
public static final Permission BUILD = new Permission(PERMISSIONS, "Build", Messages._Computer_BuildPermission_Description(), Permission.WRITE, PermissionScope.COMPUTER);
/**
* @since 1.533
*/
public static final Permission VIEW = new Permission(PERMISSIONS, "View", Messages._Computer_ViewPermission_Description(), Permission.READ, PermissionScope.COMPUTER);

private static final Logger LOGGER = Logger.getLogger(Computer.class.getName());
}
9 changes: 7 additions & 2 deletions core/src/main/java/jenkins/model/Jenkins.java
View file
Expand Up @@ -1533,7 +1533,12 @@ public boolean isUpgradedFromBefore(VersionNumber v) {
* Gets the read-only list of all {@link Computer}s.
*/
public Computer[] getComputers() {
Computer[] r = computers.values().toArray(new Computer[computers.size()]);
Collection<Computer> computers = new ArrayList<Computer>(this.computers.size());
for (Computer c: this.computers.values()) {
if (c.hasPermission(Computer.VIEW))
computers.add(c);
}
Computer[] r = computers.toArray(new Computer[computers.size()]);
Arrays.sort(r,new Comparator<Computer>() {
final Collator collator = Collator.getInstance();
public int compare(Computer lhs, Computer rhs) {
Expand All @@ -1552,7 +1557,7 @@ public Computer getComputer(@Argument(required=true,metaVar="NAME",usage="Node n

for (Computer c : computers.values()) {
if(c.getName().equals(name))
return c;
return c.hasPermission(Computer.VIEW) ? c : null;
}
return null;
}
Expand Down
2 changes: 1 addition & 1 deletion core/src/main/resources/hudson/model/Computer/builds.jelly
View file
Expand Up @@ -24,7 +24,7 @@ THE SOFTWARE.

<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt">
<l:layout title="${it.displayName}">
<l:layout title="${it.displayName}" permission="${it.VIEW}">
<st:include page="sidepanel.jelly" />
<l:main-panel>
<h1>
Expand Down
2 changes: 1 addition & 1 deletion core/src/main/resources/hudson/model/Computer/delete.jelly
View file
Expand Up @@ -24,7 +24,7 @@ THE SOFTWARE.

<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt">
<l:layout>
<l:layout permission="${it.DELETE}">
<st:include page="sidepanel.jelly" />
<l:main-panel>
<form method="post" action="doDelete">
Expand Down
2 changes: 1 addition & 1 deletion core/src/main/resources/hudson/model/Computer/index.jelly
View file
Expand Up @@ -24,7 +24,7 @@ THE SOFTWARE.

<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt">
<l:layout title="${it.displayName}">
<l:layout title="${it.displayName}" permission="${it.VIEW}">
<st:include page="sidepanel.jelly" />
<l:main-panel>

Expand Down
2 changes: 1 addition & 1 deletion core/src/main/resources/hudson/model/Computer/load-statistics.jelly
View file
Expand Up @@ -24,7 +24,7 @@ THE SOFTWARE.

<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt">
<l:layout title="${it.displayName} Load Statistics">
<l:layout title="${it.displayName} Load Statistics" permission="${it.VIEW}">
<st:include page="sidepanel.jelly" />
<l:main-panel>
<st:include page="main.jelly" from="${it.loadStatistics}" />
Expand Down
2 changes: 1 addition & 1 deletion core/src/main/resources/hudson/model/Computer/markOffline.jelly
View file
Expand Up @@ -24,7 +24,7 @@ THE SOFTWARE.

<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt">
<l:layout title="${%title(it.displayName)}" norefresh="true">
<l:layout title="${%title(it.displayName)}" norefresh="true" permission="${it.VIEW}">
<st:include page="sidepanel.jelly" />
<l:main-panel>
<l:hasPermission permission="${it.DISCONNECT}">
Expand Down
2 changes: 1 addition & 1 deletion core/src/main/resources/hudson/model/Computer/setOfflineCause.jelly
View file
Expand Up @@ -24,7 +24,7 @@ THE SOFTWARE.

<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:i="jelly:fmt">
<l:layout title="${%title(it.displayName)}" norefresh="true">
<l:layout title="${%title(it.displayName)}" norefresh="true" permission="${it.VIEW}">
<st:include page="sidepanel.jelly" />
<l:main-panel>
<l:hasPermission permission="${it.DISCONNECT}">
Expand Down
1 change: 1 addition & 0 deletions core/src/main/resources/hudson/model/Messages.properties
View file
Expand Up @@ -109,6 +109,7 @@ Computer.CreatePermission.Description=This permission allows users to create sla
Computer.ConnectPermission.Description=This permission allows users to connect slaves or mark slaves as online.
Computer.DisconnectPermission.Description=This permission allows users to disconnect slaves or mark slaves as temporarily offline.
Computer.BuildPermission.Description=This permission allows users to run jobs as them on slaves.
Computer.ViewPermission.Description=This permission allows users to see the slaves.
Computer.BadChannel=Slave node offline or not a remote channel (such as master node).

ComputerSet.NoSuchSlave=No such slave: {0}
Expand Down

4 comments on commit 647695e

@mrebasti
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Stephen,

I noticed that the tests hudson.bugs.JnlpAccessWithSecuredHudsonTest.testAnonymousCannotGetSecrets and hudson.bugs.JnlpAccessWithSecuredHudsonTest.testServiceUsingDirectSecret began to fail after this commit.

Both tests runs fine after add the line "hudson.model.Computer.View:anonymous" into the files test\src\main\preset-data\no-anonymous-readaccess\config.xml and test\src\main\preset-data\anonymous-readonly\config.xml. I don't know if this is the correct fix or if it's better change the tests instead.

If this kind of comments are suposed to be done in the dev-list, please tell me. I'm just new hacking jenkins.

Marcelo Rebasti

@jglick
Copy link
Member

@jglick jglick commented on 647695e Sep 27, 2013

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reverted in master and rc branches.

@olivergondza
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we consider naming it DISCOVER in case there will be a new patch? Seems analogous to Item.DISCOVER.

@jglick
Copy link
Member

@jglick jglick commented on 647695e Oct 3, 2013

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@olivergondza I do not think so; DISCOVER does not offer viewing permission, it merely allows you to distinguish a nonexistent job (404) from a job you cannot view (403).

Please sign in to comment.