[FIXED JENKINS-21371] Enhance SecurityRealm API to support queries of…

… the group membership
jenkinsci · Jan 14, 2014 · ec12c07 · ec12c07
1 parent b01ad4d
commit ec12c07
Show file tree

Hide file tree

Showing 2 changed files with 41 additions and 0 deletions.
diff --git a/core/src/main/java/hudson/security/GroupDetails.java b/core/src/main/java/hudson/security/GroupDetails.java
@@ -25,6 +25,8 @@
 
 import org.acegisecurity.userdetails.UserDetails;
 
+import java.util.Set;
+
 /**
  * Represents the details of a group.
  *
@@ -51,4 +53,21 @@ public abstract class GroupDetails {
     public String getDisplayName() {
         return getName();
     }
+
+    /**
+     * Returns the members of the group, or {@code null} if the members were not retrieved. The results of this method
+     * are not live, they represent the membership at the time the {@link GroupDetails} was instantiated. As fetching
+     * the membership of a group can be an expensive operation, it is preferential to use the
+     * {@link SecurityRealm#loadGroupByGroupname(String, boolean)} method to retrieve {@link GroupDetails} in those
+     * cases where you want to try and retrieve the members of the group, though even that method does not guarantee
+     * to retrieve the members of a group as the backing {@link SecurityRealm} implementation may not support such
+     * a query.
+     *
+     * @return the members of the group at the point in time when the {@link GroupDetails} were retrieved, or
+     * {@code null} if the members were not retrieved.
+     * @since 1.549
+     */
+    public Set<String> getMembers() {
+        return null;
+    }
 }
diff --git a/core/src/main/java/hudson/security/SecurityRealm.java b/core/src/main/java/hudson/security/SecurityRealm.java
@@ -317,6 +317,28 @@ public GroupDetails loadGroupByGroupname(String groupname) throws UsernameNotFou
         throw new UserMayOrMayNotExistException(groupname);
     }
 
+    /**
+     * If this {@link SecurityRealm} supports a look up of {@link GroupDetails} by their names, override this method
+     * to provide the look up.
+     * <p/>
+     * <p/>
+     * This information, when available, can be used by {@link AuthorizationStrategy}s to improve the UI and
+     * error diagnostics for the user.
+     *
+     * @param groupname    the name of the group to fetch
+     * @param fetchMembers if {@code true} then try and fetch the members of the group if it exists. Trying does not
+     *                     imply that the members will be fetched and {@link hudson.security.GroupDetails#getMembers()}
+     *                     may still return {@code null}
+     * @throws UserMayOrMayNotExistException if no conclusive result could be determined regarding the group existance.
+     * @throws UsernameNotFoundException     if the group does not exist.
+     * @throws DataAccessException           if the backing security realm could not be connected to.
+     * @since 1.549
+     */
+    public GroupDetails loadGroupByGroupname(String groupname, boolean fetchMembers)
+            throws UsernameNotFoundException, DataAccessException {
+        return loadGroupByGroupname(groupname);
+    }
+
     /**
      * Starts the user registration process for a new user that has the given verified identity.
      *