Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
[JENKINS-50204] Restricting by domain and read-only permissions
  • Loading branch information
agentgonzo committed Apr 12, 2018
1 parent a5f6ccb commit 6a1ad95
Showing 1 changed file with 9 additions and 15 deletions.
@@ -1,5 +1,6 @@
package com.cloudbees.jenkins.plugins.kubernetes_credentials_provider;

import java.util.Collections;
import java.util.List;
import edu.umd.cs.findbugs.annotations.NonNull;
import edu.umd.cs.findbugs.annotations.Nullable;
Expand All @@ -13,6 +14,7 @@
import hudson.security.Permission;
import jenkins.model.Jenkins;
import com.cloudbees.plugins.credentials.Credentials;
import com.cloudbees.plugins.credentials.CredentialsProvider;
import com.cloudbees.plugins.credentials.CredentialsStore;
import com.cloudbees.plugins.credentials.CredentialsStoreAction;
import com.cloudbees.plugins.credentials.domains.Domain;
Expand All @@ -35,14 +37,17 @@ public ModelObject getContext() {

@Override
public boolean hasPermission(@NonNull Authentication authentication, @NonNull Permission permission) {
return Jenkins.getInstance().getACL().hasPermission(authentication, permission);
return CredentialsProvider.VIEW.equals(permission) &&
Jenkins.getInstance().getACL().hasPermission(authentication, permission);
}

@NonNull
@Override
public List<Credentials> getCredentials(@NonNull Domain domain) {
// TODO: Filter by domain - how do I do this?
return provider.getCredentials(Credentials.class, Jenkins.getInstance(), ACL.SYSTEM);
// Only the global domain is supported
return Domain.global().equals(domain)
? provider.getCredentials(Credentials.class, Jenkins.getInstance(), ACL.SYSTEM)
: Collections.emptyList();
}

@Override
Expand Down Expand Up @@ -95,37 +100,26 @@ private void addIcons() {
Icon.ICON_XLARGE_STYLE, IconType.PLUGIN));
}

/**
* {@inheritDoc}
*/
@Override
@NonNull
public CredentialsStore getStore() {
return store;
}

/**
* {@inheritDoc}
*/
@Override
public String getIconFileName() {
return isVisible()
? "/plugin/kubernetes-credentials-provider/images/32x32/kubernetes-store.png"
: null;
}

/**
* {@inheritDoc}
*/
@Override
public String getIconClassName() {
return isVisible()
? "icon-credentials-kubernetes-store"
: null;
}

/**
* {@inheritDoc}
*/
@Override
public String getDisplayName() {
return "Kubernetes";
Expand Down

0 comments on commit 6a1ad95

Please sign in to comment.