Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
JENKINS-41657 allow filling of credential ids outside of the context …
…of a job, only when ADMINISTER permission is granted
  • Loading branch information
mryan43 authored and Manuel Ryan committed Feb 23, 2017
1 parent 47cc6e0 commit a56bf2d
Show file tree
Hide file tree
Showing 3 changed files with 27 additions and 2 deletions.
8 changes: 7 additions & 1 deletion src/main/java/hudson/plugins/mercurial/MercurialSCM.java
Expand Up @@ -1056,14 +1056,20 @@ public boolean configure(StaplerRequest req, JSONObject json) throws FormExcepti
}

public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Job<?,?> owner, @QueryParameter String source) {
if (owner == null || !owner.hasPermission(Item.EXTENDED_READ)) {
if (!hasAccessToCredentialsMetadata(owner)) {
return new ListBoxModel();
}
return new StandardUsernameListBoxModel()
.withEmptySelection()
.withAll(availableCredentials(owner, new EnvVars( ).expand( source )));
}

private boolean hasAccessToCredentialsMetadata(Job<?,?> owner) {
if (owner == null){
return Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER);
}
return owner.hasPermission(Item.EXTENDED_READ);
}
}

private static final long serialVersionUID = 1L;
Expand Down
Expand Up @@ -230,14 +230,21 @@ private static List<? extends StandardUsernameCredentials> availableCredentials(
}

public ListBoxModel doFillCredentialsIdItems(@AncestorInPath SCMSourceOwner owner, @QueryParameter String source) {
if (owner == null || !owner.hasPermission(Item.EXTENDED_READ)) {
if (!hasAccessToCredentialsMetadata(owner)) {
return new ListBoxModel();
}
return new StandardUsernameListBoxModel()
.withEmptySelection()
.withAll(availableCredentials(owner, source));
}

private boolean hasAccessToCredentialsMetadata(SCMSourceOwner owner){
if (owner == null){
return Jenkins.getActiveInstance().hasPermission(Jenkins.ADMINISTER);
}
return owner.hasPermission(Item.EXTENDED_READ);
}

public FormValidation doCheckBranchPattern(@QueryParameter String value) {
try {
Pattern.compile(value);
Expand Down
12 changes: 12 additions & 0 deletions src/test/java/hudson/plugins/mercurial/ConfigurationTest.java
Expand Up @@ -49,6 +49,7 @@
import org.junit.Rule;
import org.jvnet.hudson.test.Issue;
import org.jvnet.hudson.test.JenkinsRule;
import org.jvnet.hudson.test.MockAuthorizationStrategy;

public class ConfigurationTest {

Expand Down Expand Up @@ -91,6 +92,17 @@ public class ConfigurationTest {
assertFalse(scm.isDisableChangeLog());
}

@Test public void doFillCredentialsIdItemsWithoutJobWhenAdmin() throws Exception {
r.jenkins.setSecurityRealm(r.createDummySecurityRealm());
MockAuthorizationStrategy as = new MockAuthorizationStrategy();
// This AuthorizationStrategy has the ADMINISTER permission granted by default
r.jenkins.setAuthorizationStrategy(as);
UsernamePasswordCredentialsImpl c = new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, null, "test", "bob", "s3cr3t");
CredentialsProvider.lookupStores(r.jenkins).iterator().next().addCredentials(Domain.global(), c);
ListBoxModel options = r.jenkins.getDescriptorByType(MercurialSCM.DescriptorImpl.class).doFillCredentialsIdItems(null, "http://nowhere.net/");
assertEquals(CredentialsNameProvider.name(c), options.get(1).name);
}

@Issue("SECURITY-158")
@Test public void doFillCredentialsIdItems() throws Exception {
r.jenkins.setSecurityRealm(r.createDummySecurityRealm());
Expand Down

0 comments on commit a56bf2d

Please sign in to comment.