Skip to content

Commit

Permalink
[FIXED JENKINS-31727] - Add AccessDenied checks to make the configura…
Browse files Browse the repository at this point in the history 
…tion robust against Item.DISCOVER without Item.READ
  • Loading branch information
@oleg-nenashev
oleg-nenashev committed Dec 14, 2015
1 parent 15604f1 commit 9ebaae3
Showing 1 changed file with 43 additions and 4 deletions.
47 changes: 43 additions & 4 deletions src/main/java/hudson/plugins/parameterizedtrigger/BuildTriggerConfig.java
View file
Expand Up @@ -55,6 +55,8 @@
import java.util.Set;
import java.util.StringTokenizer;
import java.util.concurrent.Future;
import javax.annotation.Nonnull;
import org.acegisecurity.AccessDeniedException;

public class BuildTriggerConfig implements Describable<BuildTriggerConfig> {

Expand Down Expand Up @@ -141,10 +143,11 @@ public List<AbstractProject> getProjectList(ItemGroup context, EnvVars env) {
* @param env Environment variables from which to expand project names; Might be {@code null}.
* @param context
* The container with which to resolve relative project names.
* If the user has no {@link Item#READ} permission, the job won't be added to the list.
*/
public List<Job> getJobs(ItemGroup context, EnvVars env) {
List<Job> projectList = new ArrayList<Job>();
projectList.addAll(Items.fromNameList(context, getProjects(env), Job.class));
projectList.addAll(readableItemsFromNameList(context, getProjects(env), Job.class));
return projectList;
}

Expand Down Expand Up @@ -207,7 +210,8 @@ private static void iterateBuilds(AbstractProject context, String projects, SubP
// If we don't have any build there's no point to trying to resolved dynamic projects
if (currentBuild == null) {
// But we can still get statically defined project
subProjectData.getFixed().addAll(Items.fromNameList(context.getParent(), projects, AbstractProject.class));
subProjectData.getFixed().addAll(readableItemsFromNameList(context.getParent(), projects, AbstractProject.class));

// Remove them from unsolved
for (AbstractProject staticProject : subProjectData.getFixed()) {
subProjectData.getUnresolved().remove(staticProject.getFullName());
Expand All @@ -233,6 +237,34 @@ private static void iterateBuilds(AbstractProject context, String projects, SubP
}
}
}

/**
* Retrieves readable items from the list.
* @param <T> Type of the item
* @param context Current item
* @param list String list of items
* @param type Type of items to be retrieved
* @return List of readable items, others will be skipped if {@link AccessDeniedException} happens
*/
private static <T extends Item> List<T> readableItemsFromNameList(
ItemGroup context, @Nonnull String list, @Nonnull Class<T> type) {
Jenkins hudson = Jenkins.getInstance();

List<T> r = new ArrayList<T>();
StringTokenizer tokens = new StringTokenizer(list,",");
while(tokens.hasMoreTokens()) {
String fullName = tokens.nextToken().trim();
T item = null;
try {
item = hudson.getItem(fullName, context, type);
} catch (AccessDeniedException ex) {
// Ignore, item won't be added to the resulting list
}
if(item!=null)
r.add(item);
}
return r;
}

/**
* Retrieves the environment variable from a build and tries to resolves the remaining unresolved projects. If
Expand Down Expand Up @@ -265,7 +297,14 @@ private static void resolveProject(AbstractBuild build, SubProjectData subProjec
destinationSet = subProjectData.getDynamic();
}

AbstractProject resolvedProject = Jenkins.getInstance().getItem(unresolvedProjectName, build.getProject().getParent(), AbstractProject.class);
final Jenkins jenkins = Jenkins.getInstance();
AbstractProject resolvedProject = null;
try {
resolvedProject = jenkins == null ? null :
jenkins.getItem(unresolvedProjectName, build.getProject().getParent(), AbstractProject.class);
} catch (AccessDeniedException ex) {
// Permission check failure (DISCOVER w/o READ) => we leave the job unresolved
}
if (resolvedProject != null) {
destinationSet.add(resolvedProject);
unsolvedProjectIterator.remove();
Expand All @@ -274,7 +313,7 @@ private static void resolveProject(AbstractBuild build, SubProjectData subProjec

if (build != null && build.getAction(BuildInfoExporterAction.class) != null) {
String triggeredProjects = build.getAction(BuildInfoExporterAction.class).getProjectListString(",");
subProjectData.getTriggered().addAll(Items.fromNameList(build.getParent().getParent(), triggeredProjects, AbstractProject.class));
subProjectData.getTriggered().addAll(readableItemsFromNameList(build.getParent().getParent(), triggeredProjects, AbstractProject.class));
}
}

Expand Down

0 comments on commit 9ebaae3

Please sign in to comment.