Skip to content

Commit

Permalink
[JENKINS-21327] replace RUN_SCRIPTS with a new Scritpler RUN permission
Browse files Browse the repository at this point in the history
  • Loading branch information
@imod
imod committed May 15, 2017
1 parent cbafe3c commit 71054a6
Show file tree
Hide file tree
Showing 6 changed files with 28 additions and 20 deletions.
30 changes: 18 additions & 12 deletions src/main/java/org/jenkinsci/plugins/scriptler/ScriptlerManagement.java
View file
Expand Up @@ -28,6 +28,8 @@
import hudson.Util;
import hudson.model.*;
import hudson.security.Permission;
import hudson.security.PermissionGroup;
import hudson.security.PermissionScope;
import jenkins.model.Jenkins;
import org.apache.commons.fileupload.FileItem;
import org.apache.commons.lang.StringUtils;
Expand All @@ -40,6 +42,7 @@
import org.jenkinsci.plugins.scriptler.share.ScriptInfoCatalog;
import org.jenkinsci.plugins.scriptler.util.ScriptHelper;
import org.jenkinsci.plugins.scriptler.util.UIHelper;
import org.jvnet.localizer.Localizable;
import org.kohsuke.stapler.*;
import org.kohsuke.stapler.interceptor.RequirePOST;

Expand All @@ -65,6 +68,9 @@ public class ScriptlerManagement extends ManagementLink implements RootAction {
private final static String ALL = "(all)";
private final static String ALL_SLAVES = "(all slaves)";

public static final PermissionGroup SCRITPLER_PERMISSONS = new PermissionGroup(ScriptlerManagement.class, Messages._permissons_title());
public static final Permission RUN = new Permission(SCRITPLER_PERMISSONS, "Run", Messages._permissons_run_description(), Jenkins.ADMINISTER, PermissionScope.JENKINS);

private boolean isRunScriptPermissionEnabled() {
return getConfiguration().isAllowRunScriptPermission();
}
Expand Down Expand Up @@ -128,8 +134,8 @@ public ScriptlerConfiguration getConfiguration() {
}

public String getPluginResourcePath() {
PluginWrapper wrapper = Hudson.getInstance().getPluginManager().getPlugin(ScriptlerPluginImpl.class);
return Hudson.getInstance().getRootUrl() + "plugin/" + wrapper.getShortName() + "/";
PluginWrapper wrapper = Jenkins.getInstance().getPluginManager().getPlugin(ScriptlerPluginImpl.class);
return Jenkins.getInstance().getRootUrl() + "plugin/" + wrapper.getShortName() + "/";
}

/**
Expand All @@ -146,7 +152,7 @@ public String getPluginResourcePath() {
@RequirePOST
public HttpResponse doScriptlerSettings(StaplerRequest res, StaplerResponse rsp, @QueryParameter("disableRemoteCatalog") boolean disableRemoteCatalog, @QueryParameter("allowRunScriptPermission") boolean allowRunScriptPermission,
@QueryParameter("allowRunScriptEdit") boolean allowRunScriptEdit) throws IOException {
checkPermission(Hudson.ADMINISTER);
checkPermission(Jenkins.ADMINISTER);

ScriptlerConfiguration cfg = getConfiguration();
cfg.setDisbableRemoteCatalog(disableRemoteCatalog);
Expand Down Expand Up @@ -174,7 +180,7 @@ public HttpResponse doScriptlerSettings(StaplerRequest res, StaplerResponse rsp,
*/
@RequirePOST
public HttpResponse doDownloadScript(StaplerRequest req, StaplerResponse rsp, @QueryParameter("id") String id, @QueryParameter("catalog") String catalogName) throws IOException, ServletException {
checkPermission(Hudson.ADMINISTER);
checkPermission(Jenkins.ADMINISTER);

ScriptlerConfiguration c = getConfiguration();
if (c.isDisbableRemoteCatalog()) {
Expand Down Expand Up @@ -233,7 +239,7 @@ public HttpResponse doDownloadScript(StaplerRequest req, StaplerResponse rsp, @Q
public HttpResponse doScriptAdd(StaplerRequest req, StaplerResponse rsp, @QueryParameter("id") String id, @QueryParameter("name") String name, @QueryParameter("comment") String comment, @QueryParameter("script") String script,
@QueryParameter("nonAdministerUsing") boolean nonAdministerUsing, @QueryParameter("onlyMaster") boolean onlyMaster, String originCatalogName, String originId) throws IOException, ServletException {

checkPermission(Hudson.ADMINISTER);
checkPermission(Jenkins.ADMINISTER);

Parameter[] parameters = UIHelper.extractParameters(req.getSubmittedForm());

Expand Down Expand Up @@ -304,7 +310,7 @@ private GitScriptlerRepository getGitRepo() {
* @throws IOException
*/
public HttpResponse doHardResetGit() throws IOException {
checkPermission(Hudson.ADMINISTER);
checkPermission(Jenkins.ADMINISTER);
getGitRepo().hardReset();
return new HttpRedirect("/scriptler.git");
}
Expand All @@ -323,7 +329,7 @@ public HttpResponse doHardResetGit() throws IOException {
*/
@RequirePOST
public HttpResponse doRemoveScript(StaplerRequest res, StaplerResponse rsp, @QueryParameter("id") String id) throws IOException {
checkPermission(Hudson.ADMINISTER);
checkPermission(Jenkins.ADMINISTER);

// remove the file
File oldScript = new File(getScriptDirectory(), id);
Expand Down Expand Up @@ -357,7 +363,7 @@ public HttpResponse doRemoveScript(StaplerRequest res, StaplerResponse rsp, @Que
*/
@RequirePOST
public HttpResponse doUploadScript(StaplerRequest req) throws IOException, ServletException {
checkPermission(Hudson.ADMINISTER);
checkPermission(Jenkins.ADMINISTER);
try {


Expand Down Expand Up @@ -588,7 +594,7 @@ private String[] resolveSlaveNames(String nameAlias) {
* @throws ServletException
*/
public void doShowScript(StaplerRequest req, StaplerResponse rsp, @QueryParameter("id") String id) throws IOException, ServletException {
checkPermission(Hudson.RUN_SCRIPTS);
checkPermission(ScriptlerManagement.RUN);

Script script = ScriptHelper.getScript(id, true);
req.setAttribute("script", script);
Expand All @@ -608,7 +614,7 @@ public void doShowScript(StaplerRequest req, StaplerResponse rsp, @QueryParamete
* @throws ServletException
*/
public void doEditScript(StaplerRequest req, StaplerResponse rsp, @QueryParameter("id") String id) throws IOException, ServletException {
checkPermission(Hudson.ADMINISTER);
checkPermission(Jenkins.ADMINISTER);

Script script = ScriptHelper.getScript(id, true);
req.setAttribute("script", script);
Expand Down Expand Up @@ -696,11 +702,11 @@ public static File getScriptDirectory() {
}

public static File getScriptlerHomeDirectory() {
return new File(Hudson.getInstance().getRootDir(), "scriptler");
return new File(Jenkins.getInstance().getRootDir(), "scriptler");
}

private void checkPermission(Permission permission) {
Hudson.getInstance().checkPermission(permission);
Jenkins.getInstance().checkPermission(permission);
}

private String fixFileName(String catalogName, String name) {
Expand Down
6 changes: 3 additions & 3 deletions src/main/java/org/jenkinsci/plugins/scriptler/builder/ScriptlerBuilder.java
View file
Expand Up @@ -145,7 +145,7 @@ public static final class DescriptorImpl extends BuildStepDescriptor<Builder> {

@Override
public boolean isApplicable(Class<? extends AbstractProject> jobType) {
return Jenkins.getInstance().hasPermission(Jenkins.RUN_SCRIPTS);
return Jenkins.getInstance().hasPermission(getRequiredPermission());
}

@Override
Expand All @@ -162,7 +162,7 @@ public ScriptlerBuilder newInstance(StaplerRequest req, JSONObject formData) thr
ScriptlerBuilder builder = null;
String builderId = formData.optString("builderId");

if (!Jenkins.getInstance().hasPermission(Jenkins.RUN_SCRIPTS)) {
if (!Jenkins.getInstance().hasPermission(ScriptlerManagement.RUN)) {
// the user has no permission to change the builders, therefore we reload the builder without his changes!
final String backupJobName = formData.optString("backupJobName");

Expand Down Expand Up @@ -226,7 +226,7 @@ private ScriptlerConfiguration getConfig() {
/**
* gets the argument description to be displayed on the screen when selecting a config in the dropdown
*
* @param configId
* @param scriptlerScriptId
* the config id to get the arguments description for
* @return the description
*/
Expand Down
4 changes: 3 additions & 1 deletion src/main/resources/org/jenkinsci/plugins/scriptler/Messages.properties
View file
Expand Up @@ -39,4 +39,6 @@ skipParamter = skipping parameter [{0}] this name is used internal, please renam
resultPrefix = Result:
no_parameters_defined = There is not any parameter defined for this job.
tokenmacro_AdminScriptOnly = The script [{0}] exists, but is marked to be used by admins only and is therefore not allowed for usage in the TokenMacro.
tokenmacro_ScriptDoesNotExist = No script with the id [{0}] could be found.
tokenmacro_ScriptDoesNotExist = No script with the id [{0}] could be found.
permissons_title = Scriptler
permissons_run_description = allow execution of scritpler scripts
2 changes: 1 addition & 1 deletion src/main/webapp/help-allowRunScriptEdit.html
View file
@@ -1,4 +1,4 @@
<div>
Checking this option, allows users who have the 'RunScript' permission to change a scriptler scripts before executing it.<br />
Checking this option, allows users who have the 'Scriptler/Run' permission to change a scriptler scripts before executing it.<br />
A user can seriously harm your system and compromise your security!
</div>
2 changes: 1 addition & 1 deletion src/main/webapp/help-allowRunScriptPermission.html
View file
@@ -1,3 +1,3 @@
<div>
Checking this option, allows users who have the 'RunScript' permission to run scriptler scripts.
Checking this option, allows users who have the 'Scriptler/Run' permission to run scriptler scripts.
</div>
4 changes: 2 additions & 2 deletions src/test/java/org/jenkinsci/plugins/scriptler/restapi/ScriptlerRestApiTest.java
View file
Expand Up @@ -30,10 +30,10 @@ public class ScriptlerRestApiTest {
private static final String SCRIPT_ID = "dummy.groovy";

@Rule
public static JenkinsRule j = new JenkinsRule();
public JenkinsRule j = new JenkinsRule();

@ClassRule
public BuildWatcher bw = new BuildWatcher();
public static BuildWatcher bw = new BuildWatcher();

@Before
public void setup() throws Exception {
Expand Down

0 comments on commit 71054a6

Please sign in to comment.