hudson.security.PermissionGroup Java Examples
The following examples show how to use
hudson.security.PermissionGroup.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: PermissionFinder.java From folder-auth-plugin with MIT License | 6 votes |
|
/**
* Attempt to match a given permission to what is defined in the UI.
* @param id String of the form "Title/Permission" (Look in the UI) for a particular permission
* @return a matched permission ID
*/
@CheckForNull
public static String findPermissionId(String id) {
List<PermissionGroup> pgs = PermissionGroup.getAll();
Matcher m = PERMISSION_PATTERN.matcher(id);
if(m.matches()) {
String owner = m.group(1);
String name = m.group(2);
for(PermissionGroup pg : pgs) {
if(pg.owner.equals(Permission.class)) {
continue;
}
if(pg.getId().equals(owner)) {
return pg.owner.getName() + "." + name;
}
}
}
return null;
}
Example #2
| Source File: FolderBasedAuthorizationStrategy.java From folder-auth-plugin with MIT License | 6 votes |
|
@Nonnull
@Override
public FolderBasedAuthorizationStrategy newInstance(@Nullable StaplerRequest req, @Nonnull JSONObject formData) {
AuthorizationStrategy strategy = Jenkins.get().getAuthorizationStrategy();
if (strategy instanceof FolderBasedAuthorizationStrategy) {
// this action was invoked from the 'Configure Global Security' page when the
// old strategy was FolderBasedAuthorizationStrategy; return it back as formData would be empty
return (FolderBasedAuthorizationStrategy) strategy;
} else {
// when this AuthorizationStrategy is selected for the first time, this makes the current
// user admin (give all permissions) and prevents him/her from getting access denied.
// The same thing happens in Role Strategy plugin. See RoleBasedStrategy.DESCRIPTOR.newInstance()
HashSet<PermissionGroup> groups = new HashSet<>(PermissionGroup.getAll());
groups.remove(PermissionGroup.get(Permission.class));
Set<PermissionWrapper> adminPermissions = PermissionWrapper.wrapPermissions(
FolderAuthorizationStrategyManagementLink.getSafePermissions(groups));
GlobalRole adminRole = new GlobalRole(ADMIN_ROLE_NAME, adminPermissions,
Collections.singleton(new PrincipalSid(Jenkins.getAuthentication()).getPrincipal()));
return new FolderBasedAuthorizationStrategy(Collections.singleton(adminRole), Collections.emptySet(),
Collections.emptySet());
}
}
Example #3
| Source File: FolderAuthorizationStrategyManagementLink.java From folder-auth-plugin with MIT License | 5 votes |
|
@Nonnull
@Restricted(NoExternalUse.class)
@SuppressWarnings("unused") // used by index.jelly
public Set<Permission> getGlobalPermissions() {
HashSet<PermissionGroup> groups = new HashSet<>(PermissionGroup.getAll());
groups.remove(PermissionGroup.get(Permission.class));
return getSafePermissions(groups);
}
Example #4
| Source File: FolderAuthorizationStrategyManagementLink.java From folder-auth-plugin with MIT License | 5 votes |
|
@Nonnull
@Restricted(NoExternalUse.class)
@SuppressWarnings("unused") // used by index.jelly
public Set<Permission> getFolderPermissions() {
HashSet<PermissionGroup> groups = new HashSet<>(PermissionGroup.getAll());
groups.remove(PermissionGroup.get(Hudson.class));
groups.remove(PermissionGroup.get(Computer.class));
groups.remove(PermissionGroup.get(Permission.class));
return getSafePermissions(groups);
}
Example #5
| Source File: FolderAuthorizationStrategyManagementLink.java From folder-auth-plugin with MIT License | 5 votes |
|
@Nonnull
@Restricted(NoExternalUse.class)
@SuppressWarnings("unused") // used by index.jelly
public Set<Permission> getAgentPermissions() {
HashSet<PermissionGroup> groups = new HashSet<>(PermissionGroup.getAll());
groups.remove(PermissionGroup.get(Run.class));
groups.remove(PermissionGroup.get(SCM.class));
groups.remove(PermissionGroup.get(View.class));
groups.remove(PermissionGroup.get(Item.class));
groups.remove(PermissionGroup.get(Hudson.class));
groups.remove(PermissionGroup.get(Permission.class));
return getSafePermissions(groups);
}
Example #6
| Source File: FolderAuthorizationStrategyManagementLink.java From folder-auth-plugin with MIT License | 5 votes |
|
@Nonnull
static Set<Permission> getSafePermissions(Set<PermissionGroup> groups) {
TreeSet<Permission> safePermissions = new TreeSet<>(Permission.ID_COMPARATOR);
groups.stream().map(PermissionGroup::getPermissions).forEach(safePermissions::addAll);
safePermissions.removeAll(PermissionWrapper.DANGEROUS_PERMISSIONS);
return safePermissions;
}
Example #7
| Source File: FolderBasedAuthorizationStrategyTest.java From folder-auth-plugin with MIT License | 4 votes |
|
@Before
public void setUp() throws Exception {
Jenkins jenkins = jenkinsRule.jenkins;
jenkins.setSecurityRealm(jenkinsRule.createDummySecurityRealm());
FolderBasedAuthorizationStrategy strategy = new FolderBasedAuthorizationStrategy(Collections.emptySet(),
Collections.emptySet(), Collections.emptySet());
jenkins.setAuthorizationStrategy(strategy);
final String adminRoleName = "adminRole";
final String overallReadRoleName = "overallRead";
FolderAuthorizationStrategyAPI.addGlobalRole(new GlobalRole(adminRoleName,
wrapPermissions(FolderAuthorizationStrategyManagementLink.getSafePermissions(
new HashSet<>(PermissionGroup.getAll())))));
FolderAuthorizationStrategyAPI.assignSidToGlobalRole("admin", adminRoleName);
FolderAuthorizationStrategyAPI.addGlobalRole(new GlobalRole(overallReadRoleName, wrapPermissions(Permission.READ)));
FolderAuthorizationStrategyAPI.assignSidToGlobalRole("authenticated", overallReadRoleName);
FolderAuthorizationStrategyAPI.addFolderRole(new FolderRole("folderRole1", wrapPermissions(Item.READ),
ImmutableSet.of("root")));
FolderAuthorizationStrategyAPI.assignSidToFolderRole("user1", "folderRole1");
FolderAuthorizationStrategyAPI.assignSidToFolderRole("user2", "folderRole1");
FolderAuthorizationStrategyAPI.addFolderRole(new FolderRole("folderRole2", wrapPermissions(Item.CONFIGURE, Item.DELETE),
ImmutableSet.of("root/child1")));
FolderAuthorizationStrategyAPI.assignSidToFolderRole("user2", "folderRole2");
/*
* Folder hierarchy for the test
*
* root
* / \
* child1 child2
* / \
* child3 job1
* /
* job2
*/
root = jenkins.createProject(Folder.class, "root");
child1 = root.createProject(Folder.class, "child1");
child2 = root.createProject(Folder.class, "child2");
child3 = child1.createProject(Folder.class, "child3");
job1 = child2.createProject(FreeStyleProject.class, "job1");
job2 = child3.createProject(FreeStyleProject.class, "job2");
admin = User.getById("admin", true);
user1 = User.getById("user1", true);
user2 = User.getById("user2", true);
}
