Skip to content

Commit

Permalink
Merge pull request #9 from Zimperium/permissions_update
Browse files Browse the repository at this point in the history 
Updated permission check
  • Loading branch information
@Oliver-Zimperium
Oliver-Zimperium authored Dec 9, 2024
2 parents 472b13c + f451ccd commit 1b3e33b
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 5 deletions.
2 changes: 1 addition & 1 deletion pom.xml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@
</parent>
<groupId>io.jenkins.plugins</groupId>
<artifactId>zscan-upload</artifactId>
<version>2.1.1</version>
<version>2.2.0</version>
<packaging>hpi</packaging>
<properties>
<!--
Expand Down
12 changes: 8 additions & 4 deletions src/main/java/com/zimperium/plugins/zDevJenkinsUploadPlugin/ZDevUploadPlugin.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@
import hudson.Launcher;
import hudson.Util;
import hudson.model.AbstractProject;
import hudson.model.Job;
import hudson.model.Item;
import hudson.model.Result;
import hudson.model.Run;
import hudson.model.TaskListener;
Expand Down Expand Up @@ -576,17 +576,21 @@ public String getDefaultTeamName() {
}

// Validate credentials by trying to obtain access token
// This method can be executed by anyone since the token is not saved or logged anywhere
// This method can be executed by anyone with job configuration permission
// Only the response code is checked
@POST
public FormValidation doValidateCredentials(
@QueryParameter("endpoint") final String endpoint,
@QueryParameter("clientId") final String clientId,
@QueryParameter("clientSecret") final String clientSecret,
@AncestorInPath Job<?,?> job) {
@AncestorInPath Item item) {

try {
Jenkins.get().checkPermission(hudson.security.Permission.CONFIGURE);
if(item == null){
Jenkins.get().checkPermission(Jenkins.ADMINISTER);
}else {
item.checkPermission(Item.CONFIGURE);
}

OkHttpClient okHttpClient = new OkHttpClient().newBuilder()
.writeTimeout(2, TimeUnit.MINUTES)
Expand Down

0 comments on commit 1b3e33b

Please sign in to comment.