From be6ba414a23076be2dd9c8e692888217a3a526a6 Mon Sep 17 00:00:00 2001 From: Oleg Nenashev Date: Sat, 31 Aug 2013 23:22:46 +0400 Subject: [PATCH 1/4] Added option, which makes plugin to convert all SIDs to the lower-case Resolves: https://issues.jenkins-ci.org/browse/JENKINS-19409 Signed-off-by: Oleg Nenashev --- .../RoleBasedAuthorizationStrategy.java | 44 +++++++++++-- .../hudson/plugins/rolestrategy/RoleMap.java | 12 ++-- .../rolestrategy/RoleStrategyProperties.java | 66 +++++++++++++++++++ .../plugins/rolestrategy/Messages.properties | 1 + .../config.jelly} | 21 ++---- .../RoleStrategyProperties/config.jelly | 29 ++++++++ 6 files changed, 151 insertions(+), 22 deletions(-) create mode 100644 src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties.java rename src/main/{java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyConfigExtension.java => resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy/config.jelly} (74%) create mode 100644 src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly diff --git a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java index c1733107..60940cfd 100644 --- a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java +++ b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java @@ -28,6 +28,7 @@ package com.michelin.cio.hudson.plugins.rolestrategy; +import com.synopsys.arc.jenkins.plugins.rolestrategy.RoleStrategyProperties; import com.synopsys.arc.jenkins.plugins.rolestrategy.RoleType; import com.synopsys.arc.jenkins.plugins.rolestrategy.UserMacroExtension; import com.thoughtworks.xstream.converters.Converter; @@ -81,7 +82,16 @@ public class RoleBasedAuthorizationStrategy extends AuthorizationStrategy { /** {@link RoleMap}s associated to each {@link AccessControlled} class */ private final Map grantedRoles = new HashMap < String, RoleMap >(); + private RoleStrategyProperties globalProperties = RoleStrategyProperties.DEFAULT; + public RoleStrategyProperties getGlobalProperties() { + return globalProperties; + } + + public void setGlobalProperties(RoleStrategyProperties prop) { + globalProperties = prop; + } + /** * Get the root ACL. * @return The global ACL @@ -89,10 +99,9 @@ public class RoleBasedAuthorizationStrategy extends AuthorizationStrategy { @Override public SidACL getRootACL() { RoleMap root = getRoleMap(GLOBAL); - return root.getACL(RoleType.Global, null); + return root.getACL(RoleType.Global, null, globalProperties.isConvertSidsToLowerCase()); } - /** * Universal function for getting ACL for different * @param roleMapName Name of the role map section @@ -108,7 +117,7 @@ private ACL getACL(String roleMapName, String itemName, RoleType roleType, Acces } else { // Create a sub-RoleMap matching the project name, and create an inheriting from root ACL - acl = roleMap.newMatchingRoleMap(itemName).getACL(roleType, item).newInheritingACL(getRootACL()); + acl = roleMap.newMatchingRoleMap(itemName).getACL(roleType, item, globalProperties.isConvertSidsToLowerCase()).newInheritingACL(getRootACL()); } return acl; } @@ -247,12 +256,23 @@ private void assignRole(String type, Role role, String sid) { * update the getRoleMaps() method.

*/ public static class ConverterImpl implements Converter { + private static final String GLOBAL_PROPERTIES_NODE="globalProperties"; + + @Override public boolean canConvert(Class type) { return type==RoleBasedAuthorizationStrategy.class; } + @Override public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) { RoleBasedAuthorizationStrategy strategy = (RoleBasedAuthorizationStrategy)source; + + // Marshal properties + writer.startNode(GLOBAL_PROPERTIES_NODE); + context.convertAnother(strategy.getGlobalProperties()); + writer.endNode(); + + // Marshal role maps Map maps = strategy.getRoleMaps(); for(Map.Entry map : maps.entrySet()) { RoleMap roleMap = map.getValue(); @@ -285,15 +305,24 @@ public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingC writer.endNode(); } } - writer.endNode(); + writer.endNode(); } } + @Override public Object unmarshal(HierarchicalStreamReader reader, final UnmarshallingContext context) { RoleBasedAuthorizationStrategy strategy = create(); while(reader.hasMoreChildren()) { reader.moveDown(); + + // read global properties + if (reader.getNodeName().equals(GLOBAL_PROPERTIES_NODE)) { + Object prop = context.convertAnother(context.currentObject(), RoleStrategyProperties.class); + strategy.setGlobalProperties((RoleStrategyProperties)prop); + } + + // read RoleMaps if(reader.getNodeName().equals("roleMap")) { String type = reader.getAttribute("type"); RoleMap map = new RoleMap(); @@ -482,6 +511,13 @@ else if(oldStrategy instanceof RoleBasedAuthorizationStrategy) { strategy.assignRole(GLOBAL, adminRole, getCurrentUser()); } strategy.renewMacroRoles(); + + // global properties + if (formData.containsKey("globalProperties")) { + RoleStrategyProperties prop = req.bindJSON(RoleStrategyProperties.class, formData.getJSONObject("globalProperties")); + strategy.setGlobalProperties(prop); + } + return strategy; } diff --git a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java index 680f9069..d0adb778 100644 --- a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java +++ b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java @@ -101,8 +101,8 @@ public boolean hasRole(Role role) { * Get the ACL for the current {@link RoleMap}. * @return ACL for the current {@link RoleMap} */ - public SidACL getACL(RoleType roleType, AccessControlled controlledItem) { - return new AclImpl(roleType, controlledItem); + public SidACL getACL(RoleType roleType, AccessControlled controlledItem, boolean ignoresCase) { + return new AclImpl(roleType, controlledItem, ignoresCase); } /** @@ -284,10 +284,13 @@ private final class AclImpl extends SidACL { AccessControlled item; RoleType roleType; + /**Makes SID to convert all SIDs to lower-case*/ + boolean ignoresCase; - public AclImpl(RoleType roleType, AccessControlled item) { + public AclImpl(RoleType roleType, AccessControlled item, boolean ignoresCase) { this.item = item; this.roleType = roleType; + this.ignoresCase = ignoresCase; } /** @@ -299,7 +302,8 @@ public AclImpl(RoleType roleType, AccessControlled item) { */ @Override protected Boolean hasPermission(Sid p, Permission permission) { - if(RoleMap.this.hasPermission(toString(p), permission, roleType, item)) { + String effectiveSID = ignoresCase ? toString(p).toLowerCase() : toString(p); + if(RoleMap.this.hasPermission(effectiveSID, permission, roleType, item)) { return true; } return null; diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties.java b/src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties.java new file mode 100644 index 00000000..79d04787 --- /dev/null +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties.java @@ -0,0 +1,66 @@ +/* + * The MIT License + * + * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package com.synopsys.arc.jenkins.plugins.rolestrategy; + +import com.michelin.cio.hudson.plugins.rolestrategy.Messages; +import hudson.Extension; +import hudson.model.Describable; +import hudson.model.Descriptor; +import java.io.Serializable; +import org.kohsuke.stapler.DataBoundConstructor; + +/** + * Class, which stores global configuration of Role-Strategy security. + * @author Oleg Nenashev + */ +public class RoleStrategyProperties implements Describable, Serializable { + /**Default value, which preserves legacy behavior*/ + public static final RoleStrategyProperties DEFAULT = new RoleStrategyProperties(false); + + boolean convertSidsToLowerCase; + + @DataBoundConstructor + public RoleStrategyProperties(boolean convertSidsToLowerCase) { + this.convertSidsToLowerCase = convertSidsToLowerCase; + } + + public boolean isConvertSidsToLowerCase() { + return convertSidsToLowerCase; + } + + @Override + public Descriptor getDescriptor() { + return DESCRIPTOR; + } + + public static final DescriptorImpl DESCRIPTOR = new DescriptorImpl(); + @Extension + public static final class DescriptorImpl extends Descriptor { + + @Override + public String getDisplayName() { + return Messages.RoleStrategyProperties_DisplayName(); + } + } +} diff --git a/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/Messages.properties b/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/Messages.properties index e79ae808..d6b41454 100644 --- a/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/Messages.properties +++ b/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/Messages.properties @@ -27,3 +27,4 @@ RoleBasedAuthorizationStrategy.Manage=Manage Roles RoleBasedAuthorizationStrategy.ManageAndAssign=Manage and Assign Roles RoleBasedAuthorizationStrategy.Assign=Assign Roles RoleBasedAuthorizationStrategy.ListAvalMacro=List Available Macros +RoleStrategyProperties.DisplayName=Role-Based Strategy Properties diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyConfigExtension.java b/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy/config.jelly similarity index 74% rename from src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyConfigExtension.java rename to src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy/config.jelly index b16c06f1..dd9549a4 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyConfigExtension.java +++ b/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy/config.jelly @@ -1,7 +1,7 @@ -/* + + + + \ No newline at end of file diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly new file mode 100644 index 00000000..020b9df0 --- /dev/null +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly @@ -0,0 +1,29 @@ + + + + + + \ No newline at end of file From d3dadb86d0fe34584ba5a7e5c480eed993dc9879 Mon Sep 17 00:00:00 2001 From: ckreisl Date: Mon, 1 Aug 2022 16:51:02 +0200 Subject: [PATCH 2/4] Minor fixes to enable lowercase sid --- .../RoleBasedAuthorizationStrategy.java | 42 +++++++-------- .../hudson/plugins/rolestrategy/RoleMap.java | 15 +++--- .../rolestrategy/RoleStrategyProperties.java | 53 +++++++++++-------- .../config.jelly | 1 + .../RoleStrategyProperties/config.jelly | 1 + 5 files changed, 57 insertions(+), 55 deletions(-) diff --git a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java index 2937cf67..96562b3b 100644 --- a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java +++ b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java @@ -138,7 +138,7 @@ public RoleStrategyProperties getGlobalProperties() { } public void setGlobalProperties(RoleStrategyProperties prop) { - globalProperties = prop; + globalProperties = prop; } /** @@ -176,21 +176,6 @@ public RoleMap getRoleMap(RoleType roleType) { } /** - private ACL getACL(String roleMapName, String itemName, RoleType roleType, AccessControlled item) - { - SidACL acl; - RoleMap roleMap = grantedRoles.get(roleMapName); - if(roleMap == null) { - acl = getRootACL(); - } - else { - // Create a sub-RoleMap matching the project name, and create an inheriting from root ACL - acl = roleMap.newMatchingRoleMap(itemName).getACL(roleType, item, globalProperties.isConvertSidsToLowerCase()).newInheritingACL(getRootACL()); - } - return acl; - } - - /** * Get the specific ACL for projects. * * @param project The access-controlled project @@ -205,19 +190,22 @@ public ACL getACL(@NonNull Job project) { @Override @NonNull public ACL getACL(@NonNull AbstractItem project) { - return itemRoles.newMatchingRoleMap(project.getFullName()).getACL(RoleType.Project, project).newInheritingACL(getRootACL()); + return itemRoles.newMatchingRoleMap(project.getFullName()).getACL( + RoleType.Project, project, globalProperties.isConvertSidsToLowerCase()).newInheritingACL(getRootACL()); } @Override @NonNull public ACL getACL(@NonNull Computer computer) { - return agentRoles.newMatchingRoleMap(computer.getName()).getACL(RoleType.Slave, computer).newInheritingACL(getRootACL()); + return agentRoles.newMatchingRoleMap(computer.getName()).getACL( + RoleType.Slave, computer, globalProperties.isConvertSidsToLowerCase()).newInheritingACL(getRootACL()); } @Override @NonNull public ACL getACL(@NonNull Node node) { - return agentRoles.newMatchingRoleMap(node.getNodeName()).getACL(RoleType.Slave, node).newInheritingACL(getRootACL()); + return agentRoles.newMatchingRoleMap(node.getNodeName()).getACL( + RoleType.Slave, node, globalProperties.isConvertSidsToLowerCase()).newInheritingACL(getRootACL()); } /** @@ -708,7 +696,7 @@ public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingC public Object unmarshal(HierarchicalStreamReader reader, final UnmarshallingContext context) { final Map roleMaps = new HashMap<>(); - RoleBasedAuthorizationStrategy strategy = create(); + RoleStrategyProperties properties = null; while (reader.hasMoreChildren()) { reader.moveDown(); @@ -716,7 +704,7 @@ public Object unmarshal(HierarchicalStreamReader reader, final UnmarshallingCont // read global properties if (reader.getNodeName().equals(GLOBAL_PROPERTIES_NODE)) { Object prop = context.convertAnother(context.currentObject(), RoleStrategyProperties.class); - strategy.setGlobalProperties((RoleStrategyProperties) prop); + properties = (RoleStrategyProperties) prop; } // roleMaps @@ -763,7 +751,13 @@ public Object unmarshal(HierarchicalStreamReader reader, final UnmarshallingCont reader.moveUp(); } - return new RoleBasedAuthorizationStrategy(roleMaps); + RoleBasedAuthorizationStrategy strategy = new RoleBasedAuthorizationStrategy(roleMaps); + + if (properties != null) { + strategy.setGlobalProperties(properties); + } + + return strategy; } protected RoleBasedAuthorizationStrategy create() { @@ -938,11 +932,11 @@ public AuthorizationStrategy newInstance(StaplerRequest req, JSONObject formData strategy.addRole(RoleType.Global, adminRole); strategy.assignRole(RoleType.Global, adminRole, getCurrentUser()); } - strategy.renewMacroRoles(); // global properties if (formData.containsKey("globalProperties")) { - RoleStrategyProperties prop = req.bindJSON(RoleStrategyProperties.class, formData.getJSONObject("globalProperties")); + RoleStrategyProperties prop = req.bindJSON( + RoleStrategyProperties.class, formData.getJSONObject("globalProperties")); strategy.setGlobalProperties(prop); } diff --git a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java index 40b493a7..d7422bc1 100644 --- a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java +++ b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java @@ -532,13 +532,12 @@ private final class AclImpl extends SidACL { AccessControlled item; RoleType roleType; - /**Makes SID to convert all SIDs to lower-case*/ - boolean ignoresCase; + boolean ignoresCase; // Makes SID to convert all SIDs to lower-case public AclImpl(RoleType roleType, AccessControlled item, boolean ignoresCase) { - this.item = item; - this.roleType = roleType; - this.ignoresCase = ignoresCase; + this.item = item; + this.roleType = roleType; + this.ignoresCase = ignoresCase; } /** @@ -553,9 +552,9 @@ public AclImpl(RoleType roleType, AccessControlled item, boolean ignoresCase) { */ @SuppressFBWarnings(value = "NP_BOOLEAN_RETURN_NULL", justification = "As declared in Jenkins API") @Override - protected Boolean hasPermission(Sid p, Permission permission) { - String effectiveSID = ignoresCase ? toString(p).toLowerCase() : toString(p); - if(RoleMap.this.hasPermission(effectiveSID, permission, roleType, item)) { + protected Boolean hasPermission(Sid sid, Permission permission) { + String effectiveSID = ignoresCase ? toString(sid).toLowerCase() : toString(sid); + if (RoleMap.this.hasPermission(effectiveSID, permission, roleType, item)) { if (item instanceof Item) { final ItemGroup parent = ((Item) item).getParent(); if (parent instanceof Item && (Item.DISCOVER.equals(permission) || Item.READ.equals(permission)) diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties.java b/src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties.java index 79d04787..47a49c8f 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties.java @@ -21,6 +21,7 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. */ + package com.synopsys.arc.jenkins.plugins.rolestrategy; import com.michelin.cio.hudson.plugins.rolestrategy.Messages; @@ -32,35 +33,41 @@ /** * Class, which stores global configuration of Role-Strategy security. - * @author Oleg Nenashev + * */ public class RoleStrategyProperties implements Describable, Serializable { - /**Default value, which preserves legacy behavior*/ - public static final RoleStrategyProperties DEFAULT = new RoleStrategyProperties(false); - - boolean convertSidsToLowerCase; - @DataBoundConstructor - public RoleStrategyProperties(boolean convertSidsToLowerCase) { - this.convertSidsToLowerCase = convertSidsToLowerCase; - } + /* Default value, which preserves legacy behavior */ + public static final RoleStrategyProperties DEFAULT = new RoleStrategyProperties(false); - public boolean isConvertSidsToLowerCase() { - return convertSidsToLowerCase; - } + private boolean convertSidsToLowerCase; - @Override - public Descriptor getDescriptor() { - return DESCRIPTOR; - } + @DataBoundConstructor + public RoleStrategyProperties(boolean convertSidsToLowerCase) { + this.convertSidsToLowerCase = convertSidsToLowerCase; + } - public static final DescriptorImpl DESCRIPTOR = new DescriptorImpl(); - @Extension - public static final class DescriptorImpl extends Descriptor { + public boolean isConvertSidsToLowerCase() { + return convertSidsToLowerCase; + } - @Override - public String getDisplayName() { - return Messages.RoleStrategyProperties_DisplayName(); - } + @Override + public Descriptor getDescriptor() { + return DESCRIPTOR; + } + + public static final DescriptorImpl DESCRIPTOR = new DescriptorImpl(); + + /** + * Default DescriptorImpl. + */ + @Extension + public static final class DescriptorImpl extends Descriptor { + + @Override + public String getDisplayName() { + return Messages.RoleStrategyProperties_DisplayName(); } + } + } diff --git a/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy/config.jelly b/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy/config.jelly index 89ba8f11..a6cf3155 100644 --- a/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy/config.jelly +++ b/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy/config.jelly @@ -21,6 +21,7 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. --> + diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly index 020b9df0..60f9ce4d 100644 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly @@ -21,6 +21,7 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. --> + From 1e20c1a81a57957fa04b0b118f6334156ad17f80 Mon Sep 17 00:00:00 2001 From: ckreisl Date: Mon, 1 Aug 2022 17:44:57 +0200 Subject: [PATCH 3/4] Cleanup, suppress AbbreviationsAsWordInName --- .../RoleBasedAuthorizationStrategy.java | 39 +++++++++++++------ .../hudson/plugins/rolestrategy/RoleMap.java | 7 ++-- .../RoleStrategyProperties/config.jelly | 2 +- 3 files changed, 32 insertions(+), 16 deletions(-) diff --git a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java index 96562b3b..2ecd3204 100644 --- a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java +++ b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java @@ -105,8 +105,7 @@ public class RoleBasedAuthorizationStrategy extends AuthorizationStrategy { private final RoleMap agentRoles; private final RoleMap globalRoles; private final RoleMap itemRoles; - - private RoleStrategyProperties globalProperties = RoleStrategyProperties.DEFAULT; + private RoleStrategyProperties globalProperties; /** * Create new RoleBasedAuthorizationStrategy. @@ -115,6 +114,7 @@ public RoleBasedAuthorizationStrategy() { agentRoles = new RoleMap(); globalRoles = new RoleMap(); itemRoles = new RoleMap(); + globalProperties = RoleStrategyProperties.DEFAULT; } /** @@ -131,6 +131,27 @@ public RoleBasedAuthorizationStrategy(Map grantedRoles) { map = grantedRoles.get(PROJECT); itemRoles = map == null ? new RoleMap() : map; + + globalProperties = RoleStrategyProperties.DEFAULT; + } + + /** + * Creates a new {@link RoleBasedAuthorizationStrategy}. + * + * @param grantedRoles the roles in the strategy + * @param prop global properties + */ + public RoleBasedAuthorizationStrategy(Map grantedRoles, RoleStrategyProperties prop) { + RoleMap map = grantedRoles.get(SLAVE); + agentRoles = map == null ? new RoleMap() : map; + + map = grantedRoles.get(GLOBAL); + globalRoles = map == null ? new RoleMap() : map; + + map = grantedRoles.get(PROJECT); + itemRoles = map == null ? new RoleMap() : map; + + globalProperties = prop == null ? RoleStrategyProperties.DEFAULT : prop; } public RoleStrategyProperties getGlobalProperties() { @@ -696,15 +717,15 @@ public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingC public Object unmarshal(HierarchicalStreamReader reader, final UnmarshallingContext context) { final Map roleMaps = new HashMap<>(); - RoleStrategyProperties properties = null; + RoleStrategyProperties props = null; while (reader.hasMoreChildren()) { reader.moveDown(); // read global properties if (reader.getNodeName().equals(GLOBAL_PROPERTIES_NODE)) { - Object prop = context.convertAnother(context.currentObject(), RoleStrategyProperties.class); - properties = (RoleStrategyProperties) prop; + props = (RoleStrategyProperties) context.convertAnother( + context.currentObject(), RoleStrategyProperties.class); } // roleMaps @@ -751,13 +772,7 @@ public Object unmarshal(HierarchicalStreamReader reader, final UnmarshallingCont reader.moveUp(); } - RoleBasedAuthorizationStrategy strategy = new RoleBasedAuthorizationStrategy(roleMaps); - - if (properties != null) { - strategy.setGlobalProperties(properties); - } - - return strategy; + return new RoleBasedAuthorizationStrategy(roleMaps, props); } protected RoleBasedAuthorizationStrategy create() { diff --git a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java index d7422bc1..d71c1fa5 100644 --- a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java +++ b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java @@ -234,6 +234,7 @@ public boolean hasRole(@NonNull Role role) { * * @return ACL for the current {@link RoleMap} */ + @SuppressWarnings("checkstyle:AbbreviationAsWordInName") public SidACL getACL(RoleType roleType, AccessControlled controlledItem, boolean ignoresCase) { return new AclImpl(roleType, controlledItem, ignoresCase); } @@ -553,8 +554,8 @@ public AclImpl(RoleType roleType, AccessControlled item, boolean ignoresCase) { @SuppressFBWarnings(value = "NP_BOOLEAN_RETURN_NULL", justification = "As declared in Jenkins API") @Override protected Boolean hasPermission(Sid sid, Permission permission) { - String effectiveSID = ignoresCase ? toString(sid).toLowerCase() : toString(sid); - if (RoleMap.this.hasPermission(effectiveSID, permission, roleType, item)) { + String effectiveSid = ignoresCase ? toString(sid).toLowerCase() : toString(sid); + if (RoleMap.this.hasPermission(effectiveSid, permission, roleType, item)) { if (item instanceof Item) { final ItemGroup parent = ((Item) item).getParent(); if (parent instanceof Item && (Item.DISCOVER.equals(permission) || Item.READ.equals(permission)) @@ -579,7 +580,7 @@ && shouldCheckParentPermissions()) { if (auth instanceof RoleBasedAuthorizationStrategy && pns instanceof RoleBasedProjectNamingStrategy) { RoleBasedAuthorizationStrategy rbas = (RoleBasedAuthorizationStrategy) auth; RoleMap roleMapProject = rbas.getRoleMap(RoleType.Project); - if (roleMapProject.hasPermission(effectiveSID, permission, RoleType.Project, item)) { + if (roleMapProject.hasPermission(effectiveSid, permission, RoleType.Project, item)) { return true; } } diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly index 60f9ce4d..54746fd8 100644 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly @@ -27,4 +27,4 @@ - \ No newline at end of file + From 154d78c37cd9556cf8ef09d6bb2c976823608b3e Mon Sep 17 00:00:00 2001 From: ckreisl Date: Mon, 1 Aug 2022 17:56:33 +0200 Subject: [PATCH 4/4] Add '@CheckForNull' back to function --- .../com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java | 1 + 1 file changed, 1 insertion(+) diff --git a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java index d71c1fa5..cb709b00 100644 --- a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java +++ b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java @@ -553,6 +553,7 @@ public AclImpl(RoleType roleType, AccessControlled item, boolean ignoresCase) { */ @SuppressFBWarnings(value = "NP_BOOLEAN_RETURN_NULL", justification = "As declared in Jenkins API") @Override + @CheckForNull protected Boolean hasPermission(Sid sid, Permission permission) { String effectiveSid = ignoresCase ? toString(sid).toLowerCase() : toString(sid); if (RoleMap.this.hasPermission(effectiveSid, permission, roleType, item)) {