From be6ba414a23076be2dd9c8e692888217a3a526a6 Mon Sep 17 00:00:00 2001
From: Oleg Nenashev
Date: Sat, 31 Aug 2013 23:22:46 +0400
Subject: [PATCH 1/4] Added option, which makes plugin to convert all SIDs to
the lower-case Resolves: https://issues.jenkins-ci.org/browse/JENKINS-19409
Signed-off-by: Oleg Nenashev
---
.../RoleBasedAuthorizationStrategy.java | 44 +++++++++++--
.../hudson/plugins/rolestrategy/RoleMap.java | 12 ++--
.../rolestrategy/RoleStrategyProperties.java | 66 +++++++++++++++++++
.../plugins/rolestrategy/Messages.properties | 1 +
.../config.jelly} | 21 ++----
.../RoleStrategyProperties/config.jelly | 29 ++++++++
6 files changed, 151 insertions(+), 22 deletions(-)
create mode 100644 src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties.java
rename src/main/{java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyConfigExtension.java => resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy/config.jelly} (74%)
create mode 100644 src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly
diff --git a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java
index c1733107..60940cfd 100644
--- a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java
+++ b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java
@@ -28,6 +28,7 @@
package com.michelin.cio.hudson.plugins.rolestrategy;
+import com.synopsys.arc.jenkins.plugins.rolestrategy.RoleStrategyProperties;
import com.synopsys.arc.jenkins.plugins.rolestrategy.RoleType;
import com.synopsys.arc.jenkins.plugins.rolestrategy.UserMacroExtension;
import com.thoughtworks.xstream.converters.Converter;
@@ -81,7 +82,16 @@ public class RoleBasedAuthorizationStrategy extends AuthorizationStrategy {
/** {@link RoleMap}s associated to each {@link AccessControlled} class */
private final Map grantedRoles = new HashMap < String, RoleMap >();
+ private RoleStrategyProperties globalProperties = RoleStrategyProperties.DEFAULT;
+ public RoleStrategyProperties getGlobalProperties() {
+ return globalProperties;
+ }
+
+ public void setGlobalProperties(RoleStrategyProperties prop) {
+ globalProperties = prop;
+ }
+
/**
* Get the root ACL.
* @return The global ACL
@@ -89,10 +99,9 @@ public class RoleBasedAuthorizationStrategy extends AuthorizationStrategy {
@Override
public SidACL getRootACL() {
RoleMap root = getRoleMap(GLOBAL);
- return root.getACL(RoleType.Global, null);
+ return root.getACL(RoleType.Global, null, globalProperties.isConvertSidsToLowerCase());
}
-
/**
* Universal function for getting ACL for different
* @param roleMapName Name of the role map section
@@ -108,7 +117,7 @@ private ACL getACL(String roleMapName, String itemName, RoleType roleType, Acces
}
else {
// Create a sub-RoleMap matching the project name, and create an inheriting from root ACL
- acl = roleMap.newMatchingRoleMap(itemName).getACL(roleType, item).newInheritingACL(getRootACL());
+ acl = roleMap.newMatchingRoleMap(itemName).getACL(roleType, item, globalProperties.isConvertSidsToLowerCase()).newInheritingACL(getRootACL());
}
return acl;
}
@@ -247,12 +256,23 @@ private void assignRole(String type, Role role, String sid) {
* update the getRoleMaps() method.
*/
public static class ConverterImpl implements Converter {
+ private static final String GLOBAL_PROPERTIES_NODE="globalProperties";
+
+ @Override
public boolean canConvert(Class type) {
return type==RoleBasedAuthorizationStrategy.class;
}
+ @Override
public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) {
RoleBasedAuthorizationStrategy strategy = (RoleBasedAuthorizationStrategy)source;
+
+ // Marshal properties
+ writer.startNode(GLOBAL_PROPERTIES_NODE);
+ context.convertAnother(strategy.getGlobalProperties());
+ writer.endNode();
+
+ // Marshal role maps
Map maps = strategy.getRoleMaps();
for(Map.Entry map : maps.entrySet()) {
RoleMap roleMap = map.getValue();
@@ -285,15 +305,24 @@ public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingC
writer.endNode();
}
}
- writer.endNode();
+ writer.endNode();
}
}
+ @Override
public Object unmarshal(HierarchicalStreamReader reader, final UnmarshallingContext context) {
RoleBasedAuthorizationStrategy strategy = create();
while(reader.hasMoreChildren()) {
reader.moveDown();
+
+ // read global properties
+ if (reader.getNodeName().equals(GLOBAL_PROPERTIES_NODE)) {
+ Object prop = context.convertAnother(context.currentObject(), RoleStrategyProperties.class);
+ strategy.setGlobalProperties((RoleStrategyProperties)prop);
+ }
+
+ // read RoleMaps
if(reader.getNodeName().equals("roleMap")) {
String type = reader.getAttribute("type");
RoleMap map = new RoleMap();
@@ -482,6 +511,13 @@ else if(oldStrategy instanceof RoleBasedAuthorizationStrategy) {
strategy.assignRole(GLOBAL, adminRole, getCurrentUser());
}
strategy.renewMacroRoles();
+
+ // global properties
+ if (formData.containsKey("globalProperties")) {
+ RoleStrategyProperties prop = req.bindJSON(RoleStrategyProperties.class, formData.getJSONObject("globalProperties"));
+ strategy.setGlobalProperties(prop);
+ }
+
return strategy;
}
diff --git a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java
index 680f9069..d0adb778 100644
--- a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java
+++ b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java
@@ -101,8 +101,8 @@ public boolean hasRole(Role role) {
* Get the ACL for the current {@link RoleMap}.
* @return ACL for the current {@link RoleMap}
*/
- public SidACL getACL(RoleType roleType, AccessControlled controlledItem) {
- return new AclImpl(roleType, controlledItem);
+ public SidACL getACL(RoleType roleType, AccessControlled controlledItem, boolean ignoresCase) {
+ return new AclImpl(roleType, controlledItem, ignoresCase);
}
/**
@@ -284,10 +284,13 @@ private final class AclImpl extends SidACL {
AccessControlled item;
RoleType roleType;
+ /**Makes SID to convert all SIDs to lower-case*/
+ boolean ignoresCase;
- public AclImpl(RoleType roleType, AccessControlled item) {
+ public AclImpl(RoleType roleType, AccessControlled item, boolean ignoresCase) {
this.item = item;
this.roleType = roleType;
+ this.ignoresCase = ignoresCase;
}
/**
@@ -299,7 +302,8 @@ public AclImpl(RoleType roleType, AccessControlled item) {
*/
@Override
protected Boolean hasPermission(Sid p, Permission permission) {
- if(RoleMap.this.hasPermission(toString(p), permission, roleType, item)) {
+ String effectiveSID = ignoresCase ? toString(p).toLowerCase() : toString(p);
+ if(RoleMap.this.hasPermission(effectiveSID, permission, roleType, item)) {
return true;
}
return null;
diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties.java b/src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties.java
new file mode 100644
index 00000000..79d04787
--- /dev/null
+++ b/src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties.java
@@ -0,0 +1,66 @@
+/*
+ * The MIT License
+ *
+ * Copyright 2013 Oleg Nenashev , Synopsys Inc.
+ *
+ * Permission is hereby granted, free of charge, to any person obtaining a copy
+ * of this software and associated documentation files (the "Software"), to deal
+ * in the Software without restriction, including without limitation the rights
+ * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+ * copies of the Software, and to permit persons to whom the Software is
+ * furnished to do so, subject to the following conditions:
+ *
+ * The above copyright notice and this permission notice shall be included in
+ * all copies or substantial portions of the Software.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+ * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+ * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+ * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+ * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
+ * THE SOFTWARE.
+ */
+package com.synopsys.arc.jenkins.plugins.rolestrategy;
+
+import com.michelin.cio.hudson.plugins.rolestrategy.Messages;
+import hudson.Extension;
+import hudson.model.Describable;
+import hudson.model.Descriptor;
+import java.io.Serializable;
+import org.kohsuke.stapler.DataBoundConstructor;
+
+/**
+ * Class, which stores global configuration of Role-Strategy security.
+ * @author Oleg Nenashev
+ */
+public class RoleStrategyProperties implements Describable, Serializable {
+ /**Default value, which preserves legacy behavior*/
+ public static final RoleStrategyProperties DEFAULT = new RoleStrategyProperties(false);
+
+ boolean convertSidsToLowerCase;
+
+ @DataBoundConstructor
+ public RoleStrategyProperties(boolean convertSidsToLowerCase) {
+ this.convertSidsToLowerCase = convertSidsToLowerCase;
+ }
+
+ public boolean isConvertSidsToLowerCase() {
+ return convertSidsToLowerCase;
+ }
+
+ @Override
+ public Descriptor getDescriptor() {
+ return DESCRIPTOR;
+ }
+
+ public static final DescriptorImpl DESCRIPTOR = new DescriptorImpl();
+ @Extension
+ public static final class DescriptorImpl extends Descriptor {
+
+ @Override
+ public String getDisplayName() {
+ return Messages.RoleStrategyProperties_DisplayName();
+ }
+ }
+}
diff --git a/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/Messages.properties b/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/Messages.properties
index e79ae808..d6b41454 100644
--- a/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/Messages.properties
+++ b/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/Messages.properties
@@ -27,3 +27,4 @@ RoleBasedAuthorizationStrategy.Manage=Manage Roles
RoleBasedAuthorizationStrategy.ManageAndAssign=Manage and Assign Roles
RoleBasedAuthorizationStrategy.Assign=Assign Roles
RoleBasedAuthorizationStrategy.ListAvalMacro=List Available Macros
+RoleStrategyProperties.DisplayName=Role-Based Strategy Properties
diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyConfigExtension.java b/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy/config.jelly
similarity index 74%
rename from src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyConfigExtension.java
rename to src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy/config.jelly
index b16c06f1..dd9549a4 100644
--- a/src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyConfigExtension.java
+++ b/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy/config.jelly
@@ -1,7 +1,7 @@
-/*
+
+
+
+
\ No newline at end of file
diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly
new file mode 100644
index 00000000..020b9df0
--- /dev/null
+++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly
@@ -0,0 +1,29 @@
+
+
+
+
+
+
\ No newline at end of file
From d3dadb86d0fe34584ba5a7e5c480eed993dc9879 Mon Sep 17 00:00:00 2001
From: ckreisl
Date: Mon, 1 Aug 2022 16:51:02 +0200
Subject: [PATCH 2/4] Minor fixes to enable lowercase sid
---
.../RoleBasedAuthorizationStrategy.java | 42 +++++++--------
.../hudson/plugins/rolestrategy/RoleMap.java | 15 +++---
.../rolestrategy/RoleStrategyProperties.java | 53 +++++++++++--------
.../config.jelly | 1 +
.../RoleStrategyProperties/config.jelly | 1 +
5 files changed, 57 insertions(+), 55 deletions(-)
diff --git a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java
index 2937cf67..96562b3b 100644
--- a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java
+++ b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java
@@ -138,7 +138,7 @@ public RoleStrategyProperties getGlobalProperties() {
}
public void setGlobalProperties(RoleStrategyProperties prop) {
- globalProperties = prop;
+ globalProperties = prop;
}
/**
@@ -176,21 +176,6 @@ public RoleMap getRoleMap(RoleType roleType) {
}
/**
- private ACL getACL(String roleMapName, String itemName, RoleType roleType, AccessControlled item)
- {
- SidACL acl;
- RoleMap roleMap = grantedRoles.get(roleMapName);
- if(roleMap == null) {
- acl = getRootACL();
- }
- else {
- // Create a sub-RoleMap matching the project name, and create an inheriting from root ACL
- acl = roleMap.newMatchingRoleMap(itemName).getACL(roleType, item, globalProperties.isConvertSidsToLowerCase()).newInheritingACL(getRootACL());
- }
- return acl;
- }
-
- /**
* Get the specific ACL for projects.
*
* @param project The access-controlled project
@@ -205,19 +190,22 @@ public ACL getACL(@NonNull Job, ?> project) {
@Override
@NonNull
public ACL getACL(@NonNull AbstractItem project) {
- return itemRoles.newMatchingRoleMap(project.getFullName()).getACL(RoleType.Project, project).newInheritingACL(getRootACL());
+ return itemRoles.newMatchingRoleMap(project.getFullName()).getACL(
+ RoleType.Project, project, globalProperties.isConvertSidsToLowerCase()).newInheritingACL(getRootACL());
}
@Override
@NonNull
public ACL getACL(@NonNull Computer computer) {
- return agentRoles.newMatchingRoleMap(computer.getName()).getACL(RoleType.Slave, computer).newInheritingACL(getRootACL());
+ return agentRoles.newMatchingRoleMap(computer.getName()).getACL(
+ RoleType.Slave, computer, globalProperties.isConvertSidsToLowerCase()).newInheritingACL(getRootACL());
}
@Override
@NonNull
public ACL getACL(@NonNull Node node) {
- return agentRoles.newMatchingRoleMap(node.getNodeName()).getACL(RoleType.Slave, node).newInheritingACL(getRootACL());
+ return agentRoles.newMatchingRoleMap(node.getNodeName()).getACL(
+ RoleType.Slave, node, globalProperties.isConvertSidsToLowerCase()).newInheritingACL(getRootACL());
}
/**
@@ -708,7 +696,7 @@ public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingC
public Object unmarshal(HierarchicalStreamReader reader, final UnmarshallingContext context) {
final Map roleMaps = new HashMap<>();
- RoleBasedAuthorizationStrategy strategy = create();
+ RoleStrategyProperties properties = null;
while (reader.hasMoreChildren()) {
reader.moveDown();
@@ -716,7 +704,7 @@ public Object unmarshal(HierarchicalStreamReader reader, final UnmarshallingCont
// read global properties
if (reader.getNodeName().equals(GLOBAL_PROPERTIES_NODE)) {
Object prop = context.convertAnother(context.currentObject(), RoleStrategyProperties.class);
- strategy.setGlobalProperties((RoleStrategyProperties) prop);
+ properties = (RoleStrategyProperties) prop;
}
// roleMaps
@@ -763,7 +751,13 @@ public Object unmarshal(HierarchicalStreamReader reader, final UnmarshallingCont
reader.moveUp();
}
- return new RoleBasedAuthorizationStrategy(roleMaps);
+ RoleBasedAuthorizationStrategy strategy = new RoleBasedAuthorizationStrategy(roleMaps);
+
+ if (properties != null) {
+ strategy.setGlobalProperties(properties);
+ }
+
+ return strategy;
}
protected RoleBasedAuthorizationStrategy create() {
@@ -938,11 +932,11 @@ public AuthorizationStrategy newInstance(StaplerRequest req, JSONObject formData
strategy.addRole(RoleType.Global, adminRole);
strategy.assignRole(RoleType.Global, adminRole, getCurrentUser());
}
- strategy.renewMacroRoles();
// global properties
if (formData.containsKey("globalProperties")) {
- RoleStrategyProperties prop = req.bindJSON(RoleStrategyProperties.class, formData.getJSONObject("globalProperties"));
+ RoleStrategyProperties prop = req.bindJSON(
+ RoleStrategyProperties.class, formData.getJSONObject("globalProperties"));
strategy.setGlobalProperties(prop);
}
diff --git a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java
index 40b493a7..d7422bc1 100644
--- a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java
+++ b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java
@@ -532,13 +532,12 @@ private final class AclImpl extends SidACL {
AccessControlled item;
RoleType roleType;
- /**Makes SID to convert all SIDs to lower-case*/
- boolean ignoresCase;
+ boolean ignoresCase; // Makes SID to convert all SIDs to lower-case
public AclImpl(RoleType roleType, AccessControlled item, boolean ignoresCase) {
- this.item = item;
- this.roleType = roleType;
- this.ignoresCase = ignoresCase;
+ this.item = item;
+ this.roleType = roleType;
+ this.ignoresCase = ignoresCase;
}
/**
@@ -553,9 +552,9 @@ public AclImpl(RoleType roleType, AccessControlled item, boolean ignoresCase) {
*/
@SuppressFBWarnings(value = "NP_BOOLEAN_RETURN_NULL", justification = "As declared in Jenkins API")
@Override
- protected Boolean hasPermission(Sid p, Permission permission) {
- String effectiveSID = ignoresCase ? toString(p).toLowerCase() : toString(p);
- if(RoleMap.this.hasPermission(effectiveSID, permission, roleType, item)) {
+ protected Boolean hasPermission(Sid sid, Permission permission) {
+ String effectiveSID = ignoresCase ? toString(sid).toLowerCase() : toString(sid);
+ if (RoleMap.this.hasPermission(effectiveSID, permission, roleType, item)) {
if (item instanceof Item) {
final ItemGroup parent = ((Item) item).getParent();
if (parent instanceof Item && (Item.DISCOVER.equals(permission) || Item.READ.equals(permission))
diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties.java b/src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties.java
index 79d04787..47a49c8f 100644
--- a/src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties.java
+++ b/src/main/java/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties.java
@@ -21,6 +21,7 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*/
+
package com.synopsys.arc.jenkins.plugins.rolestrategy;
import com.michelin.cio.hudson.plugins.rolestrategy.Messages;
@@ -32,35 +33,41 @@
/**
* Class, which stores global configuration of Role-Strategy security.
- * @author Oleg Nenashev
+ *
*/
public class RoleStrategyProperties implements Describable, Serializable {
- /**Default value, which preserves legacy behavior*/
- public static final RoleStrategyProperties DEFAULT = new RoleStrategyProperties(false);
-
- boolean convertSidsToLowerCase;
- @DataBoundConstructor
- public RoleStrategyProperties(boolean convertSidsToLowerCase) {
- this.convertSidsToLowerCase = convertSidsToLowerCase;
- }
+ /* Default value, which preserves legacy behavior */
+ public static final RoleStrategyProperties DEFAULT = new RoleStrategyProperties(false);
- public boolean isConvertSidsToLowerCase() {
- return convertSidsToLowerCase;
- }
+ private boolean convertSidsToLowerCase;
- @Override
- public Descriptor getDescriptor() {
- return DESCRIPTOR;
- }
+ @DataBoundConstructor
+ public RoleStrategyProperties(boolean convertSidsToLowerCase) {
+ this.convertSidsToLowerCase = convertSidsToLowerCase;
+ }
- public static final DescriptorImpl DESCRIPTOR = new DescriptorImpl();
- @Extension
- public static final class DescriptorImpl extends Descriptor {
+ public boolean isConvertSidsToLowerCase() {
+ return convertSidsToLowerCase;
+ }
- @Override
- public String getDisplayName() {
- return Messages.RoleStrategyProperties_DisplayName();
- }
+ @Override
+ public Descriptor getDescriptor() {
+ return DESCRIPTOR;
+ }
+
+ public static final DescriptorImpl DESCRIPTOR = new DescriptorImpl();
+
+ /**
+ * Default DescriptorImpl.
+ */
+ @Extension
+ public static final class DescriptorImpl extends Descriptor {
+
+ @Override
+ public String getDisplayName() {
+ return Messages.RoleStrategyProperties_DisplayName();
}
+ }
+
}
diff --git a/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy/config.jelly b/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy/config.jelly
index 89ba8f11..a6cf3155 100644
--- a/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy/config.jelly
+++ b/src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy/config.jelly
@@ -21,6 +21,7 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
-->
+
diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly
index 020b9df0..60f9ce4d 100644
--- a/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly
+++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly
@@ -21,6 +21,7 @@
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
-->
+
From 1e20c1a81a57957fa04b0b118f6334156ad17f80 Mon Sep 17 00:00:00 2001
From: ckreisl
Date: Mon, 1 Aug 2022 17:44:57 +0200
Subject: [PATCH 3/4] Cleanup, suppress AbbreviationsAsWordInName
---
.../RoleBasedAuthorizationStrategy.java | 39 +++++++++++++------
.../hudson/plugins/rolestrategy/RoleMap.java | 7 ++--
.../RoleStrategyProperties/config.jelly | 2 +-
3 files changed, 32 insertions(+), 16 deletions(-)
diff --git a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java
index 96562b3b..2ecd3204 100644
--- a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java
+++ b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java
@@ -105,8 +105,7 @@ public class RoleBasedAuthorizationStrategy extends AuthorizationStrategy {
private final RoleMap agentRoles;
private final RoleMap globalRoles;
private final RoleMap itemRoles;
-
- private RoleStrategyProperties globalProperties = RoleStrategyProperties.DEFAULT;
+ private RoleStrategyProperties globalProperties;
/**
* Create new RoleBasedAuthorizationStrategy.
@@ -115,6 +114,7 @@ public RoleBasedAuthorizationStrategy() {
agentRoles = new RoleMap();
globalRoles = new RoleMap();
itemRoles = new RoleMap();
+ globalProperties = RoleStrategyProperties.DEFAULT;
}
/**
@@ -131,6 +131,27 @@ public RoleBasedAuthorizationStrategy(Map grantedRoles) {
map = grantedRoles.get(PROJECT);
itemRoles = map == null ? new RoleMap() : map;
+
+ globalProperties = RoleStrategyProperties.DEFAULT;
+ }
+
+ /**
+ * Creates a new {@link RoleBasedAuthorizationStrategy}.
+ *
+ * @param grantedRoles the roles in the strategy
+ * @param prop global properties
+ */
+ public RoleBasedAuthorizationStrategy(Map grantedRoles, RoleStrategyProperties prop) {
+ RoleMap map = grantedRoles.get(SLAVE);
+ agentRoles = map == null ? new RoleMap() : map;
+
+ map = grantedRoles.get(GLOBAL);
+ globalRoles = map == null ? new RoleMap() : map;
+
+ map = grantedRoles.get(PROJECT);
+ itemRoles = map == null ? new RoleMap() : map;
+
+ globalProperties = prop == null ? RoleStrategyProperties.DEFAULT : prop;
}
public RoleStrategyProperties getGlobalProperties() {
@@ -696,15 +717,15 @@ public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingC
public Object unmarshal(HierarchicalStreamReader reader, final UnmarshallingContext context) {
final Map roleMaps = new HashMap<>();
- RoleStrategyProperties properties = null;
+ RoleStrategyProperties props = null;
while (reader.hasMoreChildren()) {
reader.moveDown();
// read global properties
if (reader.getNodeName().equals(GLOBAL_PROPERTIES_NODE)) {
- Object prop = context.convertAnother(context.currentObject(), RoleStrategyProperties.class);
- properties = (RoleStrategyProperties) prop;
+ props = (RoleStrategyProperties) context.convertAnother(
+ context.currentObject(), RoleStrategyProperties.class);
}
// roleMaps
@@ -751,13 +772,7 @@ public Object unmarshal(HierarchicalStreamReader reader, final UnmarshallingCont
reader.moveUp();
}
- RoleBasedAuthorizationStrategy strategy = new RoleBasedAuthorizationStrategy(roleMaps);
-
- if (properties != null) {
- strategy.setGlobalProperties(properties);
- }
-
- return strategy;
+ return new RoleBasedAuthorizationStrategy(roleMaps, props);
}
protected RoleBasedAuthorizationStrategy create() {
diff --git a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java
index d7422bc1..d71c1fa5 100644
--- a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java
+++ b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java
@@ -234,6 +234,7 @@ public boolean hasRole(@NonNull Role role) {
*
* @return ACL for the current {@link RoleMap}
*/
+ @SuppressWarnings("checkstyle:AbbreviationAsWordInName")
public SidACL getACL(RoleType roleType, AccessControlled controlledItem, boolean ignoresCase) {
return new AclImpl(roleType, controlledItem, ignoresCase);
}
@@ -553,8 +554,8 @@ public AclImpl(RoleType roleType, AccessControlled item, boolean ignoresCase) {
@SuppressFBWarnings(value = "NP_BOOLEAN_RETURN_NULL", justification = "As declared in Jenkins API")
@Override
protected Boolean hasPermission(Sid sid, Permission permission) {
- String effectiveSID = ignoresCase ? toString(sid).toLowerCase() : toString(sid);
- if (RoleMap.this.hasPermission(effectiveSID, permission, roleType, item)) {
+ String effectiveSid = ignoresCase ? toString(sid).toLowerCase() : toString(sid);
+ if (RoleMap.this.hasPermission(effectiveSid, permission, roleType, item)) {
if (item instanceof Item) {
final ItemGroup parent = ((Item) item).getParent();
if (parent instanceof Item && (Item.DISCOVER.equals(permission) || Item.READ.equals(permission))
@@ -579,7 +580,7 @@ && shouldCheckParentPermissions()) {
if (auth instanceof RoleBasedAuthorizationStrategy && pns instanceof RoleBasedProjectNamingStrategy) {
RoleBasedAuthorizationStrategy rbas = (RoleBasedAuthorizationStrategy) auth;
RoleMap roleMapProject = rbas.getRoleMap(RoleType.Project);
- if (roleMapProject.hasPermission(effectiveSID, permission, RoleType.Project, item)) {
+ if (roleMapProject.hasPermission(effectiveSid, permission, RoleType.Project, item)) {
return true;
}
}
diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly
index 60f9ce4d..54746fd8 100644
--- a/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly
+++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/rolestrategy/RoleStrategyProperties/config.jelly
@@ -27,4 +27,4 @@
-
\ No newline at end of file
+
From 154d78c37cd9556cf8ef09d6bb2c976823608b3e Mon Sep 17 00:00:00 2001
From: ckreisl
Date: Mon, 1 Aug 2022 17:56:33 +0200
Subject: [PATCH 4/4] Add '@CheckForNull' back to function
---
.../com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java | 1 +
1 file changed, 1 insertion(+)
diff --git a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java
index d71c1fa5..cb709b00 100644
--- a/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java
+++ b/src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java
@@ -553,6 +553,7 @@ public AclImpl(RoleType roleType, AccessControlled item, boolean ignoresCase) {
*/
@SuppressFBWarnings(value = "NP_BOOLEAN_RETURN_NULL", justification = "As declared in Jenkins API")
@Override
+ @CheckForNull
protected Boolean hasPermission(Sid sid, Permission permission) {
String effectiveSid = ignoresCase ? toString(sid).toLowerCase() : toString(sid);
if (RoleMap.this.hasPermission(effectiveSid, permission, roleType, item)) {