Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorWinston Prakash2014-01-14 20:14:49 -0500
committerWinston Prakash2014-01-14 20:14:49 -0500
commitb836f95983e8ee9d96df16f7a39065cefeb97523 (patch)
tree4831bc07ad6e862e941e4ec4698598e118611650
parent3ed47faa878d87e79674affd601ce824fe64e1c2 (diff)
downloadorg.eclipse.hudson.core-b836f95983e8ee9d96df16f7a39065cefeb97523.tar.gz
org.eclipse.hudson.core-b836f95983e8ee9d96df16f7a39065cefeb97523.tar.xz
org.eclipse.hudson.core-b836f95983e8ee9d96df16f7a39065cefeb97523.zip
Fix: 425639 - Add job configuration view permission to Team permissions set
-rw-r--r--hudson-core/src/main/java/org/eclipse/hudson/security/team/TeamBasedACL.java54
-rw-r--r--hudson-core/src/main/java/org/eclipse/hudson/security/team/TeamJob.java22
-rw-r--r--hudson-core/src/main/java/org/eclipse/hudson/security/team/TeamManager.java5
-rw-r--r--hudson-core/src/main/resources/org/eclipse/hudson/security/team/Team/index.jelly1
-rw-r--r--hudson-core/src/main/resources/org/eclipse/hudson/security/team/TeamManager/teamTemplates.jelly7
-rw-r--r--hudson-war/src/main/webapp/scripts/team-manager.js20
6 files changed, 83 insertions, 26 deletions
diff --git a/hudson-core/src/main/java/org/eclipse/hudson/security/team/TeamBasedACL.java b/hudson-core/src/main/java/org/eclipse/hudson/security/team/TeamBasedACL.java
index f82540eb..0632f039 100644
--- a/hudson-core/src/main/java/org/eclipse/hudson/security/team/TeamBasedACL.java
+++ b/hudson-core/src/main/java/org/eclipse/hudson/security/team/TeamBasedACL.java
@@ -125,32 +125,50 @@ public class TeamBasedACL extends SidACL {
}
// Grant Read permission to Public Jobs and jobs based on visibility
if (permission.getImpliedBy() == Permission.READ) {
- try {
- Team publicTeam = teamManager.findTeam(PublicTeam.PUBLIC_TEAM_NAME);
-
- if (publicTeam.isJobOwner(job.getName())) {
- if (permission.getImpliedBy() == Permission.READ) {
+ if (hasReadPermission(jobTeam, permission, userName)){
+ return true;
+ }
+ }
+ if (permission == Item.EXTENDED_READ) {
+ if (hasReadPermission(jobTeam, permission, userName)) {
+ if (jobTeam != null) {
+ TeamJob teamJob = jobTeam.findJob(job.getName());
+ if (teamJob.isAllowConfigView()) {
return true;
}
}
- } catch (TeamNotFoundException ex) {
- logger.error("The public team must exists.", ex);
}
+ }
+ }
+ return null;
+ }
+
+ private boolean hasReadPermission(Team jobTeam, Permission permission, String userName) {
+ // Grant Read permission to Public Jobs and jobs based on visibility
+ try {
+ Team publicTeam = teamManager.findTeam(PublicTeam.PUBLIC_TEAM_NAME);
- if (jobTeam != null) {
- TeamJob teamJob = jobTeam.findJob(job.getName());
- for (Team userTeam : teamManager.findUserTeams(userName)) {
- if (teamJob.isVisible(userTeam.getName())) {
- return true;
- }
- }
- if (teamJob.isVisible(PublicTeam.PUBLIC_TEAM_NAME)) {
- return true;
- }
+ if (publicTeam.isJobOwner(job.getName())) {
+ if (permission.getImpliedBy() == Permission.READ) {
+ return true;
}
}
+ } catch (TeamNotFoundException ex) {
+ logger.error("The public team must exists.", ex);
}
- return null;
+
+ if (jobTeam != null) {
+ TeamJob teamJob = jobTeam.findJob(job.getName());
+ for (Team userTeam : teamManager.findUserTeams(userName)) {
+ if (teamJob.isVisible(userTeam.getName())) {
+ return true;
+ }
+ }
+ if (teamJob.isVisible(PublicTeam.PUBLIC_TEAM_NAME)) {
+ return true;
+ }
+ }
+ return false;
}
private boolean isTeamAwareSecurityRealm() {
diff --git a/hudson-core/src/main/java/org/eclipse/hudson/security/team/TeamJob.java b/hudson-core/src/main/java/org/eclipse/hudson/security/team/TeamJob.java
index a6fd27da..65fe9282 100644
--- a/hudson-core/src/main/java/org/eclipse/hudson/security/team/TeamJob.java
+++ b/hudson-core/src/main/java/org/eclipse/hudson/security/team/TeamJob.java
@@ -28,7 +28,8 @@ import java.util.Set;
public class TeamJob {
private String id;
- private Set<String> visibleToTeams = new HashSet<String>();
+ private final Set<String> visibleToTeams = new HashSet<String>();
+ private boolean allow_config_view;
public TeamJob() {
}
@@ -44,6 +45,14 @@ public class TeamJob {
public void setId(String id) {
this.id = id;
}
+
+ public boolean isAllowConfigView() {
+ return allow_config_view;
+ }
+
+ public void setAllowConfigView(boolean allow_config_view) {
+ this.allow_config_view = allow_config_view;
+ }
void addVisibility(String teamName) {
if (!visibleToTeams.contains(teamName)) {
@@ -105,6 +114,12 @@ public class TeamJob {
writer.setValue(strWriter.toString());
writer.endNode();
}
+
+ if (teamJob.isAllowConfigView()){
+ writer.startNode("allowConfigView");
+ writer.setValue("true");
+ writer.endNode();
+ }
}
@Override
@@ -121,6 +136,11 @@ public class TeamJob {
teamJob.visibleToTeams.add(teamName);
}
}
+ if ("allowConfigView".equals(reader.getNodeName())) {
+ if ("true".equals(reader.getValue())) {
+ teamJob.allow_config_view = true;
+ }
+ }
reader.moveUp();
}
return teamJob;
diff --git a/hudson-core/src/main/java/org/eclipse/hudson/security/team/TeamManager.java b/hudson-core/src/main/java/org/eclipse/hudson/security/team/TeamManager.java
index 5f56ce1c..9da33284 100644
--- a/hudson-core/src/main/java/org/eclipse/hudson/security/team/TeamManager.java
+++ b/hudson-core/src/main/java/org/eclipse/hudson/security/team/TeamManager.java
@@ -41,13 +41,11 @@ import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
-import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.CopyOnWriteArrayList;
-import java.util.logging.Level;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
import org.eclipse.hudson.security.HudsonSecurityEntitiesHolder;
@@ -462,7 +460,7 @@ public final class TeamManager implements Saveable, AccessControlled {
}
}
- public HttpResponse doSetJobVisibility(@QueryParameter String jobName, @QueryParameter String teamNames) throws IOException {
+ public HttpResponse doSetJobVisibility(@QueryParameter String jobName, @QueryParameter String teamNames, @QueryParameter boolean canViewConfig) throws IOException {
if (!isCurrentUserTeamAdmin()) {
return new TeamUtils.ErrorHttpResponse("No permission to set job visibility.");
}
@@ -478,6 +476,7 @@ public final class TeamManager implements Saveable, AccessControlled {
for (String teamName : teamNames.split(":")) {
job.addVisibility(teamName);
}
+ job.setAllowConfigView(canViewConfig);
save();
}
return HttpResponses.ok();
diff --git a/hudson-core/src/main/resources/org/eclipse/hudson/security/team/Team/index.jelly b/hudson-core/src/main/resources/org/eclipse/hudson/security/team/Team/index.jelly
index 15bc50f5..1fe7f1fd 100644
--- a/hudson-core/src/main/resources/org/eclipse/hudson/security/team/Team/index.jelly
+++ b/hudson-core/src/main/resources/org/eclipse/hudson/security/team/Team/index.jelly
@@ -139,6 +139,7 @@
<input type="hidden" value="${jobName}" name="hiddenJobId"/>
<input type="hidden" value="${it.name}" name="hiddenTeamName"/>
<input type="hidden" value="${it.findJob(jobName).visiblitiesAsString}" name="hiddenVisibilities"/>
+ <input type="hidden" value="${it.findJob(jobName).isAllowConfigView()}" name="hiddenAllowViewConfig"/>
<span style="margin-left:10px; font-size:13px">
<a href="${rootURL}/job/${jobName}">${jobName}</a>
</span>
diff --git a/hudson-core/src/main/resources/org/eclipse/hudson/security/team/TeamManager/teamTemplates.jelly b/hudson-core/src/main/resources/org/eclipse/hudson/security/team/TeamManager/teamTemplates.jelly
index 8349a73b..ec2da45c 100644
--- a/hudson-core/src/main/resources/org/eclipse/hudson/security/team/TeamManager/teamTemplates.jelly
+++ b/hudson-core/src/main/resources/org/eclipse/hudson/security/team/TeamManager/teamTemplates.jelly
@@ -134,6 +134,13 @@
</div>
+ <hr/>
+
+ <div style="margin-top: 10px;">
+ <label>${%Allow selected teams to view Job Configuraton}:</label>
+ <input type="checkbox" style="margin-left:5px" id="allowViewConfig" />
+ </div>
+
<div style="margin-top:10px">
<span id="configureVisibilityMsg">
<!-- message goes here -->
diff --git a/hudson-war/src/main/webapp/scripts/team-manager.js b/hudson-war/src/main/webapp/scripts/team-manager.js
index 83eaf26e..7e75b9a4 100644
--- a/hudson-war/src/main/webapp/scripts/team-manager.js
+++ b/hudson-war/src/main/webapp/scripts/team-manager.js
@@ -469,7 +469,8 @@ function configureJobVisibilityAction(configureJobItem) {
var jobName = jQuery(trParent).find("input[name='hiddenJobId']").val();
var teamName = jQuery(trParent).find("input[name='hiddenTeamName']").val();
var teamNames = jQuery(trParent).find("input[name='hiddenVisibilities']").val();
-
+ var allowViewConfig = jQuery(trParent).find("input[name='hiddenAllowViewConfig']").val();
+
jQuery('#dialog-configure-visibility').dialog({
resizable: false,
height: 300,
@@ -485,14 +486,24 @@ function configureJobVisibilityAction(configureJobItem) {
if (jQuery('#publicVisibility').is(":checked")) {
teamNames += "public";
}
+
+ allowViewConfig = jQuery('#allowViewConfig').is(":checked");
+
jQuery(trParent).find("input[name='hiddenVisibilities']").val(teamNames);
- configureJobVisibility(jobName, teamNames);
+ jQuery(trParent).find("input[name='hiddenAllowViewConfig']").val(allowViewConfig);
+ configureJobVisibility(jobName, teamNames, allowViewConfig);
},
Cancel: function() {
jQuery(this).dialog("close");
}
}
});
+
+ if ("true" == allowViewConfig){
+ jQuery("#allowViewConfig").prop('checked', true);
+ }else{
+ jQuery("#allowViewConfig").prop('checked', false);
+ }
jQuery.getJSON('getAllTeamsJson', function(json) {
jQuery('#configure-visibility-team-list').empty();
@@ -520,13 +531,14 @@ function configureJobVisibilityAction(configureJobItem) {
});
}
-function configureJobVisibility(jobName, teamNames) {
+function configureJobVisibility(jobName, teamNames, allowViewConfig) {
jQuery.ajax({
type: 'POST',
url: "setJobVisibility",
data: {
jobName: jobName,
- teamNames: teamNames
+ teamNames: teamNames,
+ canViewConfig: allowViewConfig
},
success: function() {
jQuery('#dialog-configure-visibility').dialog("close");

Back to the top