summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorakozak2011-11-25 05:46:38 (EST)
committer Winston Prakash2011-12-01 20:47:37 (EST)
commita8ee893d0ad2aa205cb7a005fd9e6b222f516da9 (patch)
treea6015d6cff719bb39306fb98803ddcc8c7558799
parent4377c2ac2ed49644ed10a95234792064c50d3d4c (diff)
downloadorg.eclipse.hudson.core-a8ee893d0ad2aa205cb7a005fd9e6b222f516da9.zip
org.eclipse.hudson.core-a8ee893d0ad2aa205cb7a005fd9e6b222f516da9.tar.gz
org.eclipse.hudson.core-a8ee893d0ad2aa205cb7a005fd9e6b222f516da9.tar.bz2
Merged missed fix for HUDSON-8916 Add "hudson.security.WipeOutPermission" system property
Signed-off-by: Winston Prakash <winston.prakash@gmail.com>
-rw-r--r--hudson-core/src/main/java/hudson/Functions.java14
-rw-r--r--hudson-core/src/main/java/hudson/model/AbstractProject.java3
-rw-r--r--hudson-core/src/main/java/hudson/model/Item.java3
-rw-r--r--hudson-core/src/main/resources/hudson/model/AbstractProject/sidepanel.jelly2
-rw-r--r--hudson-core/src/main/resources/hudson/model/Messages.properties2
5 files changed, 22 insertions, 2 deletions
diff --git a/hudson-core/src/main/java/hudson/Functions.java b/hudson-core/src/main/java/hudson/Functions.java
index e2adbe1..99feab1 100644
--- a/hudson-core/src/main/java/hudson/Functions.java
+++ b/hudson-core/src/main/java/hudson/Functions.java
@@ -1370,4 +1370,18 @@ public class Functions {
});
return templates.iterator().hasNext() ? templates.iterator().next() : null;
}
+
+ /**
+ * Returns true if the {@link Item#WIPEOUT} permission is enabled.
+ *
+ * By default the "Wipe Out Workspace" action is available on job when user has {@link Item#BUILD} permission
+ * (if user can trigger builds). If this behavior is not acceptable for project you can enable the
+ * {@code hudson.security.WipeOutPermission} system property. It will add "WipeOut" permission checkbox into
+ * permission control panel to manage "Wipe Out Workspace" action.
+ *
+ * @return true if the {@link Item#WIPEOUT} permission is enabled.
+ */
+ public static boolean isWipeOutPermissionEnabled() {
+ return Boolean.getBoolean("hudson.security.WipeOutPermission");
+ }
}
diff --git a/hudson-core/src/main/java/hudson/model/AbstractProject.java b/hudson-core/src/main/java/hudson/model/AbstractProject.java
index 812f71e..940294d 100644
--- a/hudson-core/src/main/java/hudson/model/AbstractProject.java
+++ b/hudson-core/src/main/java/hudson/model/AbstractProject.java
@@ -22,6 +22,7 @@ import hudson.AbortException;
import hudson.CopyOnWrite;
import hudson.FeedAdapter;
import hudson.FilePath;
+import hudson.Functions;
import hudson.Launcher;
import hudson.Util;
import hudson.cli.declarative.CLIMethod;
@@ -90,7 +91,6 @@ import java.util.logging.Logger;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletResponse;
import net.sf.json.JSONObject;
-import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.math.NumberUtils;
import org.eclipse.hudson.api.model.IAbstractProject;
import org.eclipse.hudson.api.model.project.property.TriggerProjectProperty;
@@ -2024,6 +2024,7 @@ public abstract class AbstractProject<P extends AbstractProject<P,R>,R extends A
* Wipes out the workspace.
*/
public HttpResponse doDoWipeOutWorkspace() throws IOException, ServletException, InterruptedException {
+ checkPermission(Functions.isWipeOutPermissionEnabled() ? WIPEOUT : BUILD);
if (cleanWorkspace()){
return new HttpRedirect(".");
}else{
diff --git a/hudson-core/src/main/java/hudson/model/Item.java b/hudson-core/src/main/java/hudson/model/Item.java
index 5264cdc..49fb9ae 100644
--- a/hudson-core/src/main/java/hudson/model/Item.java
+++ b/hudson-core/src/main/java/hudson/model/Item.java
@@ -16,6 +16,7 @@
package hudson.model;
+import hudson.Functions;
import org.kohsuke.stapler.StaplerRequest;
import java.io.IOException;
@@ -198,4 +199,6 @@ public interface Item extends PersistenceRoot, SearchableModelObject, AccessCont
public static final Permission EXTENDED_READ = new Permission(PERMISSIONS,"ExtendedRead", Messages._AbstractProject_ExtendedReadPermission_Description(), CONFIGURE, Boolean.getBoolean("hudson.security.ExtendedReadPermission"));
public static final Permission BUILD = new Permission(PERMISSIONS, "Build", Messages._AbstractProject_BuildPermission_Description(), Permission.UPDATE);
public static final Permission WORKSPACE = new Permission(PERMISSIONS, "Workspace", Messages._AbstractProject_WorkspacePermission_Description(), Permission.READ);
+ public static final Permission WIPEOUT = new Permission(PERMISSIONS, "WipeOut", Messages._AbstractProject_WipeOutPermission_Description(), null, Functions
+ .isWipeOutPermissionEnabled());
}
diff --git a/hudson-core/src/main/resources/hudson/model/AbstractProject/sidepanel.jelly b/hudson-core/src/main/resources/hudson/model/AbstractProject/sidepanel.jelly
index 65a13c8..e4e8e7c 100644
--- a/hudson-core/src/main/resources/hudson/model/AbstractProject/sidepanel.jelly
+++ b/hudson-core/src/main/resources/hudson/model/AbstractProject/sidepanel.jelly
@@ -31,7 +31,7 @@
<l:task icon="images/24x24/search.png" href="${url}/" title="${%Status}" />
<l:task icon="images/24x24/notepad.png" href="${url}/changes" title="${%Changes}" />
<l:task icon="images/24x24/folder.png" href="${url}/ws/" title="${%Workspace}" permission="${it.WORKSPACE}">
- <l:task icon="images/24x24/folder-delete.png" href="${url}/wipeOutWorkspace" title="${%Wipe Out Workspace}" permission="${it.BUILD}" />
+ <l:task icon="images/24x24/folder-delete.png" href="${url}/wipeOutWorkspace" title="${%Wipe Out Workspace}" permission="${h.isWipeOutPermissionEnabled() ? it.WIPEOUT : it.BUILD}" />
</l:task>
<j:if test="${it.configurable}">
<j:if test="${it.buildable}">
diff --git a/hudson-core/src/main/resources/hudson/model/Messages.properties b/hudson-core/src/main/resources/hudson/model/Messages.properties
index 34d4ff9..54d3c47 100644
--- a/hudson-core/src/main/resources/hudson/model/Messages.properties
+++ b/hudson-core/src/main/resources/hudson/model/Messages.properties
@@ -41,6 +41,8 @@ AbstractProject.WorkspacePermission.Description=\
This permission grants the ability to retrieve the contents of a workspace \
Hudson checked out for performing builds. If you don''t want an user to access \
the source code, you can do so by revoking this permission.
+ AbstractProject.WipeOutPermission.Description=\
+ This permission grants the ability to wipe out the contents of a workspace.
AbstractProject.ExtendedReadPermission.Description=\
This permission grants read-only access to project configurations. Please be \
aware that sensitive information in your builds, such as passwords, will be \