added another AuthorizationStrategy implementation that discriminates anonymous users.

git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6339 71c3de6d-444a-0410-be80-ed276b4c234a

core/src/main/java/hudson/Functions.java

@@ -26,6 +26,7 @@ import hudson.tasks.Builder;
 import hudson.tasks.Publisher;
 import hudson.security.SecurityRealm;
 import hudson.security.AuthorizationStrategy;
+import hudson.security.Permission;
 import org.apache.commons.jexl.parser.ASTSizeFunction;
 import org.apache.commons.jexl.util.Introspector;
 import org.kohsuke.stapler.Ancestor;
@@ -412,13 +413,26 @@ public class Functions {
         return Util.xmlEscape(s);
     }
 
-    public static void adminCheck(StaplerRequest req, StaplerResponse rsp, Object required) throws IOException, ServletException {
-        if(required!=null && !Hudson.adminCheck(req,rsp)) {
+    public static void adminCheck(StaplerRequest req, StaplerResponse rsp, Object required, Permission permission) throws IOException, ServletException {
+        // this is legacy --- all views should be eventually converted to
+        // the permission based model.
+        if((required!=null || (permission!=null && !Hudson.newSecurity)) && !Hudson.adminCheck(req,rsp)) {
             // check failed. commit the FORBIDDEN response, then abort.
             rsp.setStatus(HttpServletResponse.SC_FORBIDDEN);
             rsp.getOutputStream().close();
             throw new ServletException("Unauthorized access");
         }
+
+        // make sure the user owns the necessary permission to access this page.
+        if(permission!=null) {
+            if(!Hudson.getInstance().getACL().hasPermission(permission)) {
+                // check failed. commit the FORBIDDEN response, then abort.
+                // if we just throw an exception, JEXL will eat it so it won't have the effect.
+                rsp.setStatus(HttpServletResponse.SC_FORBIDDEN);
+                rsp.getOutputStream().close();
+                throw new ServletException("Unauthorized access");
+            }
+        }
     }
 
     /**

core/src/main/java/hudson/security/AuthorizationStrategy.java

@@ -93,6 +93,7 @@ public abstract class AuthorizationStrategy implements Describable<Authorization
         static {
             // can't do this in the constructor due to the initialization order
             LIST.add(Unsecured.DESCRIPTOR);
+            new FullControlOnceLoggedInAuthorizationStrategy();
         }
     }
 

core/src/main/java/hudson/security/FullControlOnceLoggedInAuthorizationStrategy.java

+package hudson.security;
+
+import hudson.model.Descriptor;
+import net.sf.json.JSONObject;
+import org.kohsuke.stapler.StaplerRequest;
+
+/**
+ * {@link AuthorizationStrategy} that grants full-control to authenticated user
+ * (other than anonymous users.)
+ *
+ * @author Kohsuke Kawaguchi
+ */
+public class FullControlOnceLoggedInAuthorizationStrategy extends AuthorizationStrategy {
+    @Override
+    public ACL getRootACL() {
+        return THE_ACL;
+    }
+
+    private static final SparseACL THE_ACL = new SparseACL(null);
+
+    static {
+        THE_ACL.add(ACL.EVERYONE,Permission.FULL_CONTROL,true);
+        THE_ACL.add(ACL.ANONYMOUS,Permission.FULL_CONTROL,false);
+        THE_ACL.add(ACL.ANONYMOUS,Permission.READ,true);
+    }
+
+    public Descriptor<AuthorizationStrategy> getDescriptor() {
+        return DESCRIPTOR;
+    }
+
+    public static final Descriptor<AuthorizationStrategy> DESCRIPTOR = new Descriptor<AuthorizationStrategy>(FullControlOnceLoggedInAuthorizationStrategy.class) {
+        public String getDisplayName() {
+            return "Logged-in users can do anything";
+        }
+
+        public AuthorizationStrategy newInstance(StaplerRequest req, JSONObject formData) throws FormException {
+            return new FullControlOnceLoggedInAuthorizationStrategy();
+        }
+
+        public String getHelpFile() {
+            return "/help/security/full-control-once-logged-in.html";
+        }
+    };
+
+    static {
+        LIST.add(DESCRIPTOR);
+    }
+}

war/resources/help/security/full-control-once-logged-in.html

+<div>
+  In this mode, every logged-in user gets full control of Hudson. The only user
+  who won't have full control is anonymous user, who only gets read access.
+
+  <p>
+  This mode is useful to force users to log in before taking actions, so that
+  you can keep record of who has done what. This setting can be also used in
+  public-facing Hudson, where you only allow trusted users to have user accounts. 
+</div>
\ No newline at end of file