Merge pull request #2696 from daniel-beck/JENKINS-7874

[FIX JENKINS-7874] Autocomplete admin links only when admin

Merge pull request #2696 from daniel-beck/JENKINS-7874
[FIX JENKINS-7874] Autocomplete admin links only when admin
f2a46b8e · Daniel Beck · GitHub · 0c991dec · 250ce5b2 · f2a46b8e
Showing with 52 addition and 26 deletion

core/src/main/java/jenkins/model/Jenkins.java core/src/main/java/jenkins/model/Jenkins.java +29 -26

test/src/test/java/hudson/search/SearchTest.java test/src/test/java/hudson/search/SearchTest.java +23 -0

未找到文件。
--- a/core/src/main/java/jenkins/model/Jenkins.java
+++ b/core/src/main/java/jenkins/model/Jenkins.java
@@ -2241,32 +2241,35 @@ public class Jenkins extends AbstractCIBase implements DirectlyModifiableTopLeve

    @Override
    public SearchIndexBuilder makeSearchIndex() {
-        return super.makeSearchIndex()
-            .add("configure", "config","configure")
-            .add("manage")
-            .add("log")
-            .add(new CollectionSearchIndex<TopLevelItem>() {
-                protected SearchItem get(String key) { return getItemByFullName(key, TopLevelItem.class); }
-                protected Collection<TopLevelItem> all() { return getAllItems(TopLevelItem.class); }
-                @Nonnull
-                @Override
-                protected Iterable<TopLevelItem> allAsIterable() {
-                    return allItems(TopLevelItem.class);
-                }
-            })
-            .add(getPrimaryView().makeSearchIndex())
-            .add(new CollectionSearchIndex() {// for computers
-                protected Computer get(String key) { return getComputer(key); }
-                protected Collection<Computer> all() { return computers.values(); }
-            })
-            .add(new CollectionSearchIndex() {// for users
-                protected User get(String key) { return User.get(key,false); }
-                protected Collection<User> all() { return User.getAll(); }
-            })
-            .add(new CollectionSearchIndex() {// for views
-                protected View get(String key) { return getView(key); }
-                protected Collection<View> all() { return views; }
-            });
+        SearchIndexBuilder builder = super.makeSearchIndex();
+        if (hasPermission(ADMINISTER)) {
+                builder.add("configure", "config", "configure")
+                    .add("manage")
+                    .add("log");
+        }
+        builder.add(new CollectionSearchIndex<TopLevelItem>() {
+                    protected SearchItem get(String key) { return getItemByFullName(key, TopLevelItem.class); }
+                    protected Collection<TopLevelItem> all() { return getAllItems(TopLevelItem.class); }
+                    @Nonnull
+                    @Override
+                    protected Iterable<TopLevelItem> allAsIterable() {
+                        return allItems(TopLevelItem.class);
+                    }
+                })
+                .add(getPrimaryView().makeSearchIndex())
+                .add(new CollectionSearchIndex() {// for computers
+                    protected Computer get(String key) { return getComputer(key); }
+                    protected Collection<Computer> all() { return computers.values(); }
+                })
+                .add(new CollectionSearchIndex() {// for users
+                    protected User get(String key) { return User.get(key,false); }
+                    protected Collection<User> all() { return User.getAll(); }
+                })
+                .add(new CollectionSearchIndex() {// for views
+                    protected View get(String key) { return getView(key); }
+                    protected Collection<View> all() { return views; }
+                });
+        return builder;
    }

    public String getUrlChildPrefix() {

--- a/test/src/test/java/hudson/search/SearchTest.java
+++ b/test/src/test/java/hudson/search/SearchTest.java
@@ -37,6 +37,10 @@ import java.net.URL;
 import java.util.ArrayList;
 import java.util.List;

+import hudson.model.User;
+import hudson.security.ACL;
+import hudson.security.ACLContext;
+import jenkins.model.Jenkins;
 import net.sf.json.JSONArray;
 import net.sf.json.JSONObject;
 import net.sf.json.JSONSerializer;
@@ -46,6 +50,7 @@ import org.junit.Test;
 import org.jvnet.hudson.test.Issue;
 import org.jvnet.hudson.test.JenkinsRule;
 import org.jvnet.hudson.test.JenkinsRule.WebClient;
+import org.jvnet.hudson.test.MockAuthorizationStrategy;
 import org.jvnet.hudson.test.MockFolder;

 import com.gargoylesoftware.htmlunit.AlertHandler;
@@ -390,6 +395,24 @@ public class SearchTest {
        assertTrue(suggest.contains(p2));
    }

+
+    @Test
+    @Issue("JENKINS-7874")
+    public void adminOnlyLinksNotShownToRegularUser() {
+        j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
+        MockAuthorizationStrategy mas = new MockAuthorizationStrategy();
+        mas.grant(Jenkins.READ).onRoot().toEveryone();
+        j.jenkins.setAuthorizationStrategy(mas);
+
+        try(ACLContext _ = ACL.as(User.get("alice"))) {
+            List<SearchItem> results = new ArrayList<>();
+            j.jenkins.getSearchIndex().find("config", results);
+            j.jenkins.getSearchIndex().find("manage", results);
+            j.jenkins.getSearchIndex().find("log", results);
+            assertEquals("empty results list", 0, results.size());
+        }
+    }
+
    private List<SearchItem> suggest(SearchIndex index, String term) {
        List<SearchItem> result = new ArrayList<SearchItem>();
        index.suggest(term, result);