Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
roginluo
Jenkins
提交
20340e18
J
Jenkins
项目概览
roginluo
/
Jenkins
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
J
Jenkins
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
20340e18
编写于
1月 20, 2015
作者:
J
Jesse Glick
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Restricting postBack access to users with ADMINISTER.
上级
c1adb4e6
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
17 addition
and
9 deletion
+17
-9
core/src/main/java/hudson/model/DownloadService.java
core/src/main/java/hudson/model/DownloadService.java
+2
-4
core/src/main/java/hudson/model/UpdateSite.java
core/src/main/java/hudson/model/UpdateSite.java
+1
-3
core/src/main/java/jenkins/model/DownloadSettings.java
core/src/main/java/jenkins/model/DownloadSettings.java
+12
-0
core/src/main/resources/hudson/model/UpdateCenter/PageDecoratorImpl/footer.jelly
.../hudson/model/UpdateCenter/PageDecoratorImpl/footer.jelly
+2
-2
未找到文件。
core/src/main/java/hudson/model/DownloadService.java
浏览文件 @
20340e18
...
...
@@ -67,7 +67,7 @@ public class DownloadService extends PageDecorator {
* Builds up an HTML fragment that starts all the download jobs.
*/
public
String
generateFragment
()
{
if
(!
DownloadSettings
.
get
().
isUseBrowser
())
{
if
(!
DownloadSettings
.
usePostBack
())
{
return
""
;
}
if
(
neverUpdate
)
return
""
;
...
...
@@ -308,9 +308,7 @@ public class DownloadService extends PageDecorator {
* This is where the browser sends us the data.
*/
public
void
doPostBack
(
StaplerRequest
req
,
StaplerResponse
rsp
)
throws
IOException
{
if
(!
DownloadSettings
.
get
().
isUseBrowser
())
{
throw
new
IOException
(
"not allowed"
);
}
DownloadSettings
.
checkPostBackAccess
();
long
dataTimestamp
=
System
.
currentTimeMillis
();
due
=
dataTimestamp
+
getInterval
();
// success or fail, don't try too often
...
...
core/src/main/java/hudson/model/UpdateSite.java
浏览文件 @
20340e18
...
...
@@ -174,9 +174,7 @@ public class UpdateSite {
* This is the endpoint that receives the update center data file from the browser.
*/
public
FormValidation
doPostBack
(
StaplerRequest
req
)
throws
IOException
,
GeneralSecurityException
{
if
(!
DownloadSettings
.
get
().
isUseBrowser
())
{
throw
new
IOException
(
"not allowed"
);
}
DownloadSettings
.
checkPostBackAccess
();
return
updateData
(
IOUtils
.
toString
(
req
.
getInputStream
(),
"UTF-8"
),
true
);
}
...
...
core/src/main/java/jenkins/model/DownloadSettings.java
浏览文件 @
20340e18
...
...
@@ -34,6 +34,7 @@ import hudson.model.UpdateSite;
import
hudson.util.FormValidation
;
import
java.io.IOException
;
import
net.sf.json.JSONObject
;
import
org.acegisecurity.AccessDeniedException
;
import
org.kohsuke.accmod.Restricted
;
import
org.kohsuke.accmod.restrictions.NoExternalUse
;
import
org.kohsuke.stapler.HttpResponse
;
...
...
@@ -75,6 +76,17 @@ import org.kohsuke.stapler.StaplerRequest;
return
GlobalConfigurationCategory
.
get
(
GlobalConfigurationCategory
.
Security
.
class
);
}
public
static
boolean
usePostBack
()
{
return
get
().
isUseBrowser
()
&&
Jenkins
.
getInstance
().
hasPermission
(
Jenkins
.
ADMINISTER
);
}
public
static
void
checkPostBackAccess
()
throws
AccessDeniedException
{
if
(!
get
().
isUseBrowser
())
{
throw
new
AccessDeniedException
(
"browser-based download disabled"
);
}
Jenkins
.
getInstance
().
checkPermission
(
Jenkins
.
ADMINISTER
);
}
@Extension
public
static
final
class
DailyCheck
extends
AsyncPeriodicWork
{
public
DailyCheck
()
{
...
...
core/src/main/resources/hudson/model/UpdateCenter/PageDecoratorImpl/footer.jelly
浏览文件 @
20340e18
...
...
@@ -31,8 +31,8 @@ THE SOFTWARE.
-->
<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
<j:invokeStatic var="
ds" className="jenkins.model.DownloadSettings" method="get
"/>
<j:if test="${
ds.useBrowser
}">
<j:invokeStatic var="
enabled" className="jenkins.model.DownloadSettings" method="usePostBack
"/>
<j:if test="${
enabled
}">
<j:forEach var="site" items="${app.updateCenter.sites}">
<j:if test="${site.due or forcedUpdateCheck}">
<script>
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录