From 3533442f1f5642b9377124e5eb6e2745e17cdf0e Mon Sep 17 00:00:00 2001
From: rseguy <romain.seguy@gmail.com>
Date: Mon, 20 Jun 2011 18:18:17 +0200
Subject: [PATCH] Added a new WipeOut permission (enabled through the
 hudson.security.WipeOutPermission system property) to control the "Wipe Out
 Workspace" action

---
 changelog.html                                |  3 +++
 core/src/main/java/hudson/Functions.java      | 25 +++++++++++++++----
 .../java/hudson/model/AbstractProject.java    |  6 +++--
 core/src/main/java/hudson/model/Item.java     |  5 +++-
 .../model/AbstractProject/sidepanel.jelly     |  6 +++--
 .../hudson/model/Messages.properties          |  7 ++++--
 6 files changed, 40 insertions(+), 12 deletions(-)

diff --git a/changelog.html b/changelog.html
index 52e4bcfba6..f61f6c792d 100644
--- a/changelog.html
+++ b/changelog.html
@@ -74,6 +74,9 @@ Upcoming changes</a>
   <li class=ref>
     Added a new hudson.footerURL system property to tweak the link displayed at
     the bottom of the UI
+  <li class=ref>
+    Added a new hudson.security.WipeOutPermission system property to enable a
+    new WipeOut permission controlling the "Wipe Out Workspace" action.
 </ul>
 </div><!--=TRUNK-END=-->
 
diff --git a/core/src/main/java/hudson/Functions.java b/core/src/main/java/hudson/Functions.java
index 73a78c778b..8b94d14a79 100644
--- a/core/src/main/java/hudson/Functions.java
+++ b/core/src/main/java/hudson/Functions.java
@@ -1337,16 +1337,31 @@ public class Functions {
      * {@code false} otherwise.
      *
      * <p>When the {@link Run#ARTIFACTS} permission is not turned on using the
-     * {@code hudson.security.ArtifactsPermission}, this permission must not be
-     * considered to be set to {@code false} for every user. It must rather be
-     * like if the permission doesn't exist at all (which means that every user
-     * has to have an access to the artifacts but the permission can't be
-     * configured in the security screen). Got it?</p>
+     * {@code hudson.security.ArtifactsPermission} system property, this
+     * permission must not be considered to be set to {@code false} for every
+     * user. It must rather be like if the permission doesn't exist at all
+     * (which means that every user has to have an access to the artifacts but
+     * the permission can't be configured in the security screen). Got it?</p>
      */
     public static boolean isArtifactsPermissionEnabled() {
         return Boolean.getBoolean("hudson.security.ArtifactsPermission");
     }
 
+    /**
+     * Returns {@code true} if the {@link Item#WIPEOUT} permission is enabled,
+     * {@code false} otherwise.
+     *
+     * <p>The "Wipe Out Workspace" action available on jobs is controlled by the
+     * {@link Item#BUILD} permission. For some specific projects, however, it is
+     * not acceptable to let users have this possibility, even it they can
+     * trigger builds. As such, when enabling the {@code hudson.security.WipeOutPermission}
+     * system property, a new "WipeOut" permission will allow to have greater
+     * control on the "Wipe Out Workspace" action.</p>
+     */
+    public static boolean isWipeOutPermissionEnabled() {
+        return Boolean.getBoolean("hudson.security.WipeOutPermission");
+    }
+
     public static String createRenderOnDemandProxy(JellyContext context, String attributesToCapture) {
         return Stapler.getCurrentRequest().createJavaScriptProxy(new RenderOnDemandClosure(context,attributesToCapture));
     }
diff --git a/core/src/main/java/hudson/model/AbstractProject.java b/core/src/main/java/hudson/model/AbstractProject.java
index 61f34cfbe5..d97505ff43 100644
--- a/core/src/main/java/hudson/model/AbstractProject.java
+++ b/core/src/main/java/hudson/model/AbstractProject.java
@@ -4,7 +4,8 @@
  * Copyright (c) 2004-2011, Sun Microsystems, Inc., Kohsuke Kawaguchi,
  * Brian Westrich, Erik Ramfelt, Ertan Deniz, Jean-Baptiste Quenot,
  * Luca Domenico Milanesio, R. Tyler Ballance, Stephen Connolly, Tom Huybrechts,
- * id:cactusman, Yahoo! Inc., Andrew Bayer
+ * id:cactusman, Yahoo! Inc., Andrew Bayer, Manufacture Francaise des Pneumatiques
+ * Michelin, Romain Seguy
  * 
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -26,6 +27,7 @@
  */
 package hudson.model;
 
+import hudson.Functions;
 import java.util.regex.Pattern;
 import antlr.ANTLRException;
 import hudson.AbortException;
@@ -1729,7 +1731,7 @@ public abstract class AbstractProject<P extends AbstractProject<P,R>,R extends A
      * Wipes out the workspace.
      */
     public HttpResponse doDoWipeOutWorkspace() throws IOException, ServletException, InterruptedException {
-        checkPermission(BUILD);
+        checkPermission(Functions.isWipeOutPermissionEnabled() ? WIPEOUT : BUILD);
         R b = getSomeBuildWithWorkspace();
         FilePath ws = b!=null ? b.getWorkspace() : null;
         if (ws!=null && getScm().processWorkspaceBeforeDeletion(this, ws, b.getBuiltOn())) {
diff --git a/core/src/main/java/hudson/model/Item.java b/core/src/main/java/hudson/model/Item.java
index 6aa50636c9..7128488621 100644
--- a/core/src/main/java/hudson/model/Item.java
+++ b/core/src/main/java/hudson/model/Item.java
@@ -1,7 +1,8 @@
 /*
  * The MIT License
  * 
- * Copyright (c) 2004-2009, Sun Microsystems, Inc., Kohsuke Kawaguchi, Yahoo! Inc.
+ * Copyright (c) 2004-2011, Sun Microsystems, Inc., Kohsuke Kawaguchi, Yahoo! Inc.,
+ * Manufacture Francaise des Pneumatiques Michelin, Romain Seguy
  * 
  * Permission is hereby granted, free of charge, to any person obtaining a copy
  * of this software and associated documentation files (the "Software"), to deal
@@ -23,6 +24,7 @@
  */
 package hudson.model;
 
+import hudson.Functions;
 import org.kohsuke.stapler.StaplerRequest;
 
 import java.io.IOException;
@@ -208,4 +210,5 @@ public interface Item extends PersistenceRoot, SearchableModelObject, AccessCont
     public static final Permission EXTENDED_READ = new Permission(PERMISSIONS,"ExtendedRead", Messages._AbstractProject_ExtendedReadPermission_Description(), CONFIGURE, Boolean.getBoolean("hudson.security.ExtendedReadPermission"));
     public static final Permission BUILD = new Permission(PERMISSIONS, "Build", Messages._AbstractProject_BuildPermission_Description(),  Permission.UPDATE);
     public static final Permission WORKSPACE = new Permission(PERMISSIONS, "Workspace", Messages._AbstractProject_WorkspacePermission_Description(), Permission.READ);
+    public static final Permission WIPEOUT = new Permission(PERMISSIONS, "WipeOut", Messages._AbstractProject_WipeOutPermission_Description(), null, Functions.isWipeOutPermissionEnabled());
 }
diff --git a/core/src/main/resources/hudson/model/AbstractProject/sidepanel.jelly b/core/src/main/resources/hudson/model/AbstractProject/sidepanel.jelly
index 11ca9a6a65..e9118a58ff 100644
--- a/core/src/main/resources/hudson/model/AbstractProject/sidepanel.jelly
+++ b/core/src/main/resources/hudson/model/AbstractProject/sidepanel.jelly
@@ -1,7 +1,9 @@
 <!--
 The MIT License
 
-Copyright (c) 2004-2009, Sun Microsystems, Inc., Kohsuke Kawaguchi, Erik Ramfelt, Tom Huybrechts, id:cactusman, Yahoo! Inc.
+Copyright (c) 2004-2011, Sun Microsystems, Inc., Kohsuke Kawaguchi, Erik Ramfelt,
+Tom Huybrechts, id:cactusman, Yahoo! Inc., Manufacture Francaise des Pneumatiques
+Michelin, Romain seguy
 
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal
@@ -39,7 +41,7 @@ THE SOFTWARE.
       <l:task icon="images/24x24/search.png"  href="${url}/" title="${%Status}" />
       <l:task icon="images/24x24/notepad.png" href="${url}/changes" title="${%Changes}" />
       <l:task icon="images/24x24/folder.png"  href="${url}/ws/" title="${%Workspace}" permission="${it.WORKSPACE}">
-        <l:task icon="images/24x24/folder-delete.png"  href="${url}/wipeOutWorkspace" title="${%Wipe Out Workspace}" permission="${it.BUILD}" />
+        <l:task icon="images/24x24/folder-delete.png"  href="${url}/wipeOutWorkspace" title="${%Wipe Out Workspace}" permission="${h.isWipeOutPermissionEnabled() ? it.WIPEOUT : it.BUILD}" />
       </l:task>
       <j:if test="${it.configurable}">
         <j:if test="${it.buildable}">
diff --git a/core/src/main/resources/hudson/model/Messages.properties b/core/src/main/resources/hudson/model/Messages.properties
index 9b20b3ed59..13131f93f6 100644
--- a/core/src/main/resources/hudson/model/Messages.properties
+++ b/core/src/main/resources/hudson/model/Messages.properties
@@ -1,7 +1,8 @@
 # The MIT License
 # 
-# Copyright (c) 2004-2010, Sun Microsystems, Inc., Kohsuke Kawaguchi,
-# Eric Lefevre-Ardant, Erik Ramfelt, Seiji Sogabe, id:cactusman, Romain Seguy
+# Copyright (c) 2004-2011, Sun Microsystems, Inc., Kohsuke Kawaguchi,
+# Eric Lefevre-Ardant, Erik Ramfelt, Seiji Sogabe, id:cactusman,
+# Manufacture Francaise des Pneumatiques Michelin, Romain Seguy
 # 
 # Permission is hereby granted, free of charge, to any person obtaining a copy
 # of this software and associated documentation files (the "Software"), to deal
@@ -53,6 +54,8 @@ AbstractProject.ExtendedReadPermission.Description=\
   This permission grants read-only access to project configurations. Please be \
   aware that sensitive information in your builds, such as passwords, will be \
   exposed to a wider audience by granting this permission.
+AbstractProject.WipeOutPermission.Description=\
+  This permission grants the ability to wipe out the contents of a workspace.
 AbstractProject.AssignedLabelString.InvalidBooleanExpression=\
   Invalid boolean expression: {0}
 AbstractProject.AssignedLabelString.NoMatch=\
-- 
GitLab