提交 3533442f 编写于 作者: R rseguy

Added a new WipeOut permission (enabled through the...

Added a new WipeOut permission (enabled through the hudson.security.WipeOutPermission system property) to control the "Wipe Out Workspace" action
上级 352b06e5
...@@ -74,6 +74,9 @@ Upcoming changes</a> ...@@ -74,6 +74,9 @@ Upcoming changes</a>
<li class=ref> <li class=ref>
Added a new hudson.footerURL system property to tweak the link displayed at Added a new hudson.footerURL system property to tweak the link displayed at
the bottom of the UI the bottom of the UI
<li class=ref>
Added a new hudson.security.WipeOutPermission system property to enable a
new WipeOut permission controlling the "Wipe Out Workspace" action.
</ul> </ul>
</div><!--=TRUNK-END=--> </div><!--=TRUNK-END=-->
......
...@@ -1337,16 +1337,31 @@ public class Functions { ...@@ -1337,16 +1337,31 @@ public class Functions {
* {@code false} otherwise. * {@code false} otherwise.
* *
* <p>When the {@link Run#ARTIFACTS} permission is not turned on using the * <p>When the {@link Run#ARTIFACTS} permission is not turned on using the
* {@code hudson.security.ArtifactsPermission}, this permission must not be * {@code hudson.security.ArtifactsPermission} system property, this
* considered to be set to {@code false} for every user. It must rather be * permission must not be considered to be set to {@code false} for every
* like if the permission doesn't exist at all (which means that every user * user. It must rather be like if the permission doesn't exist at all
* has to have an access to the artifacts but the permission can't be * (which means that every user has to have an access to the artifacts but
* configured in the security screen). Got it?</p> * the permission can't be configured in the security screen). Got it?</p>
*/ */
public static boolean isArtifactsPermissionEnabled() { public static boolean isArtifactsPermissionEnabled() {
return Boolean.getBoolean("hudson.security.ArtifactsPermission"); return Boolean.getBoolean("hudson.security.ArtifactsPermission");
} }
/**
* Returns {@code true} if the {@link Item#WIPEOUT} permission is enabled,
* {@code false} otherwise.
*
* <p>The "Wipe Out Workspace" action available on jobs is controlled by the
* {@link Item#BUILD} permission. For some specific projects, however, it is
* not acceptable to let users have this possibility, even it they can
* trigger builds. As such, when enabling the {@code hudson.security.WipeOutPermission}
* system property, a new "WipeOut" permission will allow to have greater
* control on the "Wipe Out Workspace" action.</p>
*/
public static boolean isWipeOutPermissionEnabled() {
return Boolean.getBoolean("hudson.security.WipeOutPermission");
}
public static String createRenderOnDemandProxy(JellyContext context, String attributesToCapture) { public static String createRenderOnDemandProxy(JellyContext context, String attributesToCapture) {
return Stapler.getCurrentRequest().createJavaScriptProxy(new RenderOnDemandClosure(context,attributesToCapture)); return Stapler.getCurrentRequest().createJavaScriptProxy(new RenderOnDemandClosure(context,attributesToCapture));
} }
......
...@@ -4,7 +4,8 @@ ...@@ -4,7 +4,8 @@
* Copyright (c) 2004-2011, Sun Microsystems, Inc., Kohsuke Kawaguchi, * Copyright (c) 2004-2011, Sun Microsystems, Inc., Kohsuke Kawaguchi,
* Brian Westrich, Erik Ramfelt, Ertan Deniz, Jean-Baptiste Quenot, * Brian Westrich, Erik Ramfelt, Ertan Deniz, Jean-Baptiste Quenot,
* Luca Domenico Milanesio, R. Tyler Ballance, Stephen Connolly, Tom Huybrechts, * Luca Domenico Milanesio, R. Tyler Ballance, Stephen Connolly, Tom Huybrechts,
* id:cactusman, Yahoo! Inc., Andrew Bayer * id:cactusman, Yahoo! Inc., Andrew Bayer, Manufacture Francaise des Pneumatiques
* Michelin, Romain Seguy
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
...@@ -26,6 +27,7 @@ ...@@ -26,6 +27,7 @@
*/ */
package hudson.model; package hudson.model;
import hudson.Functions;
import java.util.regex.Pattern; import java.util.regex.Pattern;
import antlr.ANTLRException; import antlr.ANTLRException;
import hudson.AbortException; import hudson.AbortException;
...@@ -1729,7 +1731,7 @@ public abstract class AbstractProject<P extends AbstractProject<P,R>,R extends A ...@@ -1729,7 +1731,7 @@ public abstract class AbstractProject<P extends AbstractProject<P,R>,R extends A
* Wipes out the workspace. * Wipes out the workspace.
*/ */
public HttpResponse doDoWipeOutWorkspace() throws IOException, ServletException, InterruptedException { public HttpResponse doDoWipeOutWorkspace() throws IOException, ServletException, InterruptedException {
checkPermission(BUILD); checkPermission(Functions.isWipeOutPermissionEnabled() ? WIPEOUT : BUILD);
R b = getSomeBuildWithWorkspace(); R b = getSomeBuildWithWorkspace();
FilePath ws = b!=null ? b.getWorkspace() : null; FilePath ws = b!=null ? b.getWorkspace() : null;
if (ws!=null && getScm().processWorkspaceBeforeDeletion(this, ws, b.getBuiltOn())) { if (ws!=null && getScm().processWorkspaceBeforeDeletion(this, ws, b.getBuiltOn())) {
......
/* /*
* The MIT License * The MIT License
* *
* Copyright (c) 2004-2009, Sun Microsystems, Inc., Kohsuke Kawaguchi, Yahoo! Inc. * Copyright (c) 2004-2011, Sun Microsystems, Inc., Kohsuke Kawaguchi, Yahoo! Inc.,
* Manufacture Francaise des Pneumatiques Michelin, Romain Seguy
* *
* Permission is hereby granted, free of charge, to any person obtaining a copy * Permission is hereby granted, free of charge, to any person obtaining a copy
* of this software and associated documentation files (the "Software"), to deal * of this software and associated documentation files (the "Software"), to deal
...@@ -23,6 +24,7 @@ ...@@ -23,6 +24,7 @@
*/ */
package hudson.model; package hudson.model;
import hudson.Functions;
import org.kohsuke.stapler.StaplerRequest; import org.kohsuke.stapler.StaplerRequest;
import java.io.IOException; import java.io.IOException;
...@@ -208,4 +210,5 @@ public interface Item extends PersistenceRoot, SearchableModelObject, AccessCont ...@@ -208,4 +210,5 @@ public interface Item extends PersistenceRoot, SearchableModelObject, AccessCont
public static final Permission EXTENDED_READ = new Permission(PERMISSIONS,"ExtendedRead", Messages._AbstractProject_ExtendedReadPermission_Description(), CONFIGURE, Boolean.getBoolean("hudson.security.ExtendedReadPermission")); public static final Permission EXTENDED_READ = new Permission(PERMISSIONS,"ExtendedRead", Messages._AbstractProject_ExtendedReadPermission_Description(), CONFIGURE, Boolean.getBoolean("hudson.security.ExtendedReadPermission"));
public static final Permission BUILD = new Permission(PERMISSIONS, "Build", Messages._AbstractProject_BuildPermission_Description(), Permission.UPDATE); public static final Permission BUILD = new Permission(PERMISSIONS, "Build", Messages._AbstractProject_BuildPermission_Description(), Permission.UPDATE);
public static final Permission WORKSPACE = new Permission(PERMISSIONS, "Workspace", Messages._AbstractProject_WorkspacePermission_Description(), Permission.READ); public static final Permission WORKSPACE = new Permission(PERMISSIONS, "Workspace", Messages._AbstractProject_WorkspacePermission_Description(), Permission.READ);
public static final Permission WIPEOUT = new Permission(PERMISSIONS, "WipeOut", Messages._AbstractProject_WipeOutPermission_Description(), null, Functions.isWipeOutPermissionEnabled());
} }
<!-- <!--
The MIT License The MIT License
Copyright (c) 2004-2009, Sun Microsystems, Inc., Kohsuke Kawaguchi, Erik Ramfelt, Tom Huybrechts, id:cactusman, Yahoo! Inc. Copyright (c) 2004-2011, Sun Microsystems, Inc., Kohsuke Kawaguchi, Erik Ramfelt,
Tom Huybrechts, id:cactusman, Yahoo! Inc., Manufacture Francaise des Pneumatiques
Michelin, Romain seguy
Permission is hereby granted, free of charge, to any person obtaining a copy Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal of this software and associated documentation files (the "Software"), to deal
...@@ -39,7 +41,7 @@ THE SOFTWARE. ...@@ -39,7 +41,7 @@ THE SOFTWARE.
<l:task icon="images/24x24/search.png" href="${url}/" title="${%Status}" /> <l:task icon="images/24x24/search.png" href="${url}/" title="${%Status}" />
<l:task icon="images/24x24/notepad.png" href="${url}/changes" title="${%Changes}" /> <l:task icon="images/24x24/notepad.png" href="${url}/changes" title="${%Changes}" />
<l:task icon="images/24x24/folder.png" href="${url}/ws/" title="${%Workspace}" permission="${it.WORKSPACE}"> <l:task icon="images/24x24/folder.png" href="${url}/ws/" title="${%Workspace}" permission="${it.WORKSPACE}">
<l:task icon="images/24x24/folder-delete.png" href="${url}/wipeOutWorkspace" title="${%Wipe Out Workspace}" permission="${it.BUILD}" /> <l:task icon="images/24x24/folder-delete.png" href="${url}/wipeOutWorkspace" title="${%Wipe Out Workspace}" permission="${h.isWipeOutPermissionEnabled() ? it.WIPEOUT : it.BUILD}" />
</l:task> </l:task>
<j:if test="${it.configurable}"> <j:if test="${it.configurable}">
<j:if test="${it.buildable}"> <j:if test="${it.buildable}">
......
# The MIT License # The MIT License
# #
# Copyright (c) 2004-2010, Sun Microsystems, Inc., Kohsuke Kawaguchi, # Copyright (c) 2004-2011, Sun Microsystems, Inc., Kohsuke Kawaguchi,
# Eric Lefevre-Ardant, Erik Ramfelt, Seiji Sogabe, id:cactusman, Romain Seguy # Eric Lefevre-Ardant, Erik Ramfelt, Seiji Sogabe, id:cactusman,
# Manufacture Francaise des Pneumatiques Michelin, Romain Seguy
# #
# Permission is hereby granted, free of charge, to any person obtaining a copy # Permission is hereby granted, free of charge, to any person obtaining a copy
# of this software and associated documentation files (the "Software"), to deal # of this software and associated documentation files (the "Software"), to deal
...@@ -53,6 +54,8 @@ AbstractProject.ExtendedReadPermission.Description=\ ...@@ -53,6 +54,8 @@ AbstractProject.ExtendedReadPermission.Description=\
This permission grants read-only access to project configurations. Please be \ This permission grants read-only access to project configurations. Please be \
aware that sensitive information in your builds, such as passwords, will be \ aware that sensitive information in your builds, such as passwords, will be \
exposed to a wider audience by granting this permission. exposed to a wider audience by granting this permission.
AbstractProject.WipeOutPermission.Description=\
This permission grants the ability to wipe out the contents of a workspace.
AbstractProject.AssignedLabelString.InvalidBooleanExpression=\ AbstractProject.AssignedLabelString.InvalidBooleanExpression=\
Invalid boolean expression: {0} Invalid boolean expression: {0}
AbstractProject.AssignedLabelString.NoMatch=\ AbstractProject.AssignedLabelString.NoMatch=\
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册