[JENKINS-29936] when removing an item use ACL.SYTEM.

The OldDataMonitor should be using ACL.system not the ACL of the calling thread - this also avoids the deadlock when an authorization strategy is being saved (locking the auth strategy) which will call into the ODM at the same point the ODM is being called an a Run has been saved (which will cause a lookup of the job which will do a permissions check).

[JENKINS-29936] when removing an item use ACL.SYTEM.
The OldDataMonitor should be using ACL.system not the ACL of the calling thread - this also avoids the deadlock when an authorization strategy is being saved (locking the auth strategy) which will call into the ODM at the same point the ODM is being called an a Run has been saved (which will cause a lookup of the job which will do a permissions check).
8a077a80 · James Nord · 6bfbe0c7 · 8a077a80
隐藏空白更改
内联并排

Showing with 23 addition and 6 deletion

core/src/main/java/hudson/diagnosis/OldDataMonitor.java core/src/main/java/hudson/diagnosis/OldDataMonitor.java +23 -6

未找到文件。
--- a/core/src/main/java/hudson/diagnosis/OldDataMonitor.java
+++ b/core/src/main/java/hudson/diagnosis/OldDataMonitor.java
@@ -25,6 +25,7 @@ package hudson.diagnosis;
 import com.google.common.base.Predicate;
 import com.thoughtworks.xstream.converters.UnmarshallingContext;
 import hudson.Extension;
 import hudson.XmlFile;
 import hudson.model.AdministrativeMonitor;
@@ -36,8 +37,10 @@ import hudson.model.Saveable;
 import hudson.model.listeners.ItemListener;
 import hudson.model.listeners.RunListener;
 import hudson.model.listeners.SaveableListener;
+import hudson.security.ACL;
 import hudson.util.RobustReflectionConverter;
 import hudson.util.VersionNumber;
 import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -48,8 +51,13 @@ import java.util.Map;
 import java.util.TreeSet;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 import javax.annotation.CheckForNull;
 import jenkins.model.Jenkins;
+import org.acegisecurity.context.SecurityContext;
+import org.acegisecurity.context.SecurityContextHolder;
 import org.kohsuke.stapler.HttpRedirect;
 import org.kohsuke.stapler.HttpResponse;
 import org.kohsuke.stapler.HttpResponses;
@@ -102,12 +110,21 @@ public class OldDataMonitor extends AdministrativeMonitor {
    }
    private static void remove(Saveable obj, boolean isDelete) {
-        OldDataMonitor odm = get(Jenkins.getInstance());
+        Jenkins j = Jenkins.getInstance();
-        synchronized (odm) {
+        if (j != null) {
-            odm.data.remove(referTo(obj));
+            OldDataMonitor odm = get(j);
-            if (isDelete && obj instanceof Job<?,?>)
+            SecurityContext oldContext = ACL.impersonate(ACL.SYSTEM);
-                for (Run r : ((Job<?,?>)obj).getBuilds())
+            try {
-                    odm.data.remove(referTo(r));
+                synchronized (odm) {
+                    odm.data.remove(referTo(obj));
+                    if (isDelete && obj instanceof Job<?,?>)
+                        for (Run r : ((Job<?,?>)obj).getBuilds())
+                            odm.data.remove(referTo(r));
+                }
+            } 
+            finally {
+                SecurityContextHolder.setContext(oldContext);
+            }
        }
    }