exposing PermissionGroup

git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6422 71c3de6d-444a-0410-be80-ed276b4c234a

exposing PermissionGroup
git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@6422 71c3de6d-444a-0410-be80-ed276b4c234a
4f4a3896 · kohsuke · 34ba554b · 4f4a3896 · 4f4a3896 · 4f4a3896
8 changed file
--- a/core/src/main/java/hudson/model/AbstractProject.java
+++ b/core/src/main/java/hudson/model/AbstractProject.java
@@ -6,6 +6,7 @@ import hudson.Launcher;
 import hudson.AbortException;
 import hudson.StructuredForm;
 import hudson.security.Permission;
+import hudson.security.PermissionGroup;
 import hudson.widgets.HistoryWidget;
 import hudson.widgets.BuildHistoryWidget;
 import hudson.maven.MavenModule;
@@ -928,5 +929,7 @@ public abstract class AbstractProject<P extends AbstractProject<P,R>,R extends A

    private static final Logger LOGGER = Logger.getLogger(AbstractProject.class.getName());

-    public static final Permission BUILD = new Permission(AbstractProject.class,"Build", Permission.UPDATE);
+    public static final PermissionGroup PERMISSIONS = new PermissionGroup(AbstractProject.class);
+
+    public static final Permission BUILD = new Permission(PERMISSIONS, "Build", Permission.UPDATE);
 }
--- a/core/src/main/java/hudson/model/Hudson.java
+++ b/core/src/main/java/hudson/model/Hudson.java
@@ -39,6 +39,7 @@ import hudson.security.LegacySecurityRealm;
 import hudson.security.Permission;
 import hudson.security.SecurityMode;
 import hudson.security.SecurityRealm;
+import hudson.security.PermissionGroup;
 import hudson.tasks.BuildStep;
 import hudson.tasks.BuildWrapper;
 import hudson.tasks.BuildWrappers;
@@ -2197,8 +2198,9 @@ public final class Hudson extends View implements ItemGroup<TopLevelItem>, Node,

    private static final Pattern ICON_SIZE = Pattern.compile("\\d+x\\d+");

-    public static final Permission ADMINISTER = new Permission(Hudson.class,"Administer", Permission.FULL_CONTROL);
-    public static final Permission READ = new Permission(Hudson.class,"Read", Permission.READ);
+    public static final PermissionGroup PERMISSIONS = new PermissionGroup(Hudson.class);
+    public static final Permission ADMINISTER = new Permission(PERMISSIONS,"Administer", Permission.FULL_CONTROL);
+    public static final Permission READ = new Permission(PERMISSIONS,"Read", Permission.READ);

    static {
        XSTREAM.alias("hudson",Hudson.class);

--- a/core/src/main/java/hudson/model/Item.java
+++ b/core/src/main/java/hudson/model/Item.java
@@ -7,6 +7,7 @@ import java.util.Collection;

 import hudson.search.SearchableModelObject;
 import hudson.security.Permission;
+import hudson.security.PermissionGroup;

 /**
 * Basic configuration unit in Hudson.
@@ -155,7 +156,8 @@ public interface Item extends PersistenceRoot, SearchableModelObject {
     */
    public void save() throws IOException;

-    public static final Permission CREATE = new Permission(Item.class,"Create", Permission.CREATE);
-    public static final Permission DELETE = new Permission(Item.class,"Delete", Permission.DELETE);
-    public static final Permission CONFIGURE = new Permission(Item.class,"Configure", Permission.CONFIGURE);
+    public static final PermissionGroup PERMISSIONS = new PermissionGroup(Item.class);
+    public static final Permission CREATE = new Permission(PERMISSIONS,"Create", Permission.CREATE);
+    public static final Permission DELETE = new Permission(PERMISSIONS,"Delete", Permission.DELETE);
+    public static final Permission CONFIGURE = new Permission(PERMISSIONS,"Configure", Permission.CONFIGURE);
 }
--- a/core/src/main/java/hudson/model/Run.java
+++ b/core/src/main/java/hudson/model/Run.java
@@ -10,6 +10,7 @@ import hudson.Util;
 import static hudson.Util.combine;
 import hudson.XmlFile;
 import hudson.security.Permission;
+import hudson.security.PermissionGroup;
 import hudson.matrix.MatrixBuild;
 import hudson.matrix.MatrixRun;
 import hudson.model.listeners.RunListener;
@@ -1047,6 +1048,7 @@ public abstract class Run <JobT extends Job<JobT,RunT>,RunT extends Run<JobT,Run
        public String getWhyKeepLog() { return Run.this.getWhyKeepLog(); }
    }

-    public static final Permission DELETE = new Permission(Run.class,"Delete", Permission.DELETE);
-    public static final Permission UPDATE = new Permission(Run.class,"Update", Permission.UPDATE);
+    public static final PermissionGroup PERMISSIONS = new PermissionGroup(Run.class);
+    public static final Permission DELETE = new Permission(PERMISSIONS,"Delete", Permission.DELETE);
+    public static final Permission UPDATE = new Permission(PERMISSIONS,"Update", Permission.UPDATE);
 }
--- a/core/src/main/java/hudson/model/View.java
+++ b/core/src/main/java/hudson/model/View.java
@@ -3,6 +3,7 @@ package hudson.model;
 import hudson.Util;
 import hudson.security.Permission;
 import hudson.security.ACL;
+import hudson.security.PermissionGroup;
 import hudson.scm.ChangeLogSet.Entry;
 import hudson.search.CollectionSearchIndex;
 import hudson.search.SearchIndexBuilder;
@@ -255,10 +256,11 @@ public abstract class View extends AbstractModelObject {
        }
    };

+    public static final PermissionGroup PERMISSIONS = new PermissionGroup(View.class);
    /**
     * Permission to create new jobs.
     */
-    public static final Permission CREATE = new Permission(View.class,"Create", Permission.CREATE);
-    public static final Permission DELETE = new Permission(View.class,"Delete", Permission.DELETE);
-    public static final Permission CONFIGURE = new Permission(View.class,"Configure", Permission.CONFIGURE);
+    public static final Permission CREATE = new Permission(PERMISSIONS,"Create", Permission.CREATE);
+    public static final Permission DELETE = new Permission(PERMISSIONS,"Delete", Permission.DELETE);
+    public static final Permission CONFIGURE = new Permission(PERMISSIONS,"Configure", Permission.CONFIGURE);
 }
--- a/core/src/main/java/hudson/security/GlobalMatrixAuthorizationStrategy.java
+++ b/core/src/main/java/hudson/security/GlobalMatrixAuthorizationStrategy.java
@@ -6,12 +6,11 @@ import com.thoughtworks.xstream.converters.UnmarshallingContext;
 import com.thoughtworks.xstream.io.HierarchicalStreamReader;
 import com.thoughtworks.xstream.io.HierarchicalStreamWriter;
 import hudson.model.Descriptor;
-import hudson.security.PermissionGroup;
 import net.sf.json.JSONObject;
+import org.acegisecurity.Authentication;
 import org.acegisecurity.acls.sid.GrantedAuthoritySid;
 import org.acegisecurity.acls.sid.PrincipalSid;
 import org.acegisecurity.acls.sid.Sid;
-import org.acegisecurity.Authentication;
 import org.kohsuke.stapler.StaplerRequest;

 import java.util.ArrayList;

--- a/core/src/main/java/hudson/security/Permission.java
+++ b/core/src/main/java/hudson/security/Permission.java
 package hudson.security;

 import hudson.model.Hudson;
-import hudson.CopyOnWrite;
 import net.sf.json.util.JSONUtils;

 import java.util.Collections;
 import java.util.List;
 import java.util.Map;
-import java.util.Iterator;
-import java.util.ArrayList;
 import java.util.concurrent.ConcurrentHashMap;
 import java.util.concurrent.CopyOnWriteArrayList;

@@ -23,6 +20,8 @@ import java.util.concurrent.CopyOnWriteArrayList;
 public final class Permission {
    public final Class owner;

+    public final PermissionGroup group;
+
    /**
     * Human readable ID of the permission.
     *
@@ -49,24 +48,25 @@ public final class Permission {
     */
    public final Permission impliedBy;

-    public Permission(Class owner, String name, Permission impliedBy) {
+    public Permission(PermissionGroup group, String name, Permission impliedBy) {
        if(!JSONUtils.isJavaIdentifier(name))
            throw new IllegalArgumentException(name+" is not a Java identifier");
-        this.owner = owner;
+        this.owner = group.owner;
+        this.group = group;
        this.name = name;
        this.impliedBy = impliedBy;

        synchronized (PERMISSIONS) {
-            Group g = PERMISSIONS.get(owner);
+            PermissionGroup g = PERMISSIONS.get(owner);
            if(g==null)
-                PERMISSIONS.put(owner,g = new Group(owner));
+                PERMISSIONS.put(owner,g = new PermissionGroup(owner));
            g.add(this);
        }
        ALL.add(this);
    }

-    private Permission(Class owner, String name) {
-        this(owner,name,null);
+    private Permission(PermissionGroup group, String name) {
+        this(group,name,null);
    }

    /**
@@ -97,7 +97,7 @@ public final class Permission {
        try {
            // force the initialization so that it will put all its permissions into the list.
            Class cl = Class.forName(id.substring(0,idx),true,Hudson.getInstance().getPluginManager().uberClassLoader);
-            Group g = PERMISSIONS.get(cl);
+            PermissionGroup g = PERMISSIONS.get(cl);
            if(g ==null)  return null;
            return g.find(id.substring(idx+1));
        } catch (ClassNotFoundException e) {
@@ -119,27 +119,18 @@ public final class Permission {
    }

    /**
-     * Returns all the {@link Group}s available in the system.
-     * @return
-     *      always non-null. Read-only.
-     */
-    public static List<Group> getAllGroups() {
-        return ALL_GROUPS;
-    }
-
-    /**
-     * Gets the {@link Group} whose {@link Group#owner} is the given class.
+     * Gets the {@link PermissionGroup} whose {@link PermissionGroup#owner} is the given class.
     *
     * @return  null if not found.
     */
-    public static Group getGroup(Class owner) {
+    public static PermissionGroup getGroup(Class owner) {
        return PERMISSIONS.get(owner);
    }

    /**
     * All the permissions in the system, keyed by their owners.
     */
-    private static final Map<Class,Group> PERMISSIONS = new ConcurrentHashMap<Class,Group>();
+    private static final Map<Class, PermissionGroup> PERMISSIONS = new ConcurrentHashMap<Class, PermissionGroup>();

    /**
     * The same as {@link #PERMISSIONS} but in a single list.
@@ -148,68 +139,6 @@ public final class Permission {

    private static final List<Permission> ALL_VIEW = Collections.unmodifiableList(ALL);

-    /**
-     * All groups. Sorted.
-     */
-    @CopyOnWrite
-    private static List<Group> ALL_GROUPS = Collections.emptyList();
-
-    /**
-     * Group of {@link Permission}s that share the same {@link Permission#owner owner}.
-     *
-     * Sortable by the owner class name.
-     */
-    public static final class Group implements Iterable<Permission>, Comparable<Group> {
-        private final List<Permission> permisisons = new CopyOnWriteArrayList<Permission>();
-        private final List<Permission> permisisonsView = Collections.unmodifiableList(permisisons);
-        public final Class owner;
-
-        protected Group(Class owner) {
-            this.owner = owner;
-
-            synchronized(Group.class) {
-                List<Group> allGroups = new ArrayList<Group>(ALL_GROUPS);
-                allGroups.add(this);
-                Collections.sort(allGroups);
-                ALL_GROUPS = Collections.unmodifiableList(allGroups);
-            }
-        }
-
-        public Iterator<Permission> iterator() {
-            return permisisons.iterator();
-        }
-
-        protected void add(Permission p) {
-            permisisons.add(p);
-        }
-
-        /**
-         * Lists up all the permissions in this group.
-         */
-        public List<Permission> getPermissions() {
-            return permisisonsView;
-        }
-
-        /**
-         * Finds a permission that has the given name.
-         */
-        public Permission find(String name) {
-            for (Permission p : permisisons) {
-                if(p.name.equals(name))
-                    return p;
-            }
-            return null;
-        }
-
-        public int compareTo(Group that) {
-            return this.owner.getName().compareTo(that.owner.getName());
-        }
-
-        public int size() {
-            return permisisons.size();
-        }
-    }
-
 //
 //
 // Root Permissions.
@@ -218,38 +147,40 @@ public final class Permission {
 // The intention is to allow a simplified AuthorizationStrategy implementation agnostic to
 // specific permissions.

+    public static final PermissionGroup GROUP = new PermissionGroup(Permission.class);
+
    /**
     * Root of all permissions
     */
-    public static final Permission FULL_CONTROL = new Permission(Permission.class,"FullControl");
+    public static final Permission FULL_CONTROL = new Permission(GROUP,"FullControl");

    /**
     * Generic read access.
     */
-    public static final Permission READ = new Permission(Permission.class,"GenericRead",FULL_CONTROL);
+    public static final Permission READ = new Permission(GROUP,"GenericRead",FULL_CONTROL);

    /**
     * Generic write access.
     */
-    public static final Permission WRITE = new Permission(Permission.class,"GenericWrite",FULL_CONTROL);
+    public static final Permission WRITE = new Permission(GROUP,"GenericWrite",FULL_CONTROL);

    /**
     * Generic create access.
     */
-    public static final Permission CREATE = new Permission(Permission.class,"GenericCreate",WRITE);
+    public static final Permission CREATE = new Permission(GROUP,"GenericCreate",WRITE);

    /**
     * Generic update access.
     */
-    public static final Permission UPDATE = new Permission(Permission.class,"GenericUpdate",WRITE);
+    public static final Permission UPDATE = new Permission(GROUP,"GenericUpdate",WRITE);

    /**
     * Generic delete access.
     */
-    public static final Permission DELETE = new Permission(Permission.class,"GenericDelete",WRITE);
+    public static final Permission DELETE = new Permission(GROUP,"GenericDelete",WRITE);

    /**
     * Generic configuration access.
     */
-    public static final Permission CONFIGURE = new Permission(Permission.class,"GenericConfigure",UPDATE);
+    public static final Permission CONFIGURE = new Permission(GROUP,"GenericConfigure",UPDATE);
 }
--- a/core/src/main/java/hudson/security/PermissionGroup.java
+++ b/core/src/main/java/hudson/security/PermissionGroup.java
+package hudson.security;
+
+import hudson.CopyOnWrite;
+
+import java.util.List;
+import java.util.Collections;
+import java.util.ArrayList;
+import java.util.Iterator;
+import java.util.concurrent.CopyOnWriteArrayList;
+
+/**
+ * Group of {@link Permission}s that share the same {@link Permission#owner owner}.
+ *
+ * Sortable by the owner class name.
+ */
+public final class PermissionGroup implements Iterable<Permission>, Comparable<PermissionGroup> {
+    private final List<Permission> permisisons = new CopyOnWriteArrayList<Permission>();
+    private final List<Permission> permisisonsView = Collections.unmodifiableList(permisisons);
+    public final Class owner;
+
+    public PermissionGroup(Class owner) {
+        this.owner = owner;
+
+        synchronized(PermissionGroup.class) {
+            List<PermissionGroup> allGroups = new ArrayList<PermissionGroup>(ALL);
+            allGroups.add(this);
+            Collections.sort(allGroups);
+            ALL = Collections.unmodifiableList(allGroups);
+        }
+    }
+
+    public Iterator<Permission> iterator() {
+        return permisisons.iterator();
+    }
+
+    /*package*/ void add(Permission p) {
+        permisisons.add(p);
+    }
+
+    /**
+     * Lists up all the permissions in this group.
+     */
+    public List<Permission> getPermissions() {
+        return permisisonsView;
+    }
+
+    /**
+     * Finds a permission that has the given name.
+     */
+    public Permission find(String name) {
+        for (Permission p : permisisons) {
+            if(p.name.equals(name))
+                return p;
+        }
+        return null;
+    }
+
+    public int compareTo(PermissionGroup that) {
+        return this.owner.getName().compareTo(that.owner.getName());
+    }
+
+    public int size() {
+        return permisisons.size();
+    }
+
+    /**
+     * All groups. Sorted.
+     */
+    @CopyOnWrite
+    private static List<PermissionGroup> ALL = Collections.emptyList();
+
+    /**
+     * Returns all the {@link PermissionGroup}s available in the system.
+     * @return
+     *      always non-null. Read-only.
+     */
+    public static List<PermissionGroup> getAll() {
+        return ALL;
+    }
+}