Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
xxadev
jenkins
提交
55db82c0
J
jenkins
项目概览
xxadev
/
jenkins
与 Fork 源项目一致
从无法访问的项目Fork
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
J
jenkins
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
55db82c0
编写于
9月 15, 2014
作者:
S
Stephen Connolly
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Allow control over the creation of different TopLevelItems from the ACL
上级
2dcc16e3
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
98 addition
and
1 deletion
+98
-1
core/src/main/java/hudson/model/ItemGroupMixIn.java
core/src/main/java/hudson/model/ItemGroupMixIn.java
+7
-0
core/src/main/java/hudson/model/Items.java
core/src/main/java/hudson/model/Items.java
+38
-0
core/src/main/java/hudson/model/TopLevelItemDescriptor.java
core/src/main/java/hudson/model/TopLevelItemDescriptor.java
+10
-0
core/src/main/java/hudson/security/ACL.java
core/src/main/java/hudson/security/ACL.java
+40
-0
core/src/main/resources/hudson/model/View/newJob.jelly
core/src/main/resources/hudson/model/View/newJob.jelly
+3
-1
未找到文件。
core/src/main/java/hudson/model/ItemGroupMixIn.java
浏览文件 @
55db82c0
...
...
@@ -31,6 +31,7 @@ import hudson.util.CopyOnWriteMap;
import
hudson.util.Function1
;
import
hudson.util.IOUtils
;
import
jenkins.model.Jenkins
;
import
org.acegisecurity.AccessDeniedException
;
import
org.kohsuke.stapler.StaplerRequest
;
import
org.kohsuke.stapler.StaplerResponse
;
...
...
@@ -258,12 +259,17 @@ public abstract class ItemGroupMixIn {
return
(
TopLevelItem
)
Items
.
load
(
parent
,
dir
);
}
});
acl
.
getACL
().
checkCreatePermission
(
parent
,
result
.
getDescriptor
());
add
(
result
);
ItemListener
.
fireOnCreated
(
result
);
Jenkins
.
getInstance
().
rebuildDependencyGraphAsync
();
return
result
;
}
catch
(
AccessDeniedException
e
)
{
// if anything fails, delete the config file to avoid further confusion
Util
.
deleteRecursive
(
dir
);
throw
e
;
}
catch
(
IOException
e
)
{
// if anything fails, delete the config file to avoid further confusion
Util
.
deleteRecursive
(
dir
);
...
...
@@ -274,6 +280,7 @@ public abstract class ItemGroupMixIn {
public
synchronized
TopLevelItem
createProject
(
TopLevelItemDescriptor
type
,
String
name
,
boolean
notify
)
throws
IOException
{
acl
.
checkPermission
(
Item
.
CREATE
);
acl
.
getACL
().
checkCreatePermission
(
parent
,
type
);
Jenkins
.
getInstance
().
getProjectNamingStrategy
().
checkName
(
name
);
if
(
parent
.
getItem
(
name
)!=
null
)
...
...
core/src/main/java/hudson/model/Items.java
浏览文件 @
55db82c0
...
...
@@ -29,11 +29,14 @@ import hudson.Extension;
import
hudson.XmlFile
;
import
hudson.model.listeners.ItemListener
;
import
hudson.remoting.Callable
;
import
hudson.security.ACL
;
import
hudson.security.AccessControlled
;
import
hudson.triggers.Trigger
;
import
hudson.util.DescriptorList
;
import
hudson.util.EditDistance
;
import
hudson.util.XStream2
;
import
jenkins.model.Jenkins
;
import
org.acegisecurity.Authentication
;
import
org.apache.commons.lang.StringUtils
;
import
java.io.File
;
...
...
@@ -112,6 +115,41 @@ public class Items {
return
Jenkins
.
getInstance
().<
TopLevelItem
,
TopLevelItemDescriptor
>
getDescriptorList
(
TopLevelItem
.
class
);
}
/**
* Returns all the registered {@link TopLevelItemDescriptor}s that the current security principle is allowed to
* create within the specified item group.
*
* @since 1.582
*/
public
static
List
<
TopLevelItemDescriptor
>
all
(
ItemGroup
c
)
{
return
all
(
Jenkins
.
getAuthentication
(),
c
);
}
/**
* Returns all the registered {@link TopLevelItemDescriptor}s that the specified security principle is allowed to
* create within the specified item group.
*
* @since 1.582
*/
public
static
List
<
TopLevelItemDescriptor
>
all
(
Authentication
a
,
ItemGroup
c
)
{
List
<
TopLevelItemDescriptor
>
result
=
new
ArrayList
<
TopLevelItemDescriptor
>();
ACL
acl
;
if
(
c
instanceof
AccessControlled
)
{
acl
=
((
AccessControlled
)
c
).
getACL
();
}
else
if
(
c
instanceof
Item
)
{
acl
=
((
Item
)
c
).
getACL
();
}
else
{
// fall back to root
acl
=
Jenkins
.
getInstance
().
getACL
();
}
for
(
TopLevelItemDescriptor
d:
all
())
{
if
(
acl
.
hasCreatePermission
(
a
,
c
,
d
)
&&
d
.
isApplicableIn
(
c
))
{
result
.
add
(
d
);
}
}
return
result
;
}
public
static
TopLevelItemDescriptor
getDescriptor
(
String
fqcn
)
{
return
Descriptor
.
find
(
all
(),
fqcn
);
}
...
...
core/src/main/java/hudson/model/TopLevelItemDescriptor.java
浏览文件 @
55db82c0
...
...
@@ -61,6 +61,16 @@ public abstract class TopLevelItemDescriptor extends Descriptor<TopLevelItem> {
return
true
;
}
/**
* {@link TopLevelItemDescriptor}s often may want to limit the scope within which they can be created.
* This method allows the subtype of {@link TopLevelItemDescriptor}s to filter them out.
*
* @since 1.582
*/
public
boolean
isApplicableIn
(
ItemGroup
parent
)
{
return
true
;
}
/**
* Tests if the given instance belongs to this descriptor, in the sense
* that this descriptor can produce items like the given one.
...
...
core/src/main/java/hudson/security/ACL.java
浏览文件 @
55db82c0
...
...
@@ -25,6 +25,8 @@ package hudson.security;
import
javax.annotation.Nonnull
;
import
hudson.remoting.Callable
;
import
hudson.model.ItemGroup
;
import
hudson.model.TopLevelItemDescriptor
;
import
jenkins.security.NonSerializableSecurityContext
;
import
jenkins.model.Jenkins
;
import
jenkins.security.NotReallyRoleSensitiveCallable
;
...
...
@@ -78,6 +80,44 @@ public abstract class ACL {
*/
public
abstract
boolean
hasPermission
(
@Nonnull
Authentication
a
,
@Nonnull
Permission
permission
);
/**
* Checks if the current security principal has the permission to create top level items within the specified item group.
* <p>
* Note that {@link #SYSTEM} can be passed in as the authentication parameter,
* in which case you should probably just assume it has can create anything.
* <p>
* This is just a convenience function.
* @param c the container of the item.
* @param d the descriptor of the item to be created.
* @throws AccessDeniedException
* if the user doesn't have the permission.
* @since 1.582
*/
public
final
void
checkCreatePermission
(
@Nonnull
ItemGroup
c
,
@Nonnull
TopLevelItemDescriptor
d
)
{
Authentication
a
=
Jenkins
.
getAuthentication
();
if
(!
hasCreatePermission
(
a
,
c
,
d
))
{
throw
new
AccessDeniedException
(
Messages
.
AccessDeniedException2_MissingPermission
(
a
.
getName
(),
"Item/CREATE/"
+
d
.
getDisplayName
()));
}
}
/**
* Checks if the given principle has the permission to create top level items within the specified item group.
* <p>
* Note that {@link #SYSTEM} can be passed in as the authentication parameter,
* in which case you should probably just assume it has can create anything.
* @param a the principle.
* @param c the container of the item.
* @param d the descriptor of the item to be created.
* @return false
* if the user doesn't have the permission.
* @since 1.582
*/
public
boolean
hasCreatePermission
(
@Nonnull
Authentication
a
,
@Nonnull
ItemGroup
c
,
@Nonnull
TopLevelItemDescriptor
d
)
{
return
true
;
}
//
// Sid constants
//
...
...
core/src/main/resources/hudson/model/View/newJob.jelly
浏览文件 @
55db82c0
...
...
@@ -31,7 +31,9 @@ THE SOFTWARE.
<l:layout norefresh="true" permission="${permission}" title="${%NewJob(it.newPronoun)}">
<st:include page="sidepanel.jelly" />
<l:main-panel>
<j:invokeStatic var="jobs" className="hudson.model.Items" method="all" />
<j:invokeStatic var="jobs" className="hudson.model.Items" method="all">
<j:arg type="hudson.model.ItemGroup" value="${it.ownerItemGroup}"/>
</j:invokeStatic>
<n:form nameTitle="${%JobName(it.newPronoun)}" copyTitle="${%CopyExisting(it.newPronoun)}" showCopyOption="${!empty(app.itemMap)}"
descriptors="${jobs}" checkUrl="${rootURL}/checkJobName" xmlns:n="/lib/hudson/newFromList" />
</l:main-panel>
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录