these pages need to be protected by the access control

git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@9976 71c3de6d-444a-0410-be80-ed276b4c234a

these pages need to be protected by the access control
git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@9976 71c3de6d-444a-0410-be80-ed276b4c234a
598502f0 · kohsuke · 43d4ab0b · 598502f0 · 598502f0 · 598502f0
5 changed file
--- a/core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
+++ b/core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
@@ -36,9 +36,13 @@ import java.util.ArrayList;
 /**
 * {@link SecurityRealm} that performs authentication by looking up {@link User}.
 *
+ * <p>
+ * Implements {@link AccessControlled} to satisfy view rendering, but in reality the access control
+ * is done against the {@link Hudson} object.
+ *
 * @author Kohsuke Kawaguchi
 */
-public class HudsonPrivateSecurityRealm extends SecurityRealm implements ModelObject {
+public class HudsonPrivateSecurityRealm extends SecurityRealm implements ModelObject, AccessControlled {
    /**
     * If true, sign up is not allowed.
     * <p>
@@ -134,6 +138,19 @@ public class HudsonPrivateSecurityRealm extends SecurityRealm implements ModelOb
        return "User Database";
    }

+    public ACL getACL() {
+        return Hudson.getInstance().getACL();
+    }
+
+    public void checkPermission(Permission permission) {
+        Hudson.getInstance().checkPermission(permission);
+    }
+
+    public boolean hasPermission(Permission permission) {
+        return Hudson.getInstance().hasPermission(permission);
+    }
+
+
    /**
     * All users who can login to the system.
     */
@@ -146,6 +163,14 @@ public class HudsonPrivateSecurityRealm extends SecurityRealm implements ModelOb
        return r;
    }

+    /**
+     * This is to map users under the security realm URL.
+     * This in turn helps us set up the right navigation breadcrumb.
+     */
+    public User getUser(String id) {
+        return User.get(id);
+    }
+
    // TODO
    private static final GrantedAuthority[] TEST_AUTHORITY = {new GrantedAuthorityImpl("authenticated")};


--- a/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/index.jelly
+++ b/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/index.jelly
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
-  <l:layout norefresh="true">
+  <l:layout permission="${app.ADMINISTER}">
    <st:include page="sidepanel.jelly" />
    <l:main-panel>
      <h1>Users</h1>
-      <p>
-        These users can log into Hudson. This is the super set of <a href="../people">this list</a>,
-        which also contains "users" who really just made some commits on some projects and has no
-        direct Hudson access.
-      </p>
+      <p>${%blurb}</p>
+      
      <table class="sortable pane bigtable" id="people">
        <tr>
-          <th />
+          <th style="width:32px"/>
          <th>${%Name}</th>
+          <th style="width:32px"/>
        </tr>
        <j:forEach var="user" items="${it.allUsers}">
          <tr>
-            <td><a href="${rootURL}/${user.url}"><img src="${imagesURL}/32x32/user.gif"/></a></td>
-            <td><a href="${rootURL}/${user.url}">${user}</a></td>
+            <td><a href="${user.url}"><img src="${imagesURL}/32x32/user.gif"/></a></td>
+            <td><a href="${user.url}">${user}</a></td>
+            <td><a href="${user.url}/configure"><img src="${imagesURL}/32x32/setting.gif"/></a></td>
          </tr>
        </j:forEach>
      </table>

--- a/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/index.properties
+++ b/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/index.properties
+blurb=\
+These users can log into Hudson. This is the super set of <a href="../people">this list</a>, \
+which also contains auto-created users who really just made some commits on some projects and have no \
+direct Hudson access.
--- a/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/sidepanel.jelly
+++ b/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/sidepanel.jelly
@@ -3,7 +3,7 @@
  <l:side-panel>
    <l:tasks>
      <l:task icon="images/24x24/up.gif" href="${rootURL}/" title="${%Back to Dashboard}" />
-      <l:task icon="images/24x24/new-user.gif" href="addUser" title="${%Create User}" />
+      <l:task icon="images/24x24/new-user.gif" href="addUser" title="${%Create User}" permission="${app.ADMINISTER}"/>
    </l:tasks>
  </l:side-panel>
 </j:jelly>
\ No newline at end of file
--- a/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/users.jelly
+++ b/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/users.jelly
-<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
-  <l:layout norefresh="true">
-    <st:include page="sidepanel.jelly" it="${app}" />
-    <l:main-panel>
-      <h1>Users</h1>
-    </l:main-panel>
-  </l:layout>
-</j:jelly>
\ No newline at end of file