From 598502f095f2a3569c5e3a0aecbf20d42ed7ce4c Mon Sep 17 00:00:00 2001
From: kohsuke <kohsuke@71c3de6d-444a-0410-be80-ed276b4c234a>
Date: Mon, 9 Jun 2008 23:46:35 +0000
Subject: [PATCH] these pages need to be protected by the access control

git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@9976 71c3de6d-444a-0410-be80-ed276b4c234a
---
 .../security/HudsonPrivateSecurityRealm.java  | 27 ++++++++++++++++++-
 .../HudsonPrivateSecurityRealm/index.jelly    | 17 ++++++------
 .../index.properties                          |  4 +++
 .../sidepanel.jelly                           |  2 +-
 .../HudsonPrivateSecurityRealm/users.jelly    |  8 ------
 5 files changed, 39 insertions(+), 19 deletions(-)
 create mode 100644 core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/index.properties
 delete mode 100644 core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/users.jelly

diff --git a/core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java b/core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
index e278a4f7dd..9b2d9dee3d 100644
--- a/core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
+++ b/core/src/main/java/hudson/security/HudsonPrivateSecurityRealm.java
@@ -36,9 +36,13 @@ import java.util.ArrayList;
 /**
  * {@link SecurityRealm} that performs authentication by looking up {@link User}.
  *
+ * <p>
+ * Implements {@link AccessControlled} to satisfy view rendering, but in reality the access control
+ * is done against the {@link Hudson} object.
+ *
  * @author Kohsuke Kawaguchi
  */
-public class HudsonPrivateSecurityRealm extends SecurityRealm implements ModelObject {
+public class HudsonPrivateSecurityRealm extends SecurityRealm implements ModelObject, AccessControlled {
     /**
      * If true, sign up is not allowed.
      * <p>
@@ -134,6 +138,19 @@ public class HudsonPrivateSecurityRealm extends SecurityRealm implements ModelOb
         return "User Database";
     }
 
+    public ACL getACL() {
+        return Hudson.getInstance().getACL();
+    }
+
+    public void checkPermission(Permission permission) {
+        Hudson.getInstance().checkPermission(permission);
+    }
+
+    public boolean hasPermission(Permission permission) {
+        return Hudson.getInstance().hasPermission(permission);
+    }
+
+
     /**
      * All users who can login to the system.
      */
@@ -146,6 +163,14 @@ public class HudsonPrivateSecurityRealm extends SecurityRealm implements ModelOb
         return r;
     }
 
+    /**
+     * This is to map users under the security realm URL.
+     * This in turn helps us set up the right navigation breadcrumb.
+     */
+    public User getUser(String id) {
+        return User.get(id);
+    }
+
     // TODO
     private static final GrantedAuthority[] TEST_AUTHORITY = {new GrantedAuthorityImpl("authenticated")};
 
diff --git a/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/index.jelly b/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/index.jelly
index e10f32fc08..d5ddddccf0 100644
--- a/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/index.jelly
+++ b/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/index.jelly
@@ -1,22 +1,21 @@
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
-  <l:layout norefresh="true">
+  <l:layout permission="${app.ADMINISTER}">
     <st:include page="sidepanel.jelly" />
     <l:main-panel>
       <h1>Users</h1>
-      <p>
-        These users can log into Hudson. This is the super set of <a href="../people">this list</a>,
-        which also contains "users" who really just made some commits on some projects and has no
-        direct Hudson access.
-      </p>
+      <p>${%blurb}</p>
+      
       <table class="sortable pane bigtable" id="people">
         <tr>
-          <th />
+          <th style="width:32px"/>
           <th>${%Name}</th>
+          <th style="width:32px"/>
         </tr>
         <j:forEach var="user" items="${it.allUsers}">
           <tr>
-            <td><a href="${rootURL}/${user.url}"><img src="${imagesURL}/32x32/user.gif"/></a></td>
-            <td><a href="${rootURL}/${user.url}">${user}</a></td>
+            <td><a href="${user.url}"><img src="${imagesURL}/32x32/user.gif"/></a></td>
+            <td><a href="${user.url}">${user}</a></td>
+            <td><a href="${user.url}/configure"><img src="${imagesURL}/32x32/setting.gif"/></a></td>
           </tr>
         </j:forEach>
       </table>
diff --git a/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/index.properties b/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/index.properties
new file mode 100644
index 0000000000..199ed337bf
--- /dev/null
+++ b/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/index.properties
@@ -0,0 +1,4 @@
+blurb=\
+These users can log into Hudson. This is the super set of <a href="../people">this list</a>, \
+which also contains auto-created users who really just made some commits on some projects and have no \
+direct Hudson access.
diff --git a/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/sidepanel.jelly b/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/sidepanel.jelly
index 7312c11bde..3b0aa56f40 100644
--- a/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/sidepanel.jelly
+++ b/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/sidepanel.jelly
@@ -3,7 +3,7 @@
   <l:side-panel>
     <l:tasks>
       <l:task icon="images/24x24/up.gif" href="${rootURL}/" title="${%Back to Dashboard}" />
-      <l:task icon="images/24x24/new-user.gif" href="addUser" title="${%Create User}" />
+      <l:task icon="images/24x24/new-user.gif" href="addUser" title="${%Create User}" permission="${app.ADMINISTER}"/>
     </l:tasks>
   </l:side-panel>
 </j:jelly>
\ No newline at end of file
diff --git a/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/users.jelly b/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/users.jelly
deleted file mode 100644
index 1a1dc18dfe..0000000000
--- a/core/src/main/resources/hudson/security/HudsonPrivateSecurityRealm/users.jelly
+++ /dev/null
@@ -1,8 +0,0 @@
-<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
-  <l:layout norefresh="true">
-    <st:include page="sidepanel.jelly" it="${app}" />
-    <l:main-panel>
-      <h1>Users</h1>
-    </l:main-panel>
-  </l:layout>
-</j:jelly>
\ No newline at end of file
-- 
GitLab