[FIXED HUDSON-2380]

"Tag this build" link shouldn't show up in the navigation bar if the user doesn't have a permission. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@12323 71c3de6d-444a-0410-be80-ed276b4c234a

[FIXED HUDSON-2380]
"Tag this build" link shouldn't show up in the navigation bar if the user doesn't have a permission. git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@12323 71c3de6d-444a-0410-be80-ed276b4c234a
5a6ddd4f · kohsuke · 103a06d0 · 5a6ddd4f · 5a6ddd4f
2 changed file
--- a/core/src/main/java/hudson/scm/SubversionTagAction.java
+++ b/core/src/main/java/hudson/scm/SubversionTagAction.java
@@ -51,8 +51,18 @@ public class SubversionTagAction extends AbstractScmTagAction {
        tags.putAll(m);
    }

+    /**
+     * Was any tag created by the user already?
+     */
+    public boolean hasTags() {
+        for (Entry<SvnInfo, List<String>> e : tags.entrySet())
+            if(!e.getValue().isEmpty())
+                return true;
+        return false;
+    }
+
    public String getIconFileName() {
-        if(tags==null && !Hudson.isAdmin())
+        if(!hasTags() && !getACL().hasPermission(getPermission()))
            return null;
        return "save.gif";
    }

--- a/test/src/test/java/hudson/scm/SubversionSCMTest.java
+++ b/test/src/test/java/hudson/scm/SubversionSCMTest.java
 package hudson.scm;

+import com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException;
+import com.gargoylesoftware.htmlunit.html.HtmlAnchor;
+import com.gargoylesoftware.htmlunit.html.HtmlButton;
+import com.gargoylesoftware.htmlunit.html.HtmlForm;
+import com.gargoylesoftware.htmlunit.html.HtmlPage;
 import hudson.model.FreeStyleBuild;
 import hudson.model.FreeStyleProject;
 import hudson.model.Result;
+import org.dom4j.Document;
+import org.dom4j.io.DOMReader;
 import org.jvnet.hudson.test.Bug;
 import org.jvnet.hudson.test.HudsonHomeLoader.CopyExisting;
 import org.jvnet.hudson.test.HudsonTestCase;
@@ -16,7 +23,7 @@ import java.io.File;
 */
 public class SubversionSCMTest extends HudsonTestCase {
    @PresetData(ANONYMOUS_READONLY)
-    @Bug(-1) // TODO
+    @Bug(2380)
    public void testTaggingPermission() throws Exception {
        // create a build
        File svnRepo = new CopyExisting(getClass().getResource("/svn-repo.zip")).allocate();
@@ -33,6 +40,31 @@ public class SubversionSCMTest extends HudsonTestCase {
        SubversionTagAction action = b.getAction(SubversionTagAction.class);
        assertFalse(b.hasPermission(action.getPermission()));

-        // TODO: test permission
+        WebClient wc = new WebClient();
+        HtmlPage html = wc.getPage(b);
+
+        // make sure there's no link to the 'tag this build'
+        Document dom = new DOMReader().read(html);
+        assertNull(dom.selectSingleNode("//A[text()='Tag this build']"));
+        for( HtmlAnchor a : html.getAnchors() )
+            assertFalse(a.getHrefAttribute().contains("/tagBuild/"));
+
+        // and that tagging would fail
+        html = wc.getPage(b,"tagBuild/");
+        HtmlForm form = html.getFormByName("tag");
+        try {
+            form.submit((HtmlButton)last(form.getHtmlElementsByTagName("button")));
+            fail("should have been denied");
+        } catch (FailingHttpStatusCodeException e) {
+            // make sure the request is denied
+            assertEquals(e.getResponse().getStatusCode(),403);
+        }
+
+        // now login as alice and make sure that the tagging would succeed
+        wc = new WebClient();
+        wc.login("alice","alice");
+        html = wc.getPage(b,"tagBuild/");
+        form = html.getFormByName("tag");
+        form.submit((HtmlButton)last(form.getHtmlElementsByTagName("button")));
    }
 }