[FIXED JENKINS-18485] Introduce Computer.EXTENDED_READ permission

From now on user needs: Computer.CREATE to use 'create-node' CLI command Computer.DELETE to use 'delete-node' CLI command Computer.CONFIGURE to use 'update-node' CLI command and its REST alternative Computer.EXTENDED_READ to use 'get-node' CLI command and its REST alternative

[FIXED JENKINS-18485] Introduce Computer.EXTENDED_READ permission
From now on user needs: Computer.CREATE to use 'create-node' CLI command Computer.DELETE to use 'delete-node' CLI command Computer.CONFIGURE to use 'update-node' CLI command and its REST alternative Computer.EXTENDED_READ to use 'get-node' CLI command and its REST alternative
5db147e8 · Oliver Gondža · 3e45ce9a · 5db147e8 · 5db147e8 · 5db147e8
5 changed file
--- a/core/src/main/java/hudson/cli/GetNodeCommand.java
+++ b/core/src/main/java/hudson/cli/GetNodeCommand.java
@@ -52,7 +52,7 @@ public class GetNodeCommand extends CLICommand {
    @Override
    protected int run() throws IOException {

-        node.checkPermission(Computer.READ);
+        node.checkPermission(Computer.EXTENDED_READ);

        Jenkins.XSTREAM2.toXMLUTF8(node, stdout);


--- a/core/src/main/java/hudson/model/Computer.java
+++ b/core/src/main/java/hudson/model/Computer.java
@@ -1189,7 +1189,7 @@ public /*transient*/ abstract class Computer extends Actionable implements Acces

        if (req.getMethod().equals("GET")) {
            // read
-            checkPermission(READ);
+            checkPermission(EXTENDED_READ);
            rsp.setContentType("application/xml");
            Jenkins.XSTREAM2.toXMLUTF8(getNode(), rsp.getOutputStream());
            return;
@@ -1350,11 +1350,8 @@ public /*transient*/ abstract class Computer extends Actionable implements Acces
    }

    public static final PermissionGroup PERMISSIONS = new PermissionGroup(Computer.class,Messages._Computer_Permissions_Title());
-    /**
-     * Permission to configure slaves.
-     */
-    public static final Permission READ = new Permission(PERMISSIONS,"Read", Messages._Computer_ReadPermission_Description(), Permission.READ, PermissionScope.COMPUTER);
    public static final Permission CONFIGURE = new Permission(PERMISSIONS,"Configure", Messages._Computer_ConfigurePermission_Description(), Permission.CONFIGURE, PermissionScope.COMPUTER);
+    public static final Permission EXTENDED_READ = new Permission(PERMISSIONS,"ExtendedRead", Messages._Computer_ExtendedReadPermission_Description(), CONFIGURE, PermissionScope.COMPUTER);
    public static final Permission DELETE = new Permission(PERMISSIONS,"Delete", Messages._Computer_DeletePermission_Description(), Permission.DELETE, PermissionScope.COMPUTER);
    public static final Permission CREATE = new Permission(PERMISSIONS,"Create", Messages._Computer_CreatePermission_Description(), Permission.CREATE, PermissionScope.COMPUTER);
    public static final Permission DISCONNECT = new Permission(PERMISSIONS,"Disconnect", Messages._Computer_DisconnectPermission_Description(), Jenkins.ADMINISTER, PermissionScope.COMPUTER);

--- a/core/src/main/resources/hudson/model/Messages.properties
+++ b/core/src/main/resources/hudson/model/Messages.properties
@@ -102,7 +102,7 @@ CLI.wait-node-offline.shortDescription=Wait for a node to become offline
 Computer.Caption=Slave {0}
 Computer.NoSuchSlaveExists=No such slave "{0}" exists. Did you mean "{1}"?
 Computer.Permissions.Title=Slave
-Computer.ReadPermission.Description=This permission allows users to read slave configuration.
+Computer.ExtendedReadPermission.Description=This permission allows users to read slave configuration.
 Computer.ConfigurePermission.Description=This permission allows users to configure slaves.
 Computer.DeletePermission.Description=This permission allows users to delete existing slaves.
 Computer.CreatePermission.Description=This permission allows users to create slaves.

--- a/test/src/test/java/hudson/cli/GetNodeCommandTest.java
+++ b/test/src/test/java/hudson/cli/GetNodeCommandTest.java
@@ -57,7 +57,7 @@ public class GetNodeCommandTest {
                .invokeWithArgs("MySlave")
        ;

-        assertThat(result.stderr(), containsString("user is missing the Slave/Read permission"));
+        assertThat(result.stderr(), containsString("user is missing the Slave/ExtendedRead permission"));
        assertThat("No output expected", result.stdout(), isEmptyString());
        assertThat("Command is expected to fail", result.returnCode(), equalTo(-1));
    }
@@ -67,7 +67,7 @@ public class GetNodeCommandTest {
        j.createSlave("MySlave", null, null);

        final CLICommandInvoker.Result result = command
-                .authorizedTo(Computer.READ, Jenkins.READ)
+                .authorizedTo(Computer.EXTENDED_READ, Jenkins.READ)
                .invokeWithArgs("MySlave")
        ;

@@ -80,7 +80,7 @@ public class GetNodeCommandTest {
    @Test public void getNodeShouldFailIfNodeDoesNotExist() throws Exception {

        final CLICommandInvoker.Result result = command
-                .authorizedTo(Computer.READ, Jenkins.READ)
+                .authorizedTo(Computer.EXTENDED_READ, Jenkins.READ)
                .invokeWithArgs("MySlave")
        ;


--- a/test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java
+++ b/test/src/test/java/hudson/model/ComputerConfigDotXmlTest.java
@@ -107,7 +107,7 @@ public class ComputerConfigDotXmlTest {

        GlobalMatrixAuthorizationStrategy auth = new GlobalMatrixAuthorizationStrategy();
        rule.jenkins.setAuthorizationStrategy(auth);
-        auth.add(Computer.READ, "user");
+        auth.add(Computer.EXTENDED_READ, "user");

        final OutputStream outputStream = captureOutput();