[FIX JENKINS-34094] Add access control

Also adds some API restrictions for JENKINS-33803.

[FIX JENKINS-34094] Add access control
Also adds some API restrictions for JENKINS-33803.
6f8540c3 · Daniel Beck · 1891deee · 6f8540c3 · 6f8540c3 · 6f8540c3
7 changed file
--- a/core/src/main/java/hudson/PluginManager.java
+++ b/core/src/main/java/hudson/PluginManager.java
@@ -993,6 +993,7 @@ public abstract class PluginManager extends AbstractModelObject implements OnMas
     */
    @Restricted(DoNotUse.class) // WebOnly
    public HttpResponse doPlugins() {
+        Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
        JSONArray response = new JSONArray();
        Map<String,JSONObject> allPlugins = new HashMap<>();
        for (PluginWrapper plugin : plugins) {
@@ -1058,6 +1059,7 @@ public abstract class PluginManager extends AbstractModelObject implements OnMas
     * Performs the installation of the plugins.
     */
    public void doInstall(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException {
+        Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
        Set<String> plugins = new LinkedHashSet<>();

        Enumeration<String> en = req.getParameterNames();
@@ -1086,6 +1088,7 @@ public abstract class PluginManager extends AbstractModelObject implements OnMas
    @RequirePOST
    @Restricted(DoNotUse.class) // WebOnly
    public HttpResponse doInstallPlugins(StaplerRequest req) throws IOException {
+        Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
        String payload = IOUtils.toString(req.getInputStream(), req.getCharacterEncoding());
        JSONObject request = JSONObject.fromObject(payload);
        JSONArray pluginListJSON = request.getJSONArray("plugins");
@@ -1118,6 +1121,7 @@ public abstract class PluginManager extends AbstractModelObject implements OnMas
     * @return The install job list.
     * @since FIXME
     */
+    @Restricted(NoExternalUse.class)
    public List<Future<UpdateCenter.UpdateCenterJob>> install(@Nonnull Collection<String> plugins, boolean dynamicLoad) {
        return install(plugins, dynamicLoad, null);
    }

--- a/core/src/main/java/hudson/PluginWrapper.java
+++ b/core/src/main/java/hudson/PluginWrapper.java
@@ -656,6 +656,7 @@ public class PluginWrapper implements Comparable<PluginWrapper>, ModelObject {
    @RequirePOST
    @Deprecated
    public HttpResponse doPin() throws IOException {
+        Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
        // See https://groups.google.com/d/msg/jenkinsci-dev/kRobm-cxFw8/6V66uhibAwAJ
        LOGGER.log(WARNING, "Call to pin plugin has been ignored. Plugin name: " + shortName);
        return HttpResponses.ok();
@@ -664,6 +665,7 @@ public class PluginWrapper implements Comparable<PluginWrapper>, ModelObject {
    @RequirePOST
    @Deprecated
    public HttpResponse doUnpin() throws IOException {
+        Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
        // See https://groups.google.com/d/msg/jenkinsci-dev/kRobm-cxFw8/6V66uhibAwAJ
        LOGGER.log(WARNING, "Call to unpin plugin has been ignored. Plugin name: " + shortName);
        return HttpResponses.ok();

--- a/core/src/main/java/hudson/model/UpdateCenter.java
+++ b/core/src/main/java/hudson/model/UpdateCenter.java
@@ -290,6 +290,7 @@ public class UpdateCenter extends AbstractModelObject implements Saveable, OnMas
     */
    @Restricted(DoNotUse.class)
    public HttpResponse doConnectionStatus(StaplerRequest request) {
+        Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
        try {
            String siteId = request.getParameter("siteId");
            if (siteId == null) {
@@ -338,6 +339,7 @@ public class UpdateCenter extends AbstractModelObject implements Saveable, OnMas
     */
    @Restricted(DoNotUse.class) // WebOnly
    public HttpResponse doIncompleteInstallStatus() {
+        Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
        try {
        Map<String,String> jobs = InstallUtil.getPersistedInstallStatus();
        if(jobs == null) {
@@ -354,6 +356,7 @@ public class UpdateCenter extends AbstractModelObject implements Saveable, OnMas
     * us to support install resume if Jenkins is restarted while plugins are
     * being installed.
     */
+    @Restricted(NoExternalUse.class)
    public synchronized void persistInstallStatus() {
        List<UpdateCenterJob> jobs = getJobs();

@@ -386,6 +389,7 @@ public class UpdateCenter extends AbstractModelObject implements Saveable, OnMas
     */
    @Restricted(DoNotUse.class)
    public HttpResponse doInstallStatus(StaplerRequest request) {
+        Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
        try {
            String correlationId = request.getParameter("correlationId");
            Map<String,Object> response = new HashMap<>();

--- a/core/src/main/java/hudson/model/UpdateSite.java
+++ b/core/src/main/java/hudson/model/UpdateSite.java
@@ -840,6 +840,7 @@ public class UpdateSite {
         *      See {@link UpdateCenter#isRestartRequiredForCompletion()}
         * @param correlationId A correlation ID to be set on the job.
         */
+        @Restricted(NoExternalUse.class)
        public Future<UpdateCenterJob> deploy(boolean dynamicLoad, @CheckForNull UUID correlationId) {
            Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
            UpdateCenter uc = Jenkins.getInstance().getUpdateCenter();

--- a/core/src/main/java/hudson/model/View.java
+++ b/core/src/main/java/hudson/model/View.java
@@ -1045,6 +1045,7 @@ public abstract class View extends AbstractModelObject implements AccessControll
     */
    @Restricted(DoNotUse.class)
    public Categories doItemCategories(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException {
+        getOwner().checkPermission(Item.CREATE);
        Categories categories = new Categories();
        int order = 0;
        for (TopLevelItemDescriptor descriptor : DescriptorVisibilityFilter.apply(getOwnerItemGroup(), Items.all(Jenkins.getAuthentication(), getOwnerItemGroup()))) {

--- a/core/src/main/java/hudson/model/ViewDescriptor.java
+++ b/core/src/main/java/hudson/model/ViewDescriptor.java
@@ -79,6 +79,7 @@ public abstract class ViewDescriptor extends Descriptor<View> {
     */
    @Restricted(DoNotUse.class)
    public AutoCompletionCandidates doAutoCompleteCopyNewItemFrom(@QueryParameter final String value, @AncestorInPath ItemGroup<?> container) {
+        // TODO do we need a permissions check here?
        AutoCompletionCandidates candidates = AutoCompletionCandidates.ofJobNames(TopLevelItem.class, value, container);
        if (container instanceof DirectlyModifiableTopLevelItemGroup) {
            DirectlyModifiableTopLevelItemGroup modifiableContainer = (DirectlyModifiableTopLevelItemGroup) container;

--- a/core/src/main/java/jenkins/model/Jenkins.java
+++ b/core/src/main/java/jenkins/model/Jenkins.java
@@ -4256,14 +4256,20 @@ public class Jenkins extends AbstractCIBase implements DirectlyModifiableTopLeve
    
    /**
     * If set, a currently active setup wizard - e.g. installation
+     *
+     * @since 2.0
     */
+    @Restricted(NoExternalUse.class)
    public SetupWizard getSetupWizard() {
        return setupWizard;
    }
    
    /**
     * Sets the setup wizard
+     *
+     * @since 2.0
     */
+    @Restricted(NoExternalUse.class)
    public void setSetupWizard(SetupWizard setupWizard) {
        this.setupWizard = setupWizard;
    }
@@ -4594,8 +4600,9 @@ public class Jenkins extends AbstractCIBase implements DirectlyModifiableTopLeve

    /**
     * The version number before it is "computed" (by a call to computeVersion()).
-     * @since FIXME
+     * @since 2.0
     */
+    @Restricted(NoExternalUse.class)
    public static final String UNCOMPUTED_VERSION = "?";

    /**
@@ -4617,8 +4624,9 @@ public class Jenkins extends AbstractCIBase implements DirectlyModifiableTopLeve
     * <p>
     * Parses the version into {@link VersionNumber}, or null if it's not parseable as a version number
     * (such as when Jenkins is run with "mvn hudson-dev:run")
-     * @since FIXME
+     * @since 2.0
     */
+    @Restricted(NoExternalUse.class)
    public @CheckForNull static VersionNumber getStoredVersion() {
        return toVersion(Jenkins.getActiveInstance().version);
    }