Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
xxadev
jenkins
提交
7259d869
J
jenkins
项目概览
xxadev
/
jenkins
与 Fork 源项目一致
从无法访问的项目Fork
通知
3
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
J
jenkins
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
7259d869
编写于
3月 13, 2020
作者:
D
Daniel Beck
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
[JENKINS-61465] Make checkAnyPermission work on non-AccessControlled
上级
a79101ce
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
114 addition
and
0 deletion
+114
-0
core/src/main/java/hudson/Functions.java
core/src/main/java/hudson/Functions.java
+25
-0
test/src/test/java/hudson/security/ACLTest.java
test/src/test/java/hudson/security/ACLTest.java
+50
-0
test/src/test/resources/hudson/security/ACLTest/EitherPermission/index.jelly
...rces/hudson/security/ACLTest/EitherPermission/index.jelly
+39
-0
未找到文件。
core/src/main/java/hudson/Functions.java
浏览文件 @
7259d869
...
...
@@ -1172,6 +1172,31 @@ public class Functions {
ac
.
checkAnyPermission
(
permissions
);
}
/**
* This version is so that the 'checkAnyPermission' on {@code layout.jelly}
* degrades gracefully if "it" is not an {@link AccessControlled} object.
* Otherwise it will perform no check and that problem is hard to notice.
*/
public
static
void
checkAnyPermission
(
Object
object
,
Permission
[]
permissions
)
throws
IOException
,
ServletException
{
if
(
permissions
==
null
||
permissions
.
length
==
0
)
{
return
;
}
if
(
object
instanceof
AccessControlled
)
checkAnyPermission
((
AccessControlled
)
object
,
permissions
);
else
{
List
<
Ancestor
>
ancs
=
Stapler
.
getCurrentRequest
().
getAncestors
();
for
(
Ancestor
anc
:
Iterators
.
reverse
(
ancs
))
{
Object
o
=
anc
.
getObject
();
if
(
o
instanceof
AccessControlled
)
{
checkAnyPermission
((
AccessControlled
)
o
,
permissions
);
return
;
}
}
checkAnyPermission
(
Jenkins
.
get
(),
permissions
);
}
}
private
static
class
Tag
implements
Comparable
<
Tag
>
{
double
ordinal
;
String
hierarchy
;
...
...
test/src/test/java/hudson/security/ACLTest.java
浏览文件 @
7259d869
...
...
@@ -24,8 +24,10 @@
package
hudson.security
;
import
com.gargoylesoftware.htmlunit.FailingHttpStatusCodeException
;
import
hudson.model.FreeStyleProject
;
import
hudson.model.Item
;
import
hudson.model.UnprotectedRootAction
;
import
hudson.model.User
;
import
java.util.Collection
;
import
java.util.Collections
;
...
...
@@ -39,6 +41,9 @@ import org.junit.rules.ExpectedException;
import
org.jvnet.hudson.test.Issue
;
import
org.jvnet.hudson.test.JenkinsRule
;
import
org.jvnet.hudson.test.MockAuthorizationStrategy
;
import
org.jvnet.hudson.test.TestExtension
;
import
javax.annotation.CheckForNull
;
public
class
ACLTest
{
...
...
@@ -121,6 +126,29 @@ public class ACLTest {
r
.
jenkins
.
getACL
().
checkAnyPermission
();
}
@Test
@Issue
(
"JENKINS-61465"
)
public
void
checkAnyPermissionOnNonAccessControlled
()
throws
Exception
{
expectedException
=
ExpectedException
.
none
();
r
.
jenkins
.
setSecurityRealm
(
r
.
createDummySecurityRealm
());
r
.
jenkins
.
setAuthorizationStrategy
(
new
MockAuthorizationStrategy
()
.
grant
(
Jenkins
.
READ
).
everywhere
().
toEveryone
());
JenkinsRule
.
WebClient
wc
=
r
.
createWebClient
();
try
{
wc
.
goTo
(
"either"
);
fail
();
}
catch
(
FailingHttpStatusCodeException
ex
)
{
assertEquals
(
403
,
ex
.
getStatusCode
());
}
r
.
jenkins
.
setAuthorizationStrategy
(
new
MockAuthorizationStrategy
()
.
grant
(
Jenkins
.
ADMINISTER
).
everywhere
().
toEveryone
());
wc
.
goTo
(
"either"
);
// expected to work
}
private
static
class
DoNotBotherMe
extends
AuthorizationStrategy
{
@Override
...
...
@@ -140,4 +168,26 @@ public class ACLTest {
}
@TestExtension
public
static
class
EitherPermission
implements
UnprotectedRootAction
{
@CheckForNull
@Override
public
String
getIconFileName
()
{
return
null
;
}
@CheckForNull
@Override
public
String
getDisplayName
()
{
return
null
;
}
@CheckForNull
@Override
public
String
getUrlName
()
{
return
"either"
;
}
}
}
test/src/test/resources/hudson/security/ACLTest/EitherPermission/index.jelly
0 → 100644
浏览文件 @
7259d869
<!--
The MIT License
Copyright (c) 2011, CloudBees, Inc.
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in
all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
THE SOFTWARE.
-->
<!-- 3rd party license acknowledgements and -->
<?jelly escape-by-default='true'?>
<j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:s="/lib/form">
<l:layout permissions="${app.MANAGE_AND_SYSTEM_READ}" type="one-column" title="Hello">
<l:main-panel>
<div class="container-fluid">
<div class="row">
<div class="col-md-24">
<h1>Hello, world!</h1>
</div>
</div>
</div>
</l:main-panel>
</l:layout>
</j:jelly>
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录