getAuthorities should delegate to impersonate.

b44787dd · Jesse Glick · 16148e79 · b44787dd
隐藏空白更改
内联并排

Showing with 19 addition and 18 deletion

core/src/main/java/hudson/model/User.java core/src/main/java/hudson/model/User.java +19 -18

未找到文件。
--- a/core/src/main/java/hudson/model/User.java
+++ b/core/src/main/java/hudson/model/User.java
@@ -39,11 +39,12 @@ import jenkins.model.Jenkins;
 import net.sf.json.JSONObject;

 import org.acegisecurity.Authentication;
-import org.acegisecurity.AuthenticationException;
 import org.acegisecurity.GrantedAuthority;
 import org.acegisecurity.providers.UsernamePasswordAuthenticationToken;
 import org.acegisecurity.providers.anonymous.AnonymousAuthenticationToken;
 import org.acegisecurity.userdetails.UserDetails;
+import org.acegisecurity.userdetails.UsernameNotFoundException;
+import org.springframework.dao.DataAccessException;
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
 import org.kohsuke.stapler.export.Exported;
@@ -252,11 +253,14 @@ public class User extends AbstractModelObject implements AccessControlled, Descr
        try {
            UserDetails u = Jenkins.getInstance().getSecurityRealm().loadUserByUsername(id);
            return new UsernamePasswordAuthenticationToken(u.getUsername(), "", u.getAuthorities());
-        } catch (AuthenticationException e) {
-            // TODO: use the stored GrantedAuthorities
-            return new UsernamePasswordAuthenticationToken(id, "",
-                new GrantedAuthority[]{SecurityRealm.AUTHENTICATED_AUTHORITY});
+        } catch (UsernameNotFoundException e) {
+            // ignore
+        } catch (DataAccessException e) {
+            // ignore
        }
+        // TODO: use the stored GrantedAuthorities
+        return new UsernamePasswordAuthenticationToken(id, "",
+            new GrantedAuthority[]{SecurityRealm.AUTHENTICATED_AUTHORITY});
    }

    /**
@@ -625,26 +629,23 @@ public class User extends AbstractModelObject implements AccessControlled, Descr
    /**
     * Checks for authorities (groups) associated with this user.
     * If the caller lacks {@link Jenkins#ADMINISTER}, or any problems arise, returns an empty list.
+     * {@link SecurityRealm#AUTHENTICATED_AUTHORITY} and the username, if present, are omitted.
     * @since XXX
-     * @return a possibly empty but not null list
+     * @return a possibly empty list
     */
-    public List<String> getAuthorities() {
+    public @Nonnull List<String> getAuthorities() {
        if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) {
            return Collections.emptyList();
        }
        List<String> r = new ArrayList<String>();
-        try {
-            for (GrantedAuthority a : Jenkins.getInstance().getSecurityRealm().loadUserByUsername(id).getAuthorities()) {
-                if (a.equals(SecurityRealm.AUTHENTICATED_AUTHORITY)) {
-                    continue;
-                }
-                String n = a.getAuthority();
-                if (n != null && !n.equals(id)) {
-                    r.add(n);
-                }
+        for (GrantedAuthority a : impersonate().getAuthorities()) {
+            if (a.equals(SecurityRealm.AUTHENTICATED_AUTHORITY)) {
+                continue;
+            }
+            String n = a.getAuthority();
+            if (n != null && !n.equals(id)) {
+                r.add(n);
            }
-        } catch (Exception x) {
-            LOGGER.log(Level.FINE, "could not look up " + id, x);
        }
        return r;
    }