From 6b5c4436d1024a31652bf549b5fa9ce4ba6921ef Mon Sep 17 00:00:00 2001
From: Ryan Campbell <ryan.campbell@gmail.com>
Date: Tue, 30 Aug 2011 16:07:36 -0500
Subject: [PATCH] Introduce a fine-grained permission to control who is allowed
 to run the Groovy Console.

---
 changelog.html                                            | 2 ++
 core/src/main/java/hudson/cli/GroovyCommand.java          | 4 ++--
 core/src/main/java/jenkins/model/Jenkins.java             | 4 +++-
 core/src/main/resources/hudson/model/Messages.properties  | 3 +++
 .../src/main/resources/jenkins/model/Jenkins/manage.jelly | 8 +++++---
 core/src/main/resources/lib/hudson/scriptConsole.jelly    | 2 +-
 6 files changed, 16 insertions(+), 7 deletions(-)

diff --git a/changelog.html b/changelog.html
index 75918f1639..5fb20d8b1a 100644
--- a/changelog.html
+++ b/changelog.html
@@ -57,6 +57,8 @@ Upcoming changes</a>
 <ul class=image>
   <li class=rfe>
   Bundling <a href="https://wiki.jenkins-ci.org/display/JENKINS/Translation+Assistance+Plugin">the translation assistance plugin</a> in the hope of increasing the contribution.
+  <li class=rfe>
+  Introduce a fine-grained permission to control who is allowed to run the Groovy Console.
 </ul>
 </div><!--=TRUNK-END=-->
 
diff --git a/core/src/main/java/hudson/cli/GroovyCommand.java b/core/src/main/java/hudson/cli/GroovyCommand.java
index 0470543914..2c44da6c94 100644
--- a/core/src/main/java/hudson/cli/GroovyCommand.java
+++ b/core/src/main/java/hudson/cli/GroovyCommand.java
@@ -69,8 +69,8 @@ public class GroovyCommand extends CLICommand implements Serializable {
     public List<String> remaining = new ArrayList<String>();
 
     protected int run() throws Exception {
-        // this allows the caller to manipulate the JVM state, so require the admin privilege.
-        Jenkins.getInstance().checkPermission(Jenkins.ADMINISTER);
+        // this allows the caller to manipulate the JVM state, so require the execute script privilege.
+        Jenkins.getInstance().checkPermission(Jenkins.EXECUTE_SCRIPT);
 
         Binding binding = new Binding();
         binding.setProperty("out",new PrintWriter(stdout,true));
diff --git a/core/src/main/java/jenkins/model/Jenkins.java b/core/src/main/java/jenkins/model/Jenkins.java
index 9581459cf4..e4cbc00a3b 100644
--- a/core/src/main/java/jenkins/model/Jenkins.java
+++ b/core/src/main/java/jenkins/model/Jenkins.java
@@ -25,6 +25,7 @@
  */
 package jenkins.model;
 
+import hudson.model.Messages;
 import hudson.model.Node;
 import hudson.model.AbstractCIBase;
 import hudson.model.AbstractProject;
@@ -3125,7 +3126,7 @@ public class Jenkins extends AbstractCIBase implements ModifiableItemGroup<TopLe
 
     private void doScript(StaplerRequest req, StaplerResponse rsp, RequestDispatcher view) throws IOException, ServletException {
         // ability to run arbitrary script is dangerous
-        checkPermission(ADMINISTER);
+        checkPermission(EXECUTE_SCRIPT);
 
         String text = req.getParameter("script");
         if (text != null) {
@@ -3621,6 +3622,7 @@ public class Jenkins extends AbstractCIBase implements ModifiableItemGroup<TopLe
     public static final PermissionGroup PERMISSIONS = Permission.HUDSON_PERMISSIONS;
     public static final Permission ADMINISTER = Permission.HUDSON_ADMINISTER;
     public static final Permission READ = new Permission(PERMISSIONS,"Read",Messages._Hudson_ReadPermission_Description(),Permission.READ,PermissionScope.JENKINS);
+    public static final Permission EXECUTE_SCRIPT = new Permission(PERMISSIONS, "ExecuteScript", Messages._Hudson_ExecuteScriptPermission_Description(),ADMINISTER,PermissionScope.JENKINS);
 
     /**
      * {@link Authentication} object that represents the anonymous user.
diff --git a/core/src/main/resources/hudson/model/Messages.properties b/core/src/main/resources/hudson/model/Messages.properties
index ed4b111d37..005d2f24b2 100644
--- a/core/src/main/resources/hudson/model/Messages.properties
+++ b/core/src/main/resources/hudson/model/Messages.properties
@@ -143,6 +143,9 @@ Hudson.ReadPermission.Description=\
   This permission is useful when you don''t want unauthenticated users to see \
   Jenkins pages &mdash; revoke this permission from the anonymous user, then \
   add "authenticated" pseudo-user and grant the read access. 
+Hudson.ExecuteScriptPermission.Description=\
+  The "execute script" permission is necessary for running groovy scripts \
+  via the groovy console or groovy cli command.
 Hudson.NodeDescription=the master Jenkins node
 
 Item.Permissions.Title=Job
diff --git a/core/src/main/resources/jenkins/model/Jenkins/manage.jelly b/core/src/main/resources/jenkins/model/Jenkins/manage.jelly
index 07a373b625..5d052f903e 100644
--- a/core/src/main/resources/jenkins/model/Jenkins/manage.jelly
+++ b/core/src/main/resources/jenkins/model/Jenkins/manage.jelly
@@ -92,9 +92,11 @@ THE SOFTWARE.
       <local:feature icon="terminal.png"    href="cli"         title="${%Jenkins CLI}">
         ${%JenkinsCliText}
       </local:feature>
-      <local:feature icon="notepad.png"      href="script"      title="${%Script Console}">
-        ${%Executes arbitrary script for administration/trouble-shooting/diagnostics.}
-      </local:feature>
+      <l:hasPermission permission="${it.EXECUTE_SCRIPT}">
+        <local:feature icon="notepad.png"      href="script"      title="${%Script Console}">
+          ${%Executes arbitrary script for administration/trouble-shooting/diagnostics.}
+        </local:feature>
+      </l:hasPermission>
       <local:feature icon="network.png"      href="computer/"   title="${%Manage Nodes}">
         ${%Add, remove, control and monitor the various nodes that Jenkins runs jobs on.}
       </local:feature>
diff --git a/core/src/main/resources/lib/hudson/scriptConsole.jelly b/core/src/main/resources/lib/hudson/scriptConsole.jelly
index cd975737c0..c6673401a5 100644
--- a/core/src/main/resources/lib/hudson/scriptConsole.jelly
+++ b/core/src/main/resources/lib/hudson/scriptConsole.jelly
@@ -27,7 +27,7 @@ THE SOFTWARE.
 -->
 <?jelly escape-by-default='true'?>
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
-  <l:layout norefresh="true">
+  <l:layout norefresh="true" permission="${h.EXECUTE_SCRIPT}">
     <st:include page="sidepanel.jelly" />
 
     <l:main-panel>
-- 
GitLab