Restrict the channel if the user isn't the administrator.

git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@17579 71c3de6d-444a-0410-be80-ed276b4c234a

Restrict the channel if the user isn't the administrator.
git-svn-id: https://hudson.dev.java.net/svn/hudson/trunk/hudson/main@17579 71c3de6d-444a-0410-be80-ed276b4c234a
f9f3e4e4 · kohsuke · 717a3a63 · f9f3e4e4 · f9f3e4e4
Showing with 7 addition and 4 deletion

core/src/main/java/hudson/model/FullDuplexHttpChannel.java core/src/main/java/hudson/model/FullDuplexHttpChannel.java +5 -2

core/src/main/java/hudson/model/Hudson.java core/src/main/java/hudson/model/Hudson.java +2 -2

未找到文件。
--- a/core/src/main/java/hudson/model/FullDuplexHttpChannel.java
+++ b/core/src/main/java/hudson/model/FullDuplexHttpChannel.java
@@ -2,6 +2,7 @@ package hudson.model;

 import hudson.remoting.Channel;
 import hudson.remoting.PingThread;
+import hudson.remoting.Channel.Mode;
 import org.apache.commons.io.IOUtils;
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.StaplerResponse;
@@ -24,9 +25,11 @@ final class FullDuplexHttpChannel {
    private final PipedOutputStream pipe = new PipedOutputStream();

    private final UUID uuid;
+    private final boolean restricted;

-    public FullDuplexHttpChannel(UUID uuid) throws IOException {
+    public FullDuplexHttpChannel(UUID uuid, boolean restricted) throws IOException {
        this.uuid = uuid;
+        this.restricted = restricted;
    }

    /**
@@ -42,7 +45,7 @@ final class FullDuplexHttpChannel {
        // this is created first, and this controls the lifespan of the channel
        rsp.addHeader("Transfer-Encoding", "chunked");
        channel = new Channel("HTTP full-duplex channel " + uuid,
-                Computer.threadPoolForRemoting, new PipedInputStream(pipe), rsp.getOutputStream());
+                Computer.threadPoolForRemoting, Mode.BINARY, new PipedInputStream(pipe), rsp.getOutputStream(), null, restricted);

        // so that we can detect dead clients, periodically send something
        PingThread ping = new PingThread(channel) {

--- a/core/src/main/java/hudson/model/Hudson.java
+++ b/core/src/main/java/hudson/model/Hudson.java
@@ -2657,14 +2657,14 @@ public final class Hudson extends Node implements ItemGroup<TopLevelItem>, Stapl
     * Handles HTTP requests for duplex channels.
     */
    public void doDuplexChannel(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException, InterruptedException {
-        checkPermission(ADMINISTER);
+        checkPermission(READ);
        requirePOST();

        UUID uuid = UUID.fromString(req.getHeader("Session"));

        FullDuplexHttpChannel server;
        if(req.getHeader("Side").equals("download")) {
-            duplexChannels.put(uuid,server=new FullDuplexHttpChannel(uuid));
+            duplexChannels.put(uuid,server=new FullDuplexHttpChannel(uuid, !hasPermission(ADMINISTER)));
            try {
                server.download(req,rsp);
            } finally {