Don't show views monitor if no access

jenkinsci · Apr 30, 2020 · e2d5b08 · e2d5b08
1 parent 1ecd8b6
commit e2d5b08
Show file tree

Hide file tree

Showing 3 changed files with 74 additions and 4 deletions.
diff --git a/core/src/main/java/hudson/diagnosis/TooManyJobsButNoView.java b/core/src/main/java/hudson/diagnosis/TooManyJobsButNoView.java
@@ -51,8 +51,12 @@ public String getDisplayName() {
     }
 
     public boolean isActivated() {
-        Jenkins h = Jenkins.get();
-        return h.getViews().size()==1 && h.getItemMap().size()> THRESHOLD;
+        Jenkins j = Jenkins.get();
+        if (j.hasPermission(Jenkins.ADMINISTER)) {
+            return j.getViews().size() == 1 && j.getItemMap().size() > THRESHOLD;
+        }
+        // SystemRead
+        return j.getViews().size() == 1 && j.getItems().size() > THRESHOLD;
     }
 
     /**

diff --git a/core/src/main/resources/hudson/diagnosis/TooManyJobsButNoView/message.jelly b/core/src/main/resources/hudson/diagnosis/TooManyJobsButNoView/message.jelly
@@ -24,7 +24,7 @@ THE SOFTWARE.
 
 <?jelly escape-by-default='true'?>
 <j:jelly xmlns:j="jelly:core" xmlns:st="jelly:stapler" xmlns:d="jelly:define" xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form">
-  <div class="alert alert-warning">
+  <div id="tooManyJobsButNoView" class="alert alert-warning">
     <l:isAdmin>
       <form method="post" action="${rootURL}/${it.url}/act" name="${it.id}">
         <f:submit name="yes" value="${%Create a view now}"/>

diff --git a/test/src/test/java/hudson/diagnosis/TooManyJobsButNoViewTest.java b/test/src/test/java/hudson/diagnosis/TooManyJobsButNoViewTest.java
@@ -1,17 +1,30 @@
 package hudson.diagnosis;
 
 import com.gargoylesoftware.htmlunit.ElementNotFoundException;
+import com.gargoylesoftware.htmlunit.html.DomElement;
 import com.gargoylesoftware.htmlunit.html.HtmlForm;
 import com.gargoylesoftware.htmlunit.html.HtmlPage;
 import hudson.model.AdministrativeMonitor;
+import hudson.model.Item;
 import hudson.model.ListView;
+import hudson.model.View;
 import java.io.IOException;
 import java.net.URL;
-import static org.junit.Assert.*;
+
+import static org.hamcrest.CoreMatchers.is;
+import static org.hamcrest.MatcherAssert.assertThat;
+import static org.hamcrest.Matchers.containsString;
+import static org.hamcrest.Matchers.nullValue;
+import static org.junit.Assert.assertNotNull;
+import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
+
+import jenkins.model.Jenkins;
 import org.junit.Before;
 import org.junit.Rule;
 import org.junit.Test;
 import org.jvnet.hudson.test.JenkinsRule;
+import org.jvnet.hudson.test.MockAuthorizationStrategy;
 import org.xml.sax.SAXException;
 
 /**
@@ -67,4 +80,57 @@ private void verifyNoForm() throws IOException, SAXException {
 
         verifyNoForm();
     }
+
+    @Test
+    public void systemReadNoViewAccessVerifyNoForm() throws Exception {
+        final String READONLY = "readonly";
+
+        r.jenkins.setSecurityRealm(r.createDummySecurityRealm());
+        r.jenkins.setAuthorizationStrategy(new MockAuthorizationStrategy()
+                .grant(Jenkins.READ).everywhere().to(READONLY)
+                .grant(Jenkins.SYSTEM_READ).everywhere().to(READONLY)
+        );
+
+        for (int i = 0; i <= TooManyJobsButNoView.THRESHOLD; i++)
+            r.createFreeStyleProject();
+
+        JenkinsRule.WebClient wc = r.createWebClient();
+        wc.login(READONLY);
+
+        verifyNoMonitor(wc);
+    }
+
+    private void verifyNoMonitor(JenkinsRule.WebClient wc) throws IOException, SAXException {
+        HtmlPage p = wc.goTo("manage");
+        DomElement adminMonitorDiv = p.getElementById("tooManyJobsButNoView");
+        assertThat(adminMonitorDiv, is(nullValue()));
+    }
+
+    @Test
+    public void systemReadVerifyForm() throws Exception {
+        final String READONLY = "readonly";
+
+        r.jenkins.setSecurityRealm(r.createDummySecurityRealm());
+        r.jenkins.setAuthorizationStrategy(new MockAuthorizationStrategy()
+                .grant(Jenkins.READ).everywhere().to(READONLY)
+                .grant(Jenkins.SYSTEM_READ).everywhere().to(READONLY)
+                .grant(Item.READ).everywhere().to(READONLY)
+                .grant(View.READ).everywhere().to(READONLY)
+        );
+
+        for (int i = 0; i <= TooManyJobsButNoView.THRESHOLD; i++)
+            r.createFreeStyleProject();
+
+        JenkinsRule.WebClient wc = r.createWebClient();
+        wc.login(READONLY);
+
+        verifyMonitor(wc);
+    }
+
+    private void verifyMonitor(JenkinsRule.WebClient wc) throws IOException, SAXException {
+        HtmlPage p = wc.goTo("manage");
+        DomElement adminMonitorDiv = p.getElementById("tooManyJobsButNoView");
+        assertThat(adminMonitorDiv.getTextContent(), containsString("There appears to be a large number of jobs"));
+    }
+
 }