Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[JENKINS-66382] check item permission instead of the Jenkins root lev… #31

Open
wants to merge 4 commits into
base: master
Choose a base branch
from
Open

[JENKINS-66382] check item permission instead of the Jenkins root lev… #31

wants to merge 4 commits into from

Conversation

ironcerocloudbees
Copy link

…el permission for ShelveProjectAction

  • Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
  • Ensure that the pull request title represents the desired changelog entry
  • Please describe what you did
  • Link to relevant issues in GitHub or Jira
  • Link to relevant pull requests, esp. upstream and downstream changes
  • Ensure you have provided tests - that demonstrates feature works or fixes the issue

Checking the item permission we will review the job-delete permission for the current item, instead of the job-delete permission at the root level. Having this option, we will be able to grant shelve permission to a specific job (instead to all jobs) using Role Based Strategy and Project Based Matrix Authorization Strategy.

PierreBtz
PierreBtz requested changes Aug 21, 2021
View reviewed changes
Copy link
Contributor

@PierreBtz PierreBtz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the contribution, however as discussed in the JIRA, I cannot accept it while the issue inheritance question is not answered.

src/main/java/org/jvnet/hudson/plugins/shelveproject/ShelveProjectAction.java Outdated
@@ -54,7 +54,7 @@ public boolean isShelvingProject() {
@POST
public HttpResponse doShelveProject()
throws IOException, ServletException {
Jenkins.getInstance().checkPermission(Item.DELETE);
getItem().checkPermission(Item.DELETE);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you protect against item being null line 34 (impossible in the production code, but some tests are using it), then you should also protect here

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done, I checked and now it throws a ServletException in case a null is found. Additionaly, adding this check, we save the NullPointerException in the following LOGGER.info method.

src/main/java/org/jvnet/hudson/plugins/shelveproject/ShelveProjectAction.java Outdated
private static String getShelveIconPath() {
return Jenkins.getInstance().hasPermission(SHELVE_PERMISSION) ? ACTION_ICON_PATH : null;
private static String getShelveIconPath(Item item) {
return (item != null) ? item.hasPermission(SHELVE_PERMISSION) ? ACTION_ICON_PATH : null : null;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The method should not be static anymore. You can also simplify the code, instead of two ternary operators, hard to read, you can use one: item != null && item.hasPermission(SHELVE_PERMISSION) ? ...

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

src/test/java/org/jvnet/hudson/plugins/shelveproject/ShelveProjectActionTest.java Outdated
@@ -21,37 +24,39 @@
public class ShelveProjectActionTest {
@Rule
public JenkinsRule jenkinsRule = new JenkinsRule();
private FreeStyleProject project = null;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: we don't care about it being a FreeStyleProject:

Suggested change
private FreeStyleProject project = null;
private Item project;

(you'll also have to modify the imports)

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

src/test/java/org/jvnet/hudson/plugins/shelveproject/ShelveProjectActionTest.java Outdated Show resolved Hide resolved
src/test/java/org/jvnet/hudson/plugins/shelveproject/ShelveProjectActionTest.java Outdated Show resolved Hide resolved
@PierreBtz PierreBtz added the bug label Aug 21, 2021
@ironcerocloudbees
Copy link
Author

Thank @PierreBtz so much for the peer review. We will wait for the resolution of the issue inheritance question.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@PierreBtz PierreBtz PierreBtz requested changes

Assignees

@ironcerocloudbees ironcerocloudbees

Labels
bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ironcerocloudbees @PierreBtz