From 44cf5e4ecec56e23d9c33d2a6c6632a4ff39da1b Mon Sep 17 00:00:00 2001 From: michael cirioli Date: Mon, 6 May 2024 13:02:01 -0400 Subject: [PATCH] [JENKINS-73038] Adapt plugin to allow user with Overall/Manage to configure global settings (#846) --- pom.xml | 3 ++- .../plugins/bitbucket/BitbucketApiUtils.java | 2 +- .../plugins/bitbucket/SSHCheckoutTrait.java | 4 +-- .../AbstractBitbucketEndpointDescriptor.java | 2 +- .../BitbucketEndpointConfiguration.java | 8 +++++- .../BitbucketEndpointConfigurationTest.java | 26 +++++++++++++++++++ 6 files changed, 39 insertions(+), 6 deletions(-) diff --git a/pom.xml b/pom.xml index ac7ffa046..2bbcf42c4 100644 --- a/pom.xml +++ b/pom.xml @@ -5,7 +5,7 @@ org.jenkins-ci.plugins plugin - 4.80 + 4.81 @@ -30,6 +30,7 @@ jenkinsci/bitbucket-branch-source-plugin 2.401.3 2.0 + true diff --git a/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/BitbucketApiUtils.java b/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/BitbucketApiUtils.java index f33cfca52..c9bb8eb66 100644 --- a/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/BitbucketApiUtils.java +++ b/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/BitbucketApiUtils.java @@ -35,7 +35,7 @@ public static ListBoxModel getFromBitbucket(SCMSourceOwner context, if (repoOwner == null) { return new ListBoxModel(); } - if (context == null && !Jenkins.get().hasPermission(Jenkins.ADMINISTER) || + if (context == null && !Jenkins.get().hasPermission(Jenkins.MANAGE) || context != null && !context.hasPermission(Item.EXTENDED_READ)) { return new ListBoxModel(); // not supposed to be seeing this form } diff --git a/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/SSHCheckoutTrait.java b/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/SSHCheckoutTrait.java index 4bcb620ab..626ba2b70 100644 --- a/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/SSHCheckoutTrait.java +++ b/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/SSHCheckoutTrait.java @@ -171,7 +171,7 @@ public ListBoxModel doFillCredentialsIdItems(@CheckForNull @AncestorInPath Item @QueryParameter String serverUrl, @QueryParameter String credentialsId) { if (context == null - ? !Jenkins.get().hasPermission(Jenkins.ADMINISTER) + ? !Jenkins.get().hasPermission(Jenkins.MANAGE) : !context.hasPermission(Item.EXTENDED_READ)) { return new StandardListBoxModel().includeCurrentValue(credentialsId); } @@ -202,7 +202,7 @@ public FormValidation doCheckCredentialsId(@CheckForNull @AncestorInPath Item co @QueryParameter String serverUrl, @QueryParameter String value) { if (context == null - ? !Jenkins.get().hasPermission(Jenkins.ADMINISTER) + ? !Jenkins.get().hasPermission(Jenkins.MANAGE) : !context.hasPermission(Item.EXTENDED_READ)) { return FormValidation.ok(); } diff --git a/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/endpoints/AbstractBitbucketEndpointDescriptor.java b/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/endpoints/AbstractBitbucketEndpointDescriptor.java index 951a69509..42abca4e7 100644 --- a/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/endpoints/AbstractBitbucketEndpointDescriptor.java +++ b/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/endpoints/AbstractBitbucketEndpointDescriptor.java @@ -56,7 +56,7 @@ public abstract class AbstractBitbucketEndpointDescriptor extends Descriptor getEndpoints() { * @param endpoints the list of endpoints. */ public synchronized void setEndpoints(@CheckForNull List endpoints) { - Jenkins.get().checkPermission(Jenkins.ADMINISTER); + Jenkins.get().checkPermission(Jenkins.MANAGE); List eps = new ArrayList<>(Util.fixNull(endpoints)); // remove duplicates and empty urls Set serverUrls = new HashSet<>(); diff --git a/src/test/java/com/cloudbees/jenkins/plugins/bitbucket/endpoints/BitbucketEndpointConfigurationTest.java b/src/test/java/com/cloudbees/jenkins/plugins/bitbucket/endpoints/BitbucketEndpointConfigurationTest.java index 3f606543f..ed5a85e9b 100644 --- a/src/test/java/com/cloudbees/jenkins/plugins/bitbucket/endpoints/BitbucketEndpointConfigurationTest.java +++ b/src/test/java/com/cloudbees/jenkins/plugins/bitbucket/endpoints/BitbucketEndpointConfigurationTest.java @@ -32,6 +32,7 @@ import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl; import com.google.common.io.Resources; import hudson.XmlFile; +import hudson.model.User; import hudson.security.ACL; import hudson.security.ACLContext; import hudson.security.AuthorizationStrategy; @@ -49,7 +50,9 @@ import org.junit.Before; import org.junit.ClassRule; import org.junit.Test; +import org.junit.jupiter.api.Assertions; import org.jvnet.hudson.test.JenkinsRule; +import org.jvnet.hudson.test.MockAuthorizationStrategy; import static org.hamcrest.Matchers.contains; import static org.hamcrest.Matchers.hasSize; @@ -129,6 +132,29 @@ public void given__newInstance__when__configuredAsAnon__then__permissionError() } @Test + public void given__newInstance__when__configuredAsManage__then__OK() { + BitbucketEndpointConfiguration instance = new BitbucketEndpointConfiguration(); + try { + j.jenkins.setSecurityRealm(j.createDummySecurityRealm()); + MockAuthorizationStrategy mockStrategy = new MockAuthorizationStrategy(); + mockStrategy.grant(Jenkins.MANAGE).onRoot().to("admin"); + j.jenkins.setAuthorizationStrategy(mockStrategy); + try (ACLContext context = ACL.as(User.get("admin"))) { + instance.setEndpoints(Arrays.asList( + new BitbucketCloudEndpoint(true, "first"), + new BitbucketCloudEndpoint(true, "second"), + new BitbucketCloudEndpoint(true, "third"))); + assertThat(instance.getEndpoints(), contains(instanceOf(BitbucketCloudEndpoint.class))); + assertThat(instance.getEndpoints().get(0).getCredentialsId(), is("first")); + } catch (RuntimeException x) { + Assertions.fail("No exception should be thrown"); + } + } finally { + j.jenkins.setAuthorizationStrategy(AuthorizationStrategy.UNSECURED); + } + } + + @Test public void given__newInstance__when__configuredWithServerUsingCloudUrl__then__convertedToCloud() { BitbucketEndpointConfiguration instance = new BitbucketEndpointConfiguration(); assumeThat(instance.getEndpoints().get(0).getCredentialsId(), not(is("dummy")));