Skip to content

Commit

Permalink
JENKINS-49486:
Browse files Browse the repository at this point in the history
Enable variable expansion for ManualCondition.users (approvers)
by adding parameters 'AbstractBuild<?,?> build' to methods in PromotionPermissionHelper.java
and ManualCondition.getUsersAsSet()
  • Loading branch information
Rick Liu committed Apr 18, 2018
1 parent d4557bf commit 5394488
Show file tree
Hide file tree
Showing 5 changed files with 32 additions and 17 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -155,7 +155,7 @@ public boolean canPromote(String processName) {
if (process != null) {
manualCondition = (ManualCondition) process.getPromotionCondition(ManualCondition.class.getName());
}
return PromotionPermissionHelper.hasPermission(getProject(), manualCondition);
return PromotionPermissionHelper.hasPermission(getProject(), owner, manualCondition);
}

/**
Expand Down Expand Up @@ -239,7 +239,7 @@ public HttpResponse doForcePromotion(@QueryParameter("name") String name) throws
throw new IllegalStateException("This project doesn't have the promotion criterion called "+name);

ManualCondition manualCondition = (ManualCondition) p.getPromotionCondition(ManualCondition.class.getName());
PromotionPermissionHelper.checkPermission(getProject(), manualCondition);
PromotionPermissionHelper.checkPermission(getProject(), owner, manualCondition);

p.promote(owner,new UserCause(),new ManualPromotionBadge());

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,7 @@

package hudson.plugins.promoted_builds;

import hudson.model.AbstractBuild;
import hudson.model.AbstractProject;
import hudson.plugins.promoted_builds.conditions.ManualCondition;
import hudson.security.AccessDeniedException2;
Expand All @@ -40,19 +41,19 @@
@Restricted(NoExternalUse.class)
public class PromotionPermissionHelper {

public static void checkPermission(@Nonnull AbstractProject<?,?> target, @CheckForNull ManualCondition associatedCondition) {
if (!hasPermission(target, associatedCondition)) {
public static void checkPermission(@Nonnull AbstractProject<?,?> target, AbstractBuild<?,?> build, @CheckForNull ManualCondition associatedCondition) {
if (!hasPermission(target, build, associatedCondition)) {
// TODO: Give a more accurate error message if the user has Promotion.PROMOTE but is not in the list of approvers.
throw new AccessDeniedException2(Jenkins.getAuthentication(), Promotion.PROMOTE);
}
}

public static boolean hasPermission(@Nonnull AbstractProject<?,?> target, @CheckForNull ManualCondition associatedCondition) {
public static boolean hasPermission(@Nonnull AbstractProject<?,?> target, AbstractBuild<?,?> build, @CheckForNull ManualCondition associatedCondition) {
if (associatedCondition == null) {
return target.hasPermission(Promotion.PROMOTE);
} else if (associatedCondition.getUsersAsSet().isEmpty()) {
} else if (associatedCondition.getUsersAsSet(build).isEmpty()) {
return target.hasPermission(Promotion.PROMOTE);
} else if (associatedCondition.isInUsersList() || associatedCondition.isInGroupList()) {
} else if (associatedCondition.isInUsersList(build) || associatedCondition.isInGroupList(build)) {
// Explicitly listed users do not need Promotion/Promote permissions.
return true;
} else {
Expand Down
5 changes: 3 additions & 2 deletions src/main/java/hudson/plugins/promoted_builds/Status.java
Original file line number Diff line number Diff line change
Expand Up @@ -375,7 +375,7 @@ public boolean canBuild() {
}

ManualCondition manualCondition = (ManualCondition) process.getPromotionCondition(ManualCondition.class.getName());
return PromotionPermissionHelper.hasPermission(target.getProject(), manualCondition);
return PromotionPermissionHelper.hasPermission(target.getProject(), target, manualCondition);
}

/**
Expand All @@ -398,7 +398,8 @@ public void doBuild(StaplerRequest req, StaplerResponse rsp) throws IOException,
}

ManualCondition manualCondition = (ManualCondition) process.getPromotionCondition(ManualCondition.class.getName());
if (!PromotionPermissionHelper.hasPermission(target.getProject(), manualCondition)) {
// TODO: Use PromotionPermissionHelper.checkPermission instead, but consider issues with backwards compatibility.
if (!PromotionPermissionHelper.hasPermission(target.getProject(), target, manualCondition)) {
return;
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,8 @@
import java.util.concurrent.Future;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.TimeoutException;
import java.util.logging.Level;
import java.util.logging.Logger;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;

Expand All @@ -54,6 +56,7 @@
public class ManualCondition extends PromotionCondition {
private String users;
private List<ParameterDefinition> parameterDefinitions = new ArrayList<ParameterDefinition>();
private static final Logger LOGGER = Logger.getLogger(ManualCondition.class.getName());

/**
*
Expand Down Expand Up @@ -95,18 +98,28 @@ public ParameterDefinition getParameterDefinition(String name) {
return null;
}

public Set<String> getUsersAsSet() {
public Set<String> getUsersAsSet(AbstractBuild<?,?> build) {
if (users == null || users.equals(""))
return Collections.emptySet();

Set<String> set = new HashSet<String>();
for (String user : users.split(",")) {
user = user.trim();

if (user.trim().length() > 0)
LOGGER.log(Level.FINER, "ManualCondition.getUsersAsSet(): user={0}", user);
if (user.startsWith("$")){
user = user.substring(1);
if (user.startsWith("{") && user.endsWith("}"))
user = user.substring(1, user.length() -1);
LOGGER.log(Level.INFO, "ManualCondition.getUsersAsSet(): build.getBuildVariableResolver().resolve(user=${0})={1}",
new Object [] {user, build.getBuildVariableResolver().resolve(user)});
user = build.getBuildVariableResolver().resolve(user);
}
if (user != null && user.trim().length() > 0)
set.add(user);
}

LOGGER.log(Level.INFO, "ManualCondition.getUsersAsSet(): return set={0}", set);
return set;
}

Expand All @@ -129,7 +142,7 @@ public PromotionBadge isMet(PromotionProcess promotionProcess, AbstractBuild<?,?
* approved.
*/
public boolean canApprove(PromotionProcess promotionProcess, AbstractBuild<?,?> build) {
if (!PromotionPermissionHelper.hasPermission(build.getProject(), this)) {
if (!PromotionPermissionHelper.hasPermission(build.getProject(), build, this)) {
return false;
}

Expand All @@ -149,17 +162,17 @@ public boolean canApprove(PromotionProcess promotionProcess, AbstractBuild<?,?>
* Check if user is listed in user list as a specific user
* @since 2.24
*/
public boolean isInUsersList() {
public boolean isInUsersList(AbstractBuild<?,?> build) {
// Current user must be in users list or users list is empty
Set<String> usersSet = getUsersAsSet();
Set<String> usersSet = getUsersAsSet(build);
return usersSet.contains(Hudson.getAuthentication().getName());
}

/*
* Check if user is a member of a groups as listed in the user / group field
*/
public boolean isInGroupList() {
Set<String> groups = getUsersAsSet();
public boolean isInGroupList(AbstractBuild<?,?> build) {
Set<String> groups = getUsersAsSet(build);
GrantedAuthority[] authorities = Hudson.getAuthentication().getAuthorities();
for (GrantedAuthority authority : authorities) {
if (groups.contains(authority.getAuthority()))
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@
<f:form method="post" action="promotionProcess/${h.encode(p.name)}/promotionCondition/hudson.plugins.promoted_builds.conditions.ManualCondition/approve" name="approve">
<j:if test="${!it.usersAsSet.isEmpty()}">
<f:entry title="${%Approvers}" description="${%List of users or groups that can approve this promotion}">
<f:textbox value="${it.users}" readonly="true"/>
<f:textbox value="${it.getUsersAsSet(pba.owner)}" readonly="true"/>
</f:entry>
</j:if>
<j:if test="${it.canApprove(p, pba.owner)}">
Expand Down

0 comments on commit 5394488

Please sign in to comment.