From 5394488dbc46b431ceabe86c70be06301714a31d Mon Sep 17 00:00:00 2001 From: Rick Liu Date: Tue, 20 Mar 2018 10:37:53 -0700 Subject: [PATCH] JENKINS-49486: Enable variable expansion for ManualCondition.users (approvers) by adding parameters 'AbstractBuild build' to methods in PromotionPermissionHelper.java and ManualCondition.getUsersAsSet() --- .../promoted_builds/PromotedBuildAction.java | 4 +-- .../PromotionPermissionHelper.java | 11 ++++---- .../plugins/promoted_builds/Status.java | 5 ++-- .../conditions/ManualCondition.java | 27 ++++++++++++++----- .../conditions/ManualCondition/index.jelly | 2 +- 5 files changed, 32 insertions(+), 17 deletions(-) diff --git a/src/main/java/hudson/plugins/promoted_builds/PromotedBuildAction.java b/src/main/java/hudson/plugins/promoted_builds/PromotedBuildAction.java index a1f4b20e..656d0d10 100644 --- a/src/main/java/hudson/plugins/promoted_builds/PromotedBuildAction.java +++ b/src/main/java/hudson/plugins/promoted_builds/PromotedBuildAction.java @@ -155,7 +155,7 @@ public boolean canPromote(String processName) { if (process != null) { manualCondition = (ManualCondition) process.getPromotionCondition(ManualCondition.class.getName()); } - return PromotionPermissionHelper.hasPermission(getProject(), manualCondition); + return PromotionPermissionHelper.hasPermission(getProject(), owner, manualCondition); } /** @@ -239,7 +239,7 @@ public HttpResponse doForcePromotion(@QueryParameter("name") String name) throws throw new IllegalStateException("This project doesn't have the promotion criterion called "+name); ManualCondition manualCondition = (ManualCondition) p.getPromotionCondition(ManualCondition.class.getName()); - PromotionPermissionHelper.checkPermission(getProject(), manualCondition); + PromotionPermissionHelper.checkPermission(getProject(), owner, manualCondition); p.promote(owner,new UserCause(),new ManualPromotionBadge()); diff --git a/src/main/java/hudson/plugins/promoted_builds/PromotionPermissionHelper.java b/src/main/java/hudson/plugins/promoted_builds/PromotionPermissionHelper.java index 9be534da..8f96a696 100644 --- a/src/main/java/hudson/plugins/promoted_builds/PromotionPermissionHelper.java +++ b/src/main/java/hudson/plugins/promoted_builds/PromotionPermissionHelper.java @@ -24,6 +24,7 @@ package hudson.plugins.promoted_builds; +import hudson.model.AbstractBuild; import hudson.model.AbstractProject; import hudson.plugins.promoted_builds.conditions.ManualCondition; import hudson.security.AccessDeniedException2; @@ -40,19 +41,19 @@ @Restricted(NoExternalUse.class) public class PromotionPermissionHelper { - public static void checkPermission(@Nonnull AbstractProject target, @CheckForNull ManualCondition associatedCondition) { - if (!hasPermission(target, associatedCondition)) { + public static void checkPermission(@Nonnull AbstractProject target, AbstractBuild build, @CheckForNull ManualCondition associatedCondition) { + if (!hasPermission(target, build, associatedCondition)) { // TODO: Give a more accurate error message if the user has Promotion.PROMOTE but is not in the list of approvers. throw new AccessDeniedException2(Jenkins.getAuthentication(), Promotion.PROMOTE); } } - public static boolean hasPermission(@Nonnull AbstractProject target, @CheckForNull ManualCondition associatedCondition) { + public static boolean hasPermission(@Nonnull AbstractProject target, AbstractBuild build, @CheckForNull ManualCondition associatedCondition) { if (associatedCondition == null) { return target.hasPermission(Promotion.PROMOTE); - } else if (associatedCondition.getUsersAsSet().isEmpty()) { + } else if (associatedCondition.getUsersAsSet(build).isEmpty()) { return target.hasPermission(Promotion.PROMOTE); - } else if (associatedCondition.isInUsersList() || associatedCondition.isInGroupList()) { + } else if (associatedCondition.isInUsersList(build) || associatedCondition.isInGroupList(build)) { // Explicitly listed users do not need Promotion/Promote permissions. return true; } else { diff --git a/src/main/java/hudson/plugins/promoted_builds/Status.java b/src/main/java/hudson/plugins/promoted_builds/Status.java index 6a06699a..7f1a01d3 100644 --- a/src/main/java/hudson/plugins/promoted_builds/Status.java +++ b/src/main/java/hudson/plugins/promoted_builds/Status.java @@ -375,7 +375,7 @@ public boolean canBuild() { } ManualCondition manualCondition = (ManualCondition) process.getPromotionCondition(ManualCondition.class.getName()); - return PromotionPermissionHelper.hasPermission(target.getProject(), manualCondition); + return PromotionPermissionHelper.hasPermission(target.getProject(), target, manualCondition); } /** @@ -398,7 +398,8 @@ public void doBuild(StaplerRequest req, StaplerResponse rsp) throws IOException, } ManualCondition manualCondition = (ManualCondition) process.getPromotionCondition(ManualCondition.class.getName()); - if (!PromotionPermissionHelper.hasPermission(target.getProject(), manualCondition)) { + // TODO: Use PromotionPermissionHelper.checkPermission instead, but consider issues with backwards compatibility. + if (!PromotionPermissionHelper.hasPermission(target.getProject(), target, manualCondition)) { return; } diff --git a/src/main/java/hudson/plugins/promoted_builds/conditions/ManualCondition.java b/src/main/java/hudson/plugins/promoted_builds/conditions/ManualCondition.java index 6bdeab90..bccbacc3 100644 --- a/src/main/java/hudson/plugins/promoted_builds/conditions/ManualCondition.java +++ b/src/main/java/hudson/plugins/promoted_builds/conditions/ManualCondition.java @@ -31,6 +31,8 @@ import java.util.concurrent.Future; import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeoutException; +import java.util.logging.Level; +import java.util.logging.Logger; import javax.annotation.CheckForNull; import javax.annotation.Nonnull; @@ -54,6 +56,7 @@ public class ManualCondition extends PromotionCondition { private String users; private List parameterDefinitions = new ArrayList(); + private static final Logger LOGGER = Logger.getLogger(ManualCondition.class.getName()); /** * @@ -95,7 +98,7 @@ public ParameterDefinition getParameterDefinition(String name) { return null; } - public Set getUsersAsSet() { + public Set getUsersAsSet(AbstractBuild build) { if (users == null || users.equals("")) return Collections.emptySet(); @@ -103,10 +106,20 @@ public Set getUsersAsSet() { for (String user : users.split(",")) { user = user.trim(); - if (user.trim().length() > 0) + LOGGER.log(Level.FINER, "ManualCondition.getUsersAsSet(): user={0}", user); + if (user.startsWith("$")){ + user = user.substring(1); + if (user.startsWith("{") && user.endsWith("}")) + user = user.substring(1, user.length() -1); + LOGGER.log(Level.INFO, "ManualCondition.getUsersAsSet(): build.getBuildVariableResolver().resolve(user=${0})={1}", + new Object [] {user, build.getBuildVariableResolver().resolve(user)}); + user = build.getBuildVariableResolver().resolve(user); + } + if (user != null && user.trim().length() > 0) set.add(user); } + LOGGER.log(Level.INFO, "ManualCondition.getUsersAsSet(): return set={0}", set); return set; } @@ -129,7 +142,7 @@ public PromotionBadge isMet(PromotionProcess promotionProcess, AbstractBuild build) { - if (!PromotionPermissionHelper.hasPermission(build.getProject(), this)) { + if (!PromotionPermissionHelper.hasPermission(build.getProject(), build, this)) { return false; } @@ -149,17 +162,17 @@ public boolean canApprove(PromotionProcess promotionProcess, AbstractBuild * Check if user is listed in user list as a specific user * @since 2.24 */ - public boolean isInUsersList() { + public boolean isInUsersList(AbstractBuild build) { // Current user must be in users list or users list is empty - Set usersSet = getUsersAsSet(); + Set usersSet = getUsersAsSet(build); return usersSet.contains(Hudson.getAuthentication().getName()); } /* * Check if user is a member of a groups as listed in the user / group field */ - public boolean isInGroupList() { - Set groups = getUsersAsSet(); + public boolean isInGroupList(AbstractBuild build) { + Set groups = getUsersAsSet(build); GrantedAuthority[] authorities = Hudson.getAuthentication().getAuthorities(); for (GrantedAuthority authority : authorities) { if (groups.contains(authority.getAuthority())) diff --git a/src/main/resources/hudson/plugins/promoted_builds/conditions/ManualCondition/index.jelly b/src/main/resources/hudson/plugins/promoted_builds/conditions/ManualCondition/index.jelly index bf15935d..fc5abc55 100644 --- a/src/main/resources/hudson/plugins/promoted_builds/conditions/ManualCondition/index.jelly +++ b/src/main/resources/hudson/plugins/promoted_builds/conditions/ManualCondition/index.jelly @@ -4,7 +4,7 @@ - +