diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 00000000..3a626c3a --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: github-actions + directory: / + schedule: + interval: monthly diff --git a/.github/workflows/cd.yaml b/.github/workflows/cd.yaml new file mode 100644 index 00000000..9b134d5c --- /dev/null +++ b/.github/workflows/cd.yaml @@ -0,0 +1,54 @@ +# Note: additional setup is required, see https://www.jenkins.io/redirect/continuous-delivery-of-plugins +# +# Please find additional hints for individual trigger use case +# configuration options inline this script below. +# +--- +name: cd +on: + workflow_dispatch: + inputs: + validate_only: + required: false + type: boolean + description: | + Run validation with release drafter only + → Skip the release job + # Note: Change this default to true, + # if the checkbox should be checked by default. + default: false + # If you don't want any automatic trigger in general, then + # the following check_run trigger lines should all be commented. + # Note: Consider the use case #2 config for 'validate_only' below + # as an alternative option! + check_run: + types: + - completed + +permissions: + checks: read + contents: write + +jobs: + maven-cd: + uses: jenkins-infra/github-reusable-workflows/.github/workflows/maven-cd.yml@v1 + with: + # Comment / uncomment the validate_only config appropriate to your preference: + # + # Use case #1 (automatic release): + # - Let any successful Jenkins build trigger another release, + # if there are merged pull requests of interest + # - Perform a validation only run with drafting a release note, + # if manually triggered AND inputs.validate_only has been checked. + # + validate_only: ${{ inputs.validate_only == true }} + # + # Alternative use case #2 (no automatic release): + # - Same as use case #1 - but: + # - Let any check_run trigger a validate_only run. + # => enforce the release job to be skipped. + # + #validate_only: ${{ inputs.validate_only == true || github.event_name == 'check_run' }} + secrets: + MAVEN_USERNAME: ${{ secrets.MAVEN_USERNAME }} + MAVEN_TOKEN: ${{ secrets.MAVEN_TOKEN }} diff --git a/.github/workflows/jenkins-security-scan.yml b/.github/workflows/jenkins-security-scan.yml new file mode 100644 index 00000000..c7b41fc2 --- /dev/null +++ b/.github/workflows/jenkins-security-scan.yml @@ -0,0 +1,21 @@ +name: Jenkins Security Scan + +on: + push: + branches: + - master + pull_request: + types: [ opened, synchronize, reopened ] + workflow_dispatch: + +permissions: + security-events: write + contents: read + actions: read + +jobs: + security-scan: + uses: jenkins-infra/jenkins-security-scan/.github/workflows/jenkins-security-scan.yaml@v2 + with: + java-cache: 'maven' # Optionally enable use of a build dependency cache. Specify 'maven' or 'gradle' as appropriate. + # java-version: 21 # Optionally specify what version of Java to set up for the build, or remove to use a recent default. diff --git a/.gitignore b/.gitignore index 11dcc1a7..f5c95b0f 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,7 @@ work/ .settings/ # Coverity /cov-int + +#IDEA +ownership.iml +.idea/ diff --git a/.mvn/extensions.xml b/.mvn/extensions.xml new file mode 100644 index 00000000..c2350859 --- /dev/null +++ b/.mvn/extensions.xml @@ -0,0 +1,8 @@ + + + + io.jenkins.tools.incrementals + incrementals-maven-plugin + 1.13 + + diff --git a/.mvn/maven.config b/.mvn/maven.config new file mode 100644 index 00000000..f7daf60d --- /dev/null +++ b/.mvn/maven.config @@ -0,0 +1,3 @@ +-Pconsume-incrementals +-Pmight-produce-incrementals +-Dchangelist.format=%d.v%s diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 00000000..37d9fa55 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,276 @@ +Changelog +----- + +| WARNING: Changelogs have been moved to [GitHub Releases](https://github.com/jenkinsci/ownership/releases) | +| --- | + +### New releases + +See [GitHub Releases](https://github.com/jenkinsci/ownership/releases). + +### 0.12.1 + +Release date: Apr 30, 2018 + +* [JENKINS-49744](https://issues.jenkins-ci.org/browse/JENKINS-49744) - +Users with `Manage Ownership` permissions were unable to change Foler ownership from CLI/REST API without `Jenkins/Administer` persiossion. +* [JENKINS-50807](https://issues.jenkins-ci.org/browse/JENKINS-50807) - +Add missing implementations for [OwnershipHelperLocator](https://jenkins.io/doc/developer/extensions/ownership/#ownershiphelperlocator) +extension point. +Now the API can be used to retrieve ownership info for any object. + +### 0.12.0 + +Release date: Feb 26, 2018 + +* [SECURITY-498](https://jenkins.io/security/advisory/2018-02-26/#SECURITY-498) - +Users with _Item/Configure_ and _Computer/Configure_ permissions were able to change ownership from CLI or REST API without the _Manage Ownership_ permissions. + +Compatibility notes: + +* External configuration management logic may fail if the client user has no _Overall/Administer_ or _Manage Ownership_ permission. +* Folder ownership modifications from REST/CLI will fail for users who have no _Overall/Administer_ perission. +Re-enabling functionality for users with _Manage Ownership_ permission is tracked as [JENKINS-49744](https://issues.jenkins-ci.org/browse/JENKINS-49744). + +### 0.11.0 + +Release date: Jan 14, 2018 + +* [JENKINS-20832](https://issues.jenkins-ci.org/browse/JENKINS-20832) - +Use case sensitivity strategies from security realms when comparing user IDs. +* [JENKINS-48707](https://issues.jenkins-ci.org/browse/JENKINS-48707) - +Speedup user fetching operations in the plugin. +* [PR #65](https://github.com/jenkinsci/ownership-plugin/pull/65) - +Add Russian localization to UI components. + +### 0.10.0 + +Release date: May 07, 2017 + +Improvements: + +* [PR #56](https://github.com/jenkinsci/ownership-plugin/pull/56) - +Add new Preserve Ownership Item Policy. +It allows retaining ownership in plugins like JobDSL. +* [PR #58](https://github.com/jenkinsci/ownership-plugin/pull/58) - +Add permissions report for items being owned by the specified user. Powered by the [Security Inspector Plugin](https://plugins.jenkins.io/security-inspector). +* [PR #57](https://github.com/jenkinsci/ownership-plugin/pull/57), +[PR #60](https://github.com/jenkinsci/ownership-plugin/pull/60) - +Extend plugin documentation and move it to GitHub. +* Update Jenkins core minimal version requirement to `1.651.3`. + + +Fixed issues: + +* [JENKINS-42908](https://issues.jenkins-ci.org/browse/JENKINS-42908) - +When contributing ownership environment variables, check jobs by the generic `BuildableItemWithBuildWrappers` interface. + + +### 0.9.1 + +Release date: Jan 08, 2017 + +Fixed issues: + +* [JENKINS-38353](https://issues.jenkins-ci.org/browse/JENKINS-38353) - +Fix handling of Multi-branch Pipeline and other computed folders in the ownership management logic. +* [JENKINS-38513](https://issues.jenkins-ci.org/browse/JENKINS-38513) - +Prevent `ClassNotFoundException` in `FolderItemListener` when Folders plugin is not installed or disabled. + +### 0.9.0 + +Release date: Sep 17, 2016 + +Improvements: + +* [JENKINS-28881](https://issues.jenkins-ci.org/browse/JENKINS-28881) - +Integration with Folders Plugin. + * Ownership info can be defined for folders + * Ownership info can be inherited by jobs and folders from upper folder levels + * All Ownership-Based security features got integration with folders +* [JENKINS-32353](https://issues.jenkins-ci.org/browse/JENKINS-32353) - +Integration with Pipeline Plugin (see [this page](doc/PipelineIntegration.md) for more info). + * Ownership can be now configured for Jenkins Pipeline + * `ownership` global variable, which provides information about job and node ownership within Pipeline runs +* [JENKINS-28258](https://issues.jenkins-ci.org/browse/JENKINS-28258) - +Add support of non-AbstractProject job types in the [Authorize Project](https://plugins.jenkins.io/authorize-project) extension. +* [JENKINS-36946](https://issues.jenkins-ci.org/browse/JENKINS-36946) - +Ownership summary boxes: Add hint for disabling empty ownership summaries. +* [PR #46](https://github.com/jenkinsci/ownership-plugin/pull/46) - +Update to the new plugin parent POM 2.x. +* [PR #47](https://github.com/jenkinsci/ownership-plugin/pull/47) - +No more "Slave Ownership" in the UI, "Node ownership" is a correct term. + +Fixed issues: + +* [PR #46](https://github.com/jenkinsci/ownership-plugin/pull/46) - +Cleanup of issues reported by FindBugs. +* [JENKINS-37405](https://issues.jenkins-ci.org/browse/JENKINS-37405) - +Ownership job filter now supports all item types with ownership info. +* [JENKINS-38236](https://issues.jenkins-ci.org/browse/JENKINS-38236) - +Prevent `NullPointerException` in Item Listeners if the policy form submission provides `null` policy. + +### 0.8 + +Release date: Oct 27, 2015 + +Improvements: + +* [JENKINS-28714](https://issues.jenkins-ci.org/browse/JENKINS-28714) - +Add option to hide ownership summary boxes for Runs. +* [JENKINS-28712](https://issues.jenkins-ci.org/browse/JENKINS-28712) - +Add option to hide ownership summary boxes if owners are not assigned. +* [JENKINS-30254](https://issues.jenkins-ci.org/browse/JENKINS-30254) - +Allow hiding user e-mails in summary boxes. +* Better help text in ownership summary boxes for items with unassigned Ownership + +Fixed issues: + +* [JENKINS-30818](https://issues.jenkins-ci.org/browse/JENKINS-30818) - +Prevent `NullPointerException` in `JobOwnerJobProperty::toString()` if ownership is not configured. + +### 0.7 + +Release date: Jun 03, 2015 + +Improvements: + +* [JENKINS-26768](https://issues.jenkins-ci.org/browse/JENKINS-26768) - +Contact Owners and Contact Admins links can be disabled. +* [PR #35](https://github.com/jenkinsci/ownership-plugin/pull/35) - +Remove unnecessary `//` from the `mailto:` hyperlink. + +Fixed issues: + +* [JENKINS-28713](https://issues.jenkins-ci.org/browse/JENKINS-28713) - +Improper permission checks in several API methods. +* [JENKINS-27715](https://issues.jenkins-ci.org/browse/JENKINS-27715) - +Properly inject owner user IDs into `JOB_COOWNERS` and `NODE_COOWNERS` environment variables. + +### 0.6 + +Release date: Jan 18, 2015 + +* [JENKINS-28713](https://issues.jenkins-ci.org/browse/JENKINS-26283) - + Add "Contact item owners" and "Contact service owners" links to ownership summary boxes. + * Links automatically generate a e-mail stub with configurable subject and body templates + * Owners and co-owners are being automatically added to recipients +* [JENKINS-23947](https://issues.jenkins-ci.org/browse/JENKINS-23947) - +Jenkins admins can enable the global injection of ownership variables. +* [JENKINS-26320](https://issues.jenkins-ci.org/browse/JENKINS-26320) - +Display ownership info for builds. +* [PR #28](https://github.com/jenkinsci/ownership-plugin/pull/28) - +Avoid confusing node property shown on config screen. + +Fixed issues: + +* [JENKINS-23926](https://issues.jenkins-ci.org/browse/JENKINS-23926) - +Inject ownership variables even if the build fails before build steps execution. +* [JENKINS-19433](https://issues.jenkins-ci.org/browse/JENKINS-19433) - +Update Mailer plugin dependency to mailer-0.9 to support user properties. + +### 0.5.1 + +Release date: Sep 30, 2014 + +Fixed issues: + +* [JENKINS-24475](https://issues.jenkins-ci.org/browse/JENKINS-24475) - +Managing ownership fails in Jenkins 1.565.1+. +* [JENKINS-24921](https://issues.jenkins-ci.org/browse/JENKINS-24921) - +Remove the obsolete `Assign ownership on create` configuration entry. +* [JENKINS-23657](https://issues.jenkins-ci.org/browse/JENKINS-23657) - +Use transparent PNG icons instead of GIFs. + +### 0.5 + +Release date: Sep 09, 2014 + +Improvements: + +* [JENKINS-21904](https://issues.jenkins-ci.org/browse/JENKINS-21904) - +Add new Ownership policy extension point: different ownership assignment behaviors can be specified. +* [JENKINS-21838](https://issues.jenkins-ci.org/browse/JENKINS-21838) - +Add Ownership authorization strategy for the Authorize Project plugin. +* Improve Ownership summary box layouts. + +Fixed issues: + +* [JENKINS-24370](https://issues.jenkins-ci.org/browse/JENKINS-24370) - +Fixed the issue with redirects to absolute URLs after the ownership modification. + + +### 0.4 + +Release date: Jan 18, 2014 + +Improvements: + +* [JENKINS-18977](https://issues.jenkins-ci.org/browse/JENKINS-18977) - +Display node ownership info in the Computer list. +* [JENKINS-21358](https://issues.jenkins-ci.org/browse/JENKINS-21358) - +Show Job ownership actions in the side panel instead of the Jenkins default panel. +* [JENKINS-20908](https://issues.jenkins-ci.org/browse/JENKINS-20908) - +Remove custom fast mail resolution handlers. Now the plugin uses native handlers from Mailer Plugin 1.6+. + +Fixed issues: + +* [JENKINS-20488](https://issues.jenkins-ci.org/browse/JENKINS-20488) - +Prevent possible issue during the concurrent nodes renaming and modification. + +### 0.3.1 + +Release date: Oct 25, 2013 + +Fixed issues: + +* [JENKINS-28713](https://issues.jenkins-ci.org/browse/JENKINS-28713), +[JENKINS-20213](https://issues.jenkins-ci.org/browse/JENKINS-20213), +[JENKINS-20181](https://issues.jenkins-ci.org/browse/JENKINS-20181) - +Fix handling of Multi-configuration (Matrix) jobs. +* [JENKINS-19993](https://issues.jenkins-ci.org/browse/JENKINS-19993) - +Fix propagation of default item-specific permissions to jobs after the reconfiguration. + +### 0.3 + +Release date: Sep 08, 2013 + +Improvements: + +* Allow restricting execution of jobs on agents according to ownership configuration (Extension for Job Restrictions Plugin) +* Support of item-specific access rights for jobs (Extension for Role Strategy Plugin) + * `@ItemSpecific` macro - Check the SID against entries from the item-specific security + * `@ItemSpecificWithUserId` macro - if SID is "authenticated", checks current user's ID +* Support of Token Macros (`${OWNERSHIP,var=varname}`) + +### 0.2.1 + +Release date: Aug 08, 2013 + +Fixed issues: + +* Hotfix: Added support of the fast e-mail resolver to fix the UI performance issue. +(copy of default resolver from Mailer 1.5) + +### 0.2 + +Release date: Aug 02, 2013 + +Enhancements: + +* Integration with Role Strategy Plugin via macros. +* Added a build wrapper, which exposes ownership variables to environment. +* Added support of co-owners. +* Replaced built-in e-mail suffix resolver by configurable selector of `MailAddressResolver` extension. +* Ownership management has been migrated to a separate `Manage Ownership` page. + +Known compatibility issues: + +:exclamation: +Update from `0.1` to `0.2` corrupts plugin's data structure (issue #19078). You will need to manually cleanup data in the ownership.xml after the update. + +### 0.1 + +Release date: Jul 12, 2013 + +* Initial release: ownership management and visualization diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md new file mode 100644 index 00000000..fdc46fac --- /dev/null +++ b/CONTRIBUTING.md @@ -0,0 +1,7 @@ +Contributing +==== + +If you want to propose a change, just create a pull request to the main repository within the `jenkinsci` organization. +Bugs and feature requests can be reported to the [Jenkins issue tracker](https://issues.jenkins-ci.org/secure/Dashboard.jspa) with the `ownership-plugin` component ID. + +Jenkins contribution guidelines and developer resources are aggregated [here](https://jenkins.io/participate/). diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 00000000..8e666b01 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,6 @@ +buildPlugin( + useContainerAgent: true, // Set to `false` if you need to use Docker for containerized tests + configurations: [ + [platform: 'linux', jdk: 21], + [platform: 'windows', jdk: 17], +]) diff --git a/LICENSE b/LICENSE index 32977329..181da981 100644 --- a/LICENSE +++ b/LICENSE @@ -1,6 +1,6 @@ The MIT License -Copyright (c) 2013 Oleg Nenashev , Synopsys Inc. +Copyright (c) 2013-2017 Oleg Nenashev, Synopsys Inc. and Jenkins contributors Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal diff --git a/README.md b/README.md index 0cb376d9..8269dcc3 100644 --- a/README.md +++ b/README.md @@ -1,18 +1,60 @@ -Ownership Plugin +Ownership Plugin for Jenkins ================ -[Jenkins CI][3] plugin. Provides explicit ownership of jobs and slaves. -See [Ownership Plugin][4] wiki page for more info. +[![Join the chat at https://gitter.im/jenkinsci/ownership-plugin](https://badges.gitter.im/jenkinsci/ownership-plugin.svg)](https://gitter.im/jenkinsci/ownership-plugin?utm_source=badge&utm_medium=badge&utm_campaign=pr-badge&utm_content=badge) +[![Jenkins Plugin](https://img.shields.io/jenkins/plugin/v/ownership.svg)](https://plugins.jenkins.io/ownership) +[![GitHub release](https://img.shields.io/github/release/jenkinsci/ownership-plugin.svg?label=changelog)](https://github.com/jenkinsci/ownership-plugin/releases/latest) +[![Jenkins Plugin Installs](https://img.shields.io/jenkins/plugin/i/ownership.svg?color=blue)](https://plugins.jenkins.io/ownership) -Contributors --------- -1. [Oleg Nenashev][2] (maintainer), Synopsys Inc., www.synopsys.com +This plugin provides an ownership engine for [Jenkins](https://jenkins.io/) automation server. -License --------- -[MIT License][1] +# Supported features -[1]: http://www.opensource.org/licenses/mit-license.php -[2]: https://github.com/oleg-nenashev -[3]: https://jenkins-ci.org/ -[4]: https://wiki.jenkins-ci.org/display/JENKINS/Ownership+Plugin +* Ownership management for jobs, folders, runs and nodes (Summary boxes, ListView columns, etc.) +* Injection of ownership variables into the build environment +* Easy MailTo links for "Contact owners" and "Contact admins" with pre-formatted messages +* [Ownership-Based Security](doc/OwnershipBasedSecurity.md) (Role Strategy, Job Restrictions, Authorize Project, etc.) +* Integration with Jenkins Pipeline +* Ownership Filter for List Views + +# Documentation + +* [Configuration](doc/Configuration.md) +* [Ownership-Based Security](doc/OwnershipBasedSecurity.md) +* [AbstractProject Integration](doc/AbstractProjectSupport.md) +* [Pipeline Integration](doc/PipelineIntegration.md) +* [Contributing](CONTRIBUTING.md) +* [Changelog](CHANGELOG.md) + +# Examples + +Below you can find several Ownership Plugin UI examples. + +Ownership Info Summary box: + +![Ownership Summary box](doc/images/summaryBox.png) + +Ownership Column: + +![Ownership Column](doc/images/ownerColumn.png) + +# Plugin Integrations + +Ownership Plugin provides integration with multiple Jenkins plugins: + +* Role Strategy - see [Ownership-Based Security](doc/OwnershipBasedSecurity.md) +* Job Restrictions - see [Ownership-Based Security](doc/OwnershipBasedSecurity.md) +* Authorize Project - see [Ownership-Based Security](doc/OwnershipBasedSecurity.md) +* Token Macro - see [AbstractProject Integration](doc/AbstractProjectSupport.md) +* Pipeline - see [Pipeline Integration](doc/PipelineIntegration.md) + +The plugin also contributes extension points, which can be used by other plugins. + +# License + +[MIT License](http://www.opensource.org/licenses/mit-license.php) + +# Changelog + +See [GitHub releases](https://github.com/jenkinsci/ownership-plugin/releases) for recent releases. +Changelog for 0.12.1 and older versions is available [here](CHANGELOG.md). diff --git a/doc/AbstractProjectSupport.md b/doc/AbstractProjectSupport.md new file mode 100644 index 00000000..89224e2f --- /dev/null +++ b/doc/AbstractProjectSupport.md @@ -0,0 +1,35 @@ +Integration with AbstractProject job types +=== + +`AbstractProject` is one of the most widely used abstraction layers of Jenkins. +Most of the common job types implement it (Freestyle, Matrix, JobDSL, etc.). + +### Environment variables + +Ownership plugin may contribute Build Environment variables, +which can be used in custom logic. +These variables are available from all build steps, including SCM checkout. + +Job-specific settings can be configured in the `Build Environment` section of the job configuration. +In [Global Ownership Settings](Configuration.md) it is possible to enable injection of the ownership variables by default. + +On the screenshot below you can find the list of injected environment variables: + +![Ownership Build Wrapper](images/abstractProject/buildWrapper.png) + +Usage example: + +![Example. Build Step](images/abstractProject/example_buildStep.png) + +### Token macro + +Particular Jenkins plugins (e.g. Copy Artifact) use [Token Macro](https://plugins.jenkins.io/token-macro) expressions instead of environment variables. +Though all ownership environment variables are accessible through the `${ENV}` macro, there is also a specialized `${OWNERSHIP}` macro. + +Usage: `${OWNERSHIP,var="TODO:varname"}`. +Possible `varname` values and behavior are similar to the Build Environment variables described above. + +Usage example: + +![Example. Build Step](images/abstractProject/example_tokenMacro.png) + diff --git a/doc/Configuration.md b/doc/Configuration.md new file mode 100644 index 00000000..ef9d8484 --- /dev/null +++ b/doc/Configuration.md @@ -0,0 +1,60 @@ +Ownership Plugin Configuration +===== + +Ownership plugin can be flexibly configured via global settings. +These settings can be found in _`Manage Jenkins`/ `Configure` / `Ownership section`_. + +## Top-level settings + +This section defines global settings for the plugin. +The + +![Top-level settings](images/configuration/topLevel.png) + +Available settings: + +* `Require Configure rights` - allows to restrict owner assignment options by the `Item.CONFIGURE` permission. +If [Ownership-Based Security](OwnershipBasedSecurity.md) is enabled, this control should be unchecked. +* `Service Owners e-mail` - Email of the service owners. +It will be used for generation of _Contact service owners_ control in the Ownership Summary Box. +* `Ownership Management policy` - This option can be used to automatically set up ownership for newly created and copied items. + * By default, the ownership won't be set up + * `Assign job creators as owners` automatically assigns owners (useful for Ownership-Based security) +* `Globally Inject ownership variables` - If enabled, +ownership variables will be automatically injected to all classic job types (Freestyle, Matrix, etc.). +For Jenkins Pipeline the [`ownership` global variable](PipelineIntegration.md) will be always enabled independently of this setting. +* `Use a specific e-mail address resolver` - If enabled, +the plugin will be using only a limited set of email resolvers to determine the user email. + * The option may be used to optimize the resolution when plugins with heavy email resolvers are installed (e.g. Subversion or Perforce plugins). + * `Fast UI resolver` uses built-in routines of the [Mailer plugin](https://plugins.jenkins.io/mailer) => user e-mails will be resolved by user properties and e-mail suffixes +* `Setup default permissions for item-specific security` - If enabled, + [Ownership-Based Security](OwnershipBasedSecurity.md) will have a custom default settings when the job owner specifies or resets _Item-specific security_ . + +## Advanced e-mail options + +This section manages the generation of `mailto:/` hyperlinks in Ownership summary boxes. + +You can do the following: +* Enable/Disable visualization of the hyperlinks +* Specify the email subject and body templates using the `${VALUE}` macros. +Full list of available macros is specified in the built-in documentation. +* Change the default email recipient separator + +![Email Options](images/configuration/emailOptions.png) + +Below you can find a sample email generated by the plugin: + +![Email Options](images/generatedEmailTemplate.png) + +## Ownership Display options + +This section allows to hide Ownership summary boxes in particular cases. +Some additional visualization settings are also available in previous sections (e.g. `Advanced e-mail options` allows hiding email links). + +![Display options](images/configuration/displayOptions.png) + +## Ownership Inheritance options + +This section contains settings, which allow optimizing ownership inheritance to get a better performance on large-scale instances. + +![Inheritance options](images/configuration/inheritanceOptions.png) \ No newline at end of file diff --git a/doc/OwnershipBasedSecurity.md b/doc/OwnershipBasedSecurity.md new file mode 100644 index 00000000..af9b457e --- /dev/null +++ b/doc/OwnershipBasedSecurity.md @@ -0,0 +1,93 @@ +Ownership-Based Security +==== + +Ownership plugin is heavily focused on the security aspects of Jenkins. +For such purpose the plugin is integrated with many security-related plugins, +which effectively create an "Ownership-based" security ecosystem in Jenkins. + +This page describes the available integrations with the following plugins: + +* [Role-Based Authorization Strategy](https://plugins.jenkins.io/role-strategy) +* [Job Restrictions](https://plugins.jenkins.io/job-restrictions) +* [Authorize Project](https://plugins.jenkins.io/authorize-project) + +## Role-Based strategy integration + +Although it does not offer a special Authorization Strategy, +it offers a deep integration with the [Role-Strategy Plugin](https://wiki.jenkins-ci.org/display/JENKINS/Role+Strategy+Plugin) via the macro engine. + +This macro engine greatly reduces the complexity of the configuration and also greatly improves its performance by avoiding massive regular expression checks for multiple roles. + +The documentation below provides details regarding the configuration approach. + +### Global Roles + +In global roles for almost any instance you have to define the roles for Jenkins administrators and other authenticated users. + +Performance notes: Having a globally enabled role for a user greatly improves Role Strategy performance, + so it is recommended to do so unless there are any security implications on your instance. +On the screenshot below the `authenticated` role has no read access to jobs (`Job.Read`). + +![Role Strategy. Global Roles](images/ownershipBasedSecurity/roleStrategy_globalRoles.png) + +### Item and Node roles + +The most of the security management goes through the Item and Role nodes. +There are `@CurrentUserIsOwner` and `CurrentUserIsPrimaryOwner` macros, which are defined in the Role name. + +The example below provides a sample configuration, where primary owners have a full access to the job. +Secondary owners are being managed by the `@CurrentUserIsOwner` macro, and they get less permissions. +Note that the primary owners are eligible to assign secondary owners and transfer ownership on their own, hence there is no need in involving Jenkins admins for such local changes. + +![Role Strategy. Item and Node roles](images/ownershipBasedSecurity/roleStrategy_itemNodeRoles.png) + +In the case of advanced setups you can create multiple role macros with different patterns by using an ID parameter, e.g. `@CurrentUserIsOwner(1)` and then `CurrentUserIsOwner(2)` with different regular expressions. + +### Role Assignments + +For Ownership-Based Strategy Role Assignments just contain mapping of `admin` and `authenticated roles`. +In order to specify all time- and node- specific permissions, + in this setup you just need to specify a single role assignment. + +![Role Strategy. Role Assignments](images/ownershipBasedSecurity/roleStrategy_roleAssignments.png) + +### Item-Specific Permissions + +:exclamation: This is an advanced feature, which allows going beyond two roles. +Use with caution. + +Item-specific permissions can be configured in the `Manage Ownership` action for jobs. +These permissions may be granted by job owners to particular users (Similar to [Matrix Authorization Strategy](https://plugins.jenkins.io/matrix-auth)). + +In order to enable this functionality, use the `@ItemSpecificWithUserID` in item Role definitions. + +## Job Restrictions + +### Restricting executions on agents + +![External Workspace Definitions](images/ownershipBasedSecurity/jobrestrictions_commonNode.png) + +### Restricting execution on the master + +It is a common use-case to restrict job runs on the master for security reasons. Script build steps in on-master builds may get access to Jenkins system files with the Jenkins user account, hence there is a risk of data corruption in the case of erroneous or malicious scripts. +On the other hand, it may be a valid case for the backend jobs being owned by admins. + +:exclamation: The example below restricts all executions. +Particular job types (e.g. Pipeline) may require executions of particular tasks on the master. +For this purpose you can use Class Restrictions in the plugin. + +![Job Restrictions on the master](images/ownershipBasedSecurity/jobrestrictions_masterNode.png) + +## Authorize Project Plugin + +[Authorize Project Plugin](TODO) allows managing authentication for running builds. +It is pretty important from the Ownership-Based Security strategy point of view, because it allows preventing +interaction with jobs if the owner has no access to the job. + +For this purpose Ownership plugin offers the `Run as Job Owner` Authorize strategy, which can be enabled +globally or for a particular job. + +:exclamation: Please note that not all plugins are properly integrated with the `QueueItemAuthenticator` extension point, +which is being used in Authorize Project. + +![Run as Job Owner Strategy](images/ownershipBasedSecurity/authorizeProject_globalConfig.png) diff --git a/doc/PipelineIntegration.md b/doc/PipelineIntegration.md new file mode 100644 index 00000000..558d9e03 --- /dev/null +++ b/doc/PipelineIntegration.md @@ -0,0 +1,69 @@ +Pipeline Integration +==== + +Ownership plugin is integrated with [Jenkins Pipeline](https://jenkins.io/doc/book/pipeline/). + +The following features are available: + +* Ownership Management in both Pipeline and Multi-branch Pipeline jobs. +* Inheritance of ownership info from folders by Pipeline and Multi-branch Pipeline jobs. +* Access to the ownership information via the `ownership` global variable. + +## Managing Ownership in Pipeline jobs + +Ownership management in Pipeline is similar to other job types. +All operations can be done in the `Manage Ownership` action if the user has appropriate permissions. + +In Multi-Branch Pipeline it is possible to manage ownership only on the top level. +Fine-grain ownership management for branches is not supported. + +## Ownership Global variable + +If the Plugin is install, the `ownership` global variable will be available in all jobs. +The `ownership` variable contains `job` and `node` fields, which represent the required info. +Both fields are **read-only**, it is not possible to modify the Ownership info from Pipeline. + +The `node` variable is available only within the `node()` block scope. +If it is called outside this block, the behavior is undefined. + +### Examples + + + +The example below demonstrates usage of the `ownership`global variable + +```groovy +stage 'Print Job Ownership Info'; +def primaryOwnerEmail = ownership.job.primaryOwnerEmail +if (ownership.job.ownershipEnabled) { + println "Primary owner ID: ${ownership.job.primaryOwnerId}" + println "Primary owner e-mail: ${primaryOwnerEmail}" + println "Secondary owner IDs: ${ownership.job.secondaryOwnerIds}" + println "Secondary owner e-mails: ${ownership.job.secondaryOwnerEmails}" +} else { + println "Ownership is disabled"; +} + +stage 'Send e-mail to the job owner' +mail to: primaryOwnerEmail, + subject: "Job '${env.JOB_NAME}' (${env.BUILD_NUMBER}) is waiting for input", + body: "Please go to ${env.BUILD_URL} and verify the build" + +``` + +This example demonstrates usage of the Node ownership info: + +```groovy +stage 'Print Node Ownership Info' +node('requiredLabel') { + echo "Current NODE_NAME = ${env.NODE_NAME}"; + if (ownership.node.ownershipEnabled) { + println "Owner ID: ${ownership.node.primaryOwnerId}" + println "Owner e-mail: ${ownership.node.primaryOwnerEmail}" + println "Co-owner IDs: ${ownership.node.secondaryOwnerIds}" + println "Co-owner e-mails: ${ownership.node.secondaryOwnerEmails}" + } else { + println "Ownership of ${env.NODE_NAME} is disabled"; + } +} +``` \ No newline at end of file diff --git a/doc/images/abstractProject/buildWrapper.png b/doc/images/abstractProject/buildWrapper.png new file mode 100644 index 00000000..a204c426 Binary files /dev/null and b/doc/images/abstractProject/buildWrapper.png differ diff --git a/doc/images/abstractProject/example_buildStep.png b/doc/images/abstractProject/example_buildStep.png new file mode 100644 index 00000000..ad668d30 Binary files /dev/null and b/doc/images/abstractProject/example_buildStep.png differ diff --git a/doc/images/abstractProject/example_tokenMacro.png b/doc/images/abstractProject/example_tokenMacro.png new file mode 100644 index 00000000..9546915a Binary files /dev/null and b/doc/images/abstractProject/example_tokenMacro.png differ diff --git a/doc/images/configuration/displayOptions.png b/doc/images/configuration/displayOptions.png new file mode 100644 index 00000000..048c95ff Binary files /dev/null and b/doc/images/configuration/displayOptions.png differ diff --git a/doc/images/configuration/emailOptions.png b/doc/images/configuration/emailOptions.png new file mode 100644 index 00000000..e92fc0d2 Binary files /dev/null and b/doc/images/configuration/emailOptions.png differ diff --git a/doc/images/configuration/inheritanceOptions.png b/doc/images/configuration/inheritanceOptions.png new file mode 100644 index 00000000..e88d7a8e Binary files /dev/null and b/doc/images/configuration/inheritanceOptions.png differ diff --git a/doc/images/configuration/topLevel.png b/doc/images/configuration/topLevel.png new file mode 100644 index 00000000..35c0d067 Binary files /dev/null and b/doc/images/configuration/topLevel.png differ diff --git a/doc/images/generatedEmailTemplate.png b/doc/images/generatedEmailTemplate.png new file mode 100644 index 00000000..7987fc77 Binary files /dev/null and b/doc/images/generatedEmailTemplate.png differ diff --git a/doc/images/ownerColumn.png b/doc/images/ownerColumn.png new file mode 100644 index 00000000..e2f5f6f5 Binary files /dev/null and b/doc/images/ownerColumn.png differ diff --git a/doc/images/ownershipBasedSecurity/authorizeProject_globalConfig.png b/doc/images/ownershipBasedSecurity/authorizeProject_globalConfig.png new file mode 100644 index 00000000..95095c26 Binary files /dev/null and b/doc/images/ownershipBasedSecurity/authorizeProject_globalConfig.png differ diff --git a/doc/images/ownershipBasedSecurity/jobrestrictions_commonNode.png b/doc/images/ownershipBasedSecurity/jobrestrictions_commonNode.png new file mode 100644 index 00000000..fbc3578d Binary files /dev/null and b/doc/images/ownershipBasedSecurity/jobrestrictions_commonNode.png differ diff --git a/doc/images/ownershipBasedSecurity/jobrestrictions_masterNode.png b/doc/images/ownershipBasedSecurity/jobrestrictions_masterNode.png new file mode 100644 index 00000000..4cc0e649 Binary files /dev/null and b/doc/images/ownershipBasedSecurity/jobrestrictions_masterNode.png differ diff --git a/doc/images/ownershipBasedSecurity/roleStrategy_globalRoles.png b/doc/images/ownershipBasedSecurity/roleStrategy_globalRoles.png new file mode 100644 index 00000000..378dfe5a Binary files /dev/null and b/doc/images/ownershipBasedSecurity/roleStrategy_globalRoles.png differ diff --git a/doc/images/ownershipBasedSecurity/roleStrategy_itemNodeRoles.png b/doc/images/ownershipBasedSecurity/roleStrategy_itemNodeRoles.png new file mode 100644 index 00000000..337c224c Binary files /dev/null and b/doc/images/ownershipBasedSecurity/roleStrategy_itemNodeRoles.png differ diff --git a/doc/images/ownershipBasedSecurity/roleStrategy_roleAssignments.png b/doc/images/ownershipBasedSecurity/roleStrategy_roleAssignments.png new file mode 100644 index 00000000..87333008 Binary files /dev/null and b/doc/images/ownershipBasedSecurity/roleStrategy_roleAssignments.png differ diff --git a/doc/images/summaryBox.png b/doc/images/summaryBox.png new file mode 100644 index 00000000..7731e69b Binary files /dev/null and b/doc/images/summaryBox.png differ diff --git a/pom.xml b/pom.xml index 2fd00394..0f76c6fb 100644 --- a/pom.xml +++ b/pom.xml @@ -1,141 +1,215 @@ - - 4.0.0 - - org.jenkins-ci.plugins - plugin - 1.509.3 - - - com.synopsys.jenkinsci - ownership - 0.6-SNAPSHOT - Job and Slave ownership plugin - hpi - Provides explicit ownership of jobs and slaves - https://wiki.jenkins-ci.org/display/JENKINS/Ownership+Plugin - - - - MIT License - http://www.opensource.org/licenses/mit-license.php - repo - - - - - UTF-8 - - - - - oleg_nenashev - Oleg Nenashev - nenashev@synopsys.com; o.v.nenashev@gmail.com - http://www.synopsys.com - Synopsys Inc. - - maintainer - - +4 - - - - - scm:git:ssh://github.com/jenkinsci/${project.artifactId}-plugin.git - scm:git:ssh://git@github.com/jenkinsci/${project.artifactId}-plugin.git - https://github.com/jenkinsci/${project.artifactId}-plugin - HEAD - - - - - repo.jenkins-ci.org - http://repo.jenkins-ci.org/public/ - - - - - - repo.jenkins-ci.org - http://repo.jenkins-ci.org/public/ - - - - - - org.jenkins-ci.plugins - role-strategy - 2.1.0 - true - - - org.jenkins-ci.plugins - token-macro - 1.6 - true - jar - - - com.synopsys.arc.jenkinsci.plugins - job-restrictions - 0.1 - true - - - org.jenkins-ci.plugins - authorize-project - 1.0.2 - true - jar - - - org.jenkins-ci.plugins - mailer - 1.6 - jar - - - org.apache.httpcomponents - httpclient - 4.3.4 - jar - - - - - - - - maven-deploy-plugin - 2.8.1 - - - maven-release-plugin - 2.5 - - - - - - - - m2e - - - m2e.version - - - - - - maven-compiler-plugin - - 1.6 - 1.6 - - - - - - - + + 4.0.0 + + + org.jenkins-ci.plugins + plugin + 5.28 + + + + com.synopsys.jenkinsci + ownership + ${changelist} + Job and Node ownership plugin + hpi + Provides explicit ownership of jobs and nodes + https://github.com/jenkinsci/ownership-plugin + + + 999999-SNAPSHOT + 2.479.3 + UTF-8 + + Max + + + + + MIT License + http://www.opensource.org/licenses/mit-license.php + repo + + + + + + + oleg_nenashev + Oleg Nenashev + o.v.nenashev@gmail.com + + maintainer + + + + + + scm:git:https://github.com/jenkinsci/${project.artifactId}-plugin.git + scm:git:git@github.com:jenkinsci/${project.artifactId}-plugin.git + https://github.com/jenkinsci/${project.artifactId}-plugin + HEAD + + + + + + io.jenkins.tools.bom + bom-2.479.x + 4228.v0a_71308d905b_ + pom + import + + + + + + + org.jenkins-ci.plugins + role-strategy + + true + + + org.jenkins-ci.plugins + token-macro + true + + + com.synopsys.arc.jenkinsci.plugins + job-restrictions + + true + + + org.jenkins-ci.plugins + script-security + true + + + org.jenkins-ci.plugins + cloudbees-folder + true + + + org.jenkins-ci.plugins + authorize-project + + true + + + org.jenkins-ci.plugins + security-inspector + 0.4 + true + + + org.kohsuke + access-modifier-suppressions + 1.34 + provided + + + + org.jenkins-ci.plugins + matrix-project + + + org.jenkins-ci.plugins + matrix-auth + + + org.jenkins-ci.plugins + mailer + + + org.jenkins-ci.plugins + apache-httpcomponents-client-4-api + + + org.jenkins-ci.plugins.workflow + workflow-cps + + + + + org.jenkins-ci.plugins.workflow + workflow-step-api + tests + test + + + org.jenkins-ci.plugins.workflow + workflow-job + test + + + org.jenkins-ci.plugins.workflow + workflow-basic-steps + test + + + org.jenkins-ci.plugins + credentials + test + + + + + + repo.jenkins-ci.org + https://repo.jenkins-ci.org/public/ + + + + + repo.jenkins-ci.org + https://repo.jenkins-ci.org/public/ + + + + + + + org.jacoco + jacoco-maven-plugin + 0.8.11 + + + prepare-agent + + prepare-agent + + + + report + verify + + report + + + + jacoco-check + + check + + + + + PACKAGE + + + LINE + COVEREDRATIO + 0.00 + + + + + + + + + + + diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/IOwnershipHelper.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/IOwnershipHelper.java index 40ca7fa1..702fe23c 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/IOwnershipHelper.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/IOwnershipHelper.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -36,7 +36,7 @@ * Adapter for typical ownership operations with different item types. * Every IOwnership item should provide ownership helper. * @param Type of object, for which ownership should be resolved - * @author Oleg Nenashev + * @author Oleg Nenashev * @since 0.0.2 * @see IOwnershipItem * @see JobOwnerHelper @@ -95,7 +95,7 @@ public interface IOwnershipHelper { public boolean isOwnerExists(@Nonnull TObjectType item); /** - * Get Display string of the owner (and coowners). + * Get Display string of the owner. * @param item Item to be described * @return User description string */ @@ -106,7 +106,7 @@ public interface IOwnershipHelper { * Gets ownership description of the requested item. * @param item Item to be described * @return Ownership description. The method returns a - * {@link OwnershipDescription.DISABLED} + * {@link OwnershipDescription#DISABLED_DESCR} * @since 0.0.3 */ @Nonnull diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/IOwnershipItem.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/IOwnershipItem.java index 6347261e..6d8736be 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/IOwnershipItem.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/IOwnershipItem.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -28,7 +28,7 @@ /** * Class provides basic methods for ownership handling. * @param Type of the described object - * @author Oleg Nenashev + * @author Oleg Nenashev * @since 0.0.3 */ public interface IOwnershipItem { @@ -48,7 +48,7 @@ public interface IOwnershipItem { /** * Gets ownership description. - * By default, returns {@link #OwnershipDescription.DISABLED_DESCR} + * By default, returns {@link OwnershipDescription#DISABLED_DESCR} * @return Ownership Description (not null) */ @Nonnull diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/ItemOwnershipAction.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/ItemOwnershipAction.java index e425ba56..47638435 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/ItemOwnershipAction.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/ItemOwnershipAction.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ /** * Abstract class for ownership actions, which describes item at the floating box. - * @author Oleg Nenashev + * @author Oleg Nenashev * @param A class, for which action is being created * @since 0.0.2 */ diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipAction.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipAction.java index caff65af..d9681855 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipAction.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipAction.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -28,7 +28,7 @@ /** * Provides Floating box with ownership description. - * @author Oleg Nenashev + * @author Oleg Nenashev * @see ItemOwnershipAction * @see NodeOwnershipAction */ diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipDescription.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipDescription.java index 5ad95a53..75001cbc 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipDescription.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipDescription.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -23,27 +23,49 @@ */ package com.synopsys.arc.jenkins.plugins.ownership; +import com.synopsys.arc.jenkins.plugins.ownership.util.AbstractOwnershipHelper; +import com.synopsys.arc.jenkins.plugins.ownership.util.IdStrategyComparator; +import com.synopsys.arc.jenkins.plugins.ownership.util.OwnershipDescriptionHelper; +import com.synopsys.arc.jenkins.plugins.ownership.nodes.OwnerNodeProperty; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import hudson.Util; import hudson.model.Descriptor; +import hudson.model.ModelObject; import hudson.model.User; +import hudson.security.ACL; +import hudson.security.AccessControlled; +import hudson.security.Permission; +import java.io.InvalidObjectException; +import java.io.ObjectStreamException; import java.io.Serializable; import java.util.Collection; -import java.util.HashSet; -import java.util.LinkedHashSet; +import java.util.Objects; import java.util.Set; import java.util.TreeSet; +import java.util.logging.Level; +import java.util.logging.Logger; import javax.annotation.CheckForNull; import javax.annotation.Nonnull; import javax.annotation.Nullable; +import jenkins.model.Jenkins; import net.sf.json.JSONObject; +import org.acegisecurity.AccessDeniedException; +import org.acegisecurity.Authentication; +import org.jenkinsci.plugins.ownership.model.OwnershipHelperLocator; +import org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.Whitelisted; +import org.kohsuke.stapler.Stapler; +import org.kohsuke.stapler.StaplerRequest; /** * Contains description of item's ownership. * This class is a main information entry for all ownership features. - * @author Oleg Nenashev + * @author Oleg Nenashev * @since 0.0.3 */ public class OwnershipDescription implements Serializable { + + private static final Logger LOGGER = Logger.getLogger(OwnershipDescription.class.getName()); + /** * Disabled description, which means that ownership is disabled */ @@ -52,6 +74,7 @@ public class OwnershipDescription implements Serializable { /** * Indicates if ownership is enabled */ + @Whitelisted boolean ownershipEnabled; /** @@ -60,17 +83,19 @@ public class OwnershipDescription implements Serializable { String primaryOwnerId; /** - * Sids of the co-Owners. + * Sids of the secondary owners (fka co-owners). * Sids can include users and groups. */ + @Whitelisted Set coownersIds; /** * Constructor. * @param ownershipEnabled indicates that the ownership is enabled * @param primaryOwnerId userId of primary owner - * @deprecated Use constructor with co-owners specification + * @deprecated Use constructor with secondary owners specification */ + @Deprecated public OwnershipDescription(boolean ownershipEnabled, @Nonnull String primaryOwnerId) { this(ownershipEnabled, primaryOwnerId, null); } @@ -80,12 +105,12 @@ public OwnershipDescription(boolean ownershipEnabled, @Nonnull String primaryOwn * Class is being used as DataBound in {@link OwnerNodeProperty}. * @param ownershipEnabled Indicates that the ownership is enabled. * @param primaryOwnerId userId of primary owner. Use null if there is no owner - * @param coownersIds userIds of secondary owners. Use null if there is no co-owners. + * @param secondaryOwnerIds userIds of secondary owners. Use {@code null} if there is no secondary owners. */ - public OwnershipDescription(boolean ownershipEnabled, @Nullable String primaryOwnerId, @Nullable Collection coownersIds) { + public OwnershipDescription(boolean ownershipEnabled, @Nullable String primaryOwnerId, @Nullable Collection secondaryOwnerIds) { this.ownershipEnabled = ownershipEnabled; this.primaryOwnerId = primaryOwnerId; - this.coownersIds = coownersIds != null ? new TreeSet(coownersIds) : new TreeSet(); + this.coownersIds = secondaryOwnerIds != null ? new TreeSet<>(secondaryOwnerIds) : new TreeSet(); } public void assign(@Nonnull OwnershipDescription descr) { @@ -101,10 +126,10 @@ public String toString() { } StringBuilder builder = new StringBuilder(); - builder.append("owner="); + builder.append("primary owner="); builder.append(primaryOwnerId); if (!coownersIds.isEmpty()) { - builder.append(" co-owners:["); + builder.append(" secondary owners:["); for (String coownerId : coownersIds) { builder.append(coownerId); builder.append(' '); @@ -118,6 +143,7 @@ public String toString() { * Check if ownership is enabled. * @return true if ownership is enabled */ + @Whitelisted public boolean isOwnershipEnabled() { return ownershipEnabled; } @@ -127,6 +153,7 @@ public boolean isOwnershipEnabled() { * @return userId of the primary owner. The result will be "unknown" if the * user is not specified. */ + @Whitelisted public @Nonnull String getPrimaryOwnerId() { return ownershipEnabled ? primaryOwnerId : User.getUnknown().getId(); } @@ -138,15 +165,28 @@ public boolean isOwnershipEnabled() { */ @CheckForNull public User getPrimaryOwner() { - return User.get(primaryOwnerId, false, null); + return ownershipEnabled ? User.getById(primaryOwnerId, false) : null; } /** - * Gets list of co-owners. - * @return Collection of co-owners + * Gets list of secondary owners (fka co-owners). + * @return Collection of secondary owners + * @deprecated use {@link #getSecondaryOwnerIds()} */ @Nonnull + @Deprecated public Set getCoownersIds() { + return getSecondaryOwnerIds(); + } + + /** + * Gets list of secondary owners. + * @return Collection of secondary owners + * @since 0.9 + */ + @Nonnull + @Whitelisted + public Set getSecondaryOwnerIds() { return coownersIds; } @@ -154,15 +194,17 @@ public Set getCoownersIds() { * @deprecated Use {@link #parseJSON(net.sf.json.JSONObject)} instead. */ @Nonnull + @Deprecated + @SuppressFBWarnings(value = "NM_METHOD_NAMING_CONVENTION", justification = "deprecated") public static OwnershipDescription Parse(JSONObject formData) throws Descriptor.FormException { return parseJSON(formData); } /** - * Parse a JSON input to construct {@link OwershipDescription}. + * Parse a JSON input to construct the ownership description. * @param formData Object with a data - * @return OwnershipDescription + * @return Ownership Description * @throws hudson.model.Descriptor.FormException Parsing error */ @Nonnull @@ -170,25 +212,25 @@ public static OwnershipDescription parseJSON(JSONObject formData) throws Descriptor.FormException { // Read primary owner - String primaryOwner = formData.getString( "primaryOwner" ); + String primaryOwnerId = formData.getString( "primaryOwner" ); // Read coowners - Set coOwnersSet = new TreeSet(); + Set secondaryOwnerIds = new TreeSet<>(); if (formData.has("coOwners")) { JSONObject coOwners = formData.optJSONObject("coOwners"); if (coOwners == null) { for (Object obj : formData.getJSONArray("coOwners")) { - addUser(coOwnersSet, (JSONObject)obj); + addUser(secondaryOwnerIds, (JSONObject)obj); } } else { - addUser(coOwnersSet, coOwners); + addUser(secondaryOwnerIds, coOwners); } } - return new OwnershipDescription(true, primaryOwner, coOwnersSet); + return new OwnershipDescription(true, primaryOwnerId, secondaryOwnerIds); } private static void addUser(Set target, JSONObject userObj) throws Descriptor.FormException { - String userId = Util.fixEmptyAndTrim(((JSONObject)userObj).getString("coOwner")); + String userId = Util.fixEmptyAndTrim(userObj.getString("coOwner")); //TODO: validate user string if (userId != null) { @@ -199,30 +241,206 @@ private static void addUser(Set target, JSONObject userObj) throws Descr /** * Check if User is an owner. * @param user User to be checked - * @param acceptCoowners Check if user belongs to co-owners - * @return true if User belongs to primary owners (and/or co-owners) + * @param includeSecondaryOwners Check if user belongs to secondary owners + * @return {@code true} if the user belongs to primary owners (and/or secondary owners) */ - public boolean isOwner(User user, boolean acceptCoowners) { + public boolean isOwner(User user, boolean includeSecondaryOwners) { if (user == null) { return false; } if (isPrimaryOwner(user)) { return true; } - return acceptCoowners ? coownersIds.contains(user.getId()) : false; + if (includeSecondaryOwners) { + Set coowners = new TreeSet<>(new IdStrategyComparator()); + coowners.addAll(coownersIds); + return coowners.contains(user.getId()); + } + return false; } + @Whitelisted public boolean hasPrimaryOwner() { return ownershipEnabled && getPrimaryOwner() != null; } - - public boolean isPrimaryOwner(User user) { + /** + * Checks if the specified user is a primary owner. + * @param user User to be checked + * @return {@code true} if the user is a primary owner + */ + public boolean isPrimaryOwner(@CheckForNull User user) { return user != null && user == getPrimaryOwner(); } + /** + * Gets ID of the primary owner. + * @return userId of the primary owner. The result will be "unknown" if the + * user is not specified. + * @since 0.9 + * @deprecated Use {@link #getPrimaryOwnerId()} + */ + @Deprecated + public @Nonnull String getOwnerId() { + return getPrimaryOwnerId(); + } + + /** + * Gets primary owner's e-mail. + * This method utilizes {@link OwnershipPlugin} global configuration to resolve emails. + * @return Primary owner's e-mail or empty string if it is not available + * @since 0.9 + * @deprecated Use {@link #getPrimaryOwnerEmail()} + */ + @Nonnull + @Deprecated + public String getOwnerEmail() { + return getPrimaryOwnerEmail(); + } + + /** + * Gets primary owner's e-mail. + * This method utilizes {@link OwnershipPlugin} global configuration to resolve emails. + * @return Primary owner's e-mail or empty string if it is not available + * @since 0.9 + */ + @Nonnull + @Whitelisted + public String getPrimaryOwnerEmail() { + return OwnershipDescriptionHelper.getOwnerEmail(this); + } + + /** + * Gets a comma-separated list of co-owners. + * @return List of co-owner user IDs + * @deprecated use {@link #getSecondaryOwnerIds()} + */ + @Deprecated + public @Nonnull Set getCoOwnerIds() { + return coownersIds; + } + + /** + * Gets e-mails of secondary owners. + * This method utilizes {@link OwnershipPlugin} global configuration to resolve emails. + * @return List of secondary owner e-mails (may be empty) + * @deprecated use {@link #getSecondaryOwnerEmails()} + */ + @Deprecated + public @Nonnull Set getCoOwnerEmails() { + return OwnershipDescriptionHelper.getSecondaryOwnerEmails(this, false); + } + + /** + * Gets e-mails of secondary owners. + * This method utilizes {@link OwnershipPlugin} global configuration to resolve emails. + * @return List of secondary owner e-mails (may be empty) + * @since 0.9 + */ + @Whitelisted + public @Nonnull Set getSecondaryOwnerEmails() { + return OwnershipDescriptionHelper.getSecondaryOwnerEmails(this, false); + } + + @Override + public int hashCode() { + int hash = 7; + hash = 41 * hash + (this.ownershipEnabled ? 1 : 0); + hash = 41 * hash + (this.primaryOwnerId != null ? this.primaryOwnerId.hashCode() : 0); + hash = 41 * hash + (this.coownersIds != null ? this.coownersIds.hashCode() : 0); + return hash; + } + + @Override + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + if (obj == null) { + return false; + } + if (getClass() != obj.getClass()) { + return false; + } + final OwnershipDescription other = (OwnershipDescription) obj; + if (this.ownershipEnabled != other.ownershipEnabled) { + return false; + } else if (!this.ownershipEnabled) { + // Treat disabled ownership configurations as equal ones + return true; + } + + if ((this.primaryOwnerId == null) ? (other.primaryOwnerId != null) : !this.primaryOwnerId.equals(other.primaryOwnerId)) { + return false; + } + if (this.coownersIds != other.coownersIds && (this.coownersIds == null || !this.coownersIds.equals(other.coownersIds))) { + return false; + } + return true; + } + + protected Object readResolve() throws ObjectStreamException { + checkUnsecuredConfiguration(); + return this; + } + + /** + * If the ownership is being deserialized because of a REST call or CLI command, we need to + * make sure that either the ownership is unchanged, or that the user performing the command + * has permission to manage ownership for the object attached to this {@link OwnershipDescription}. + */ + private void checkUnsecuredConfiguration() throws ObjectStreamException { + Authentication authentication = Jenkins.getAuthentication(); + if (authentication == ACL.SYSTEM) { + return; + } + StaplerRequest request = Stapler.getCurrentRequest(); + if (request != null) { + AccessControlled context = request.findAncestorObject(AccessControlled.class); + if (context != null) { + final AbstractOwnershipHelper helper = OwnershipHelperLocator.locate(context); + if (helper != null) { + final OwnershipDescription d = helper.getOwnershipDescription(context); + if (!helper.hasLocallyDefinedOwnership(context) || !Objects.equals(d, this)) { + throwIfMissingPermission(context, helper.getRequiredPermission()); + } + return; + } else { + LOGGER.log(Level.WARNING, "Cannot locate OwnershipHelperClass for object {0}. " + + "Jenkins.ADMINISTER permissions will be required to change ownership", context); + } + } else { + //TODO: maybe it should rejected, because there is no use-cases for it so far AFAIK + LOGGER.log(Level.WARNING, "Ownership Description is used outside the object context. " + + "Jenkins.ADMINISTER permissions will be required to change ownership"); + } + } + // We don't know what object this OwnershipDescription belongs to, so we require Overall/Administer permissions. + // CLI commands always use this check. + throwIfMissingPermission(Jenkins.get(), Jenkins.ADMINISTER); + } + + private void throwIfMissingPermission(@Nonnull AccessControlled context, Permission permission) throws ObjectStreamException { + try { + context.checkPermission(permission); + } catch (AccessDeniedException e) { + final String name; + if (context instanceof ModelObject) { + name = ((ModelObject)context).getDisplayName(); + } else { + name = context.toString(); + } + + InvalidObjectException ex = new InvalidObjectException( + String.format("Cannot modify permissions of %s of type %s: %s", name, + context.getClass(), e.getMessage())); + ex.addSuppressed(e); + throw ex; + } + } + /** * Check if ownership is enabled. - * @param descr Ownership description (can be null) + * @param descr Ownership description (can be {@code null}) * @return True if the ownership is enabled * @since 0.1 */ diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPlugin.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPlugin.java index 9b42b079..bcf1e796 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPlugin.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPlugin.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -28,11 +28,11 @@ import com.synopsys.arc.jenkins.plugins.ownership.extensions.item_ownership_policy.AssignCreatorPolicy; import com.synopsys.arc.jenkins.plugins.ownership.extensions.item_ownership_policy.DropOwnershipPolicy; import com.synopsys.arc.jenkins.plugins.ownership.security.itemspecific.ItemSpecificSecurity; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import hudson.ExtensionList; import hudson.Plugin; import hudson.Util; import hudson.model.Descriptor; -import hudson.model.Hudson; import hudson.model.User; import hudson.security.Permission; import hudson.security.PermissionGroup; @@ -55,7 +55,7 @@ /** * Contains global actions and configurations. * @since 0.0.1 - * @author Oleg Nenashev + * @author Oleg Nenashev */ public class OwnershipPlugin extends Plugin { @@ -73,22 +73,25 @@ public class OwnershipPlugin extends Plugin { /** * @deprecated Replaced by {@link ItemOwnershipPolicy} */ + @Deprecated private transient boolean assignOnCreate; - private final List pluginActions = new ArrayList(); - public String mailResolverClassName; + private final List pluginActions = new ArrayList<>(); + private String mailResolverClassName; private ItemSpecificSecurity defaultJobsSecurity; private OwnershipPluginConfiguration configuration; /** * @deprecated Use {@link #getInstance()} instead */ + @Deprecated + @SuppressFBWarnings(value = "NM_METHOD_NAMING_CONVENTION", justification = "deprecated") public static OwnershipPlugin Instance() { return getInstance(); } public static OwnershipPlugin getInstance() { - Jenkins j = Jenkins.getInstance(); - OwnershipPlugin plugin = j != null ? j.getPlugin(OwnershipPlugin.class) : null; + Jenkins j = Jenkins.get(); + OwnershipPlugin plugin = j.getPlugin(OwnershipPlugin.class); if (plugin == null) { // Fail horribly // TODO: throw a graceful error throw new IllegalStateException("Cannot get the plugin's instance. Jenkins or the plugin have not been initialized yet"); @@ -100,11 +103,11 @@ public static OwnershipPlugin getInstance() { public void start() throws Exception { load(); reinitActionsList(); - Hudson.getInstance().getActions().addAll(pluginActions); + Jenkins.get().getActions().addAll(pluginActions); } @Override - protected void load() throws IOException { + public void load() throws IOException { super.load(); // Migration to 1.5.0: Check ItemOwnershipPolicy @@ -124,9 +127,10 @@ public boolean isRequiresConfigureRights() { /** * @deprecated This method is deprecated since 0.5 - * @return true if the {@link #itemOwnershipPolicy} is an instance of + * @return {@code true} if the Item ownership policy is an instance of * {@link AssignCreatorPolicy}. */ + @Deprecated public boolean isAssignOnCreate() { return (getConfiguration().getItemOwnershipPolicy() instanceof AssignCreatorPolicy); } @@ -168,13 +172,13 @@ public void configure(boolean requiresConfigureRights, String mailResolverClassN reinitActionsList(); save(); - Hudson.getInstance().getActions().addAll(pluginActions); + Jenkins.get().getActions().addAll(pluginActions); } @Override public void configure(StaplerRequest req, JSONObject formData) throws IOException, ServletException, Descriptor.FormException { - Hudson.getInstance().getActions().removeAll(pluginActions); + Jenkins.get().getActions().removeAll(pluginActions); requiresConfigureRights = formData.getBoolean("requiresConfigureRights"); // Configurations @@ -193,7 +197,7 @@ public void configure(StaplerRequest req, JSONObject formData) reinitActionsList(); save(); - Hudson.getInstance().getActions().addAll(pluginActions); + Jenkins.get().getActions().addAll(pluginActions); } private void reinitActionsList() { @@ -232,7 +236,7 @@ public FormValidation doCheckUser(@QueryParameter String userId) { return FormValidation.error("Field is empty. Field will be ignored"); } - User usr = User.get(userId, false, null); + User usr = User.getById(userId, false); if (usr == null) { return FormValidation.warning("User " + userId + " is not registered in Jenkins"); } @@ -254,12 +258,16 @@ public String resolveEmail(User user) { } else { Class resolverClass = (Class)Class.forName(mailResolverClassName); MailAddressResolver res = MailAddressResolver.all().get(resolverClass); - return res.findMailAddressFor(user); + if (res != null) { + return res.findMailAddressFor(user); + } } } } catch (ClassNotFoundException ex) { // Do nothing - fallback do default handler } + //TODO: ClassCastException (bug) + //TODO: methods above should log errors return MailAddressResolver.resolve(user); } @@ -267,7 +275,7 @@ public String resolveEmail(User user) { @Nonnull public Collection getPossibleMailResolvers() { ExtensionList extensions = MailAddressResolver.all(); - List items =new ArrayList(extensions.size()); + List items = new ArrayList<>(extensions.size()); items.add(FAST_RESOLVER_ID); for (MailAddressResolver resolver : extensions) { items.add(resolver.getClass().getCanonicalName()); diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPluginConfiguration.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPluginConfiguration.java index 91aacb3f..6b4fff45 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPluginConfiguration.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPluginConfiguration.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2014 Oleg Nenashev , Synopsys Inc. + * Copyright 2014 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -31,13 +31,15 @@ import hudson.model.Descriptor; import javax.annotation.CheckForNull; import javax.annotation.Nonnull; +import org.jenkinsci.plugins.ownership.config.DisplayOptions; +import org.jenkinsci.plugins.ownership.config.InheritanceOptions; import org.jenkinsci.plugins.ownership.model.runs.OwnershipRunListener; import org.jenkinsci.plugins.ownership.util.environment.EnvSetupOptions; import org.kohsuke.stapler.DataBoundConstructor; /** * Configuration of {@link OwnershipPlugin}. - * @author Oleg Nenashev + * @author Oleg Nenashev * @since 0.5 */ public class OwnershipPluginConfiguration @@ -45,6 +47,9 @@ public class OwnershipPluginConfiguration private final ItemOwnershipPolicy itemOwnershipPolicy; private final @CheckForNull MailOptions mailOptions; + private final @CheckForNull DisplayOptions displayOptions; + private final @CheckForNull InheritanceOptions inheritanceOptions; + /** * Enforces the injection of ownership variables in {@link OwnershipRunListener}. * Null means the injection is disabled. @@ -52,27 +57,57 @@ public class OwnershipPluginConfiguration */ private final @CheckForNull EnvSetupOptions globalEnvSetupOptions; + @Deprecated + public OwnershipPluginConfiguration(@Nonnull ItemOwnershipPolicy itemOwnershipPolicy, + @Nonnull MailOptions mailOptions, EnvSetupOptions globalEnvSetupOptions, + @Nonnull DisplayOptions displayOptions) { + this(itemOwnershipPolicy, mailOptions, globalEnvSetupOptions, displayOptions, InheritanceOptions.DEFAULT); + } + @DataBoundConstructor public OwnershipPluginConfiguration(@Nonnull ItemOwnershipPolicy itemOwnershipPolicy, - @Nonnull MailOptions mailOptions, EnvSetupOptions globalEnvSetupOptions) { + @Nonnull MailOptions mailOptions, EnvSetupOptions globalEnvSetupOptions, + @Nonnull DisplayOptions displayOptions, @Nonnull InheritanceOptions inheritanceOptions) { this.itemOwnershipPolicy = itemOwnershipPolicy; this.mailOptions = mailOptions; this.globalEnvSetupOptions = globalEnvSetupOptions; + this.displayOptions = displayOptions; + this.inheritanceOptions = inheritanceOptions; } @Deprecated public OwnershipPluginConfiguration(@Nonnull ItemOwnershipPolicy itemOwnershipPolicy) { this (itemOwnershipPolicy, MailOptions.DEFAULT, null); } + + @Deprecated + public OwnershipPluginConfiguration(@Nonnull ItemOwnershipPolicy itemOwnershipPolicy, + @Nonnull MailOptions mailOptions, EnvSetupOptions globalEnvSetupOptions) { + this(itemOwnershipPolicy, mailOptions, globalEnvSetupOptions, DisplayOptions.DEFAULT); + } public @Nonnull ItemOwnershipPolicy getItemOwnershipPolicy() { - return itemOwnershipPolicy; + return itemOwnershipPolicy != null ? itemOwnershipPolicy : ItemOwnershipPolicy.getDefault(); } public @Nonnull MailOptions getMailOptions() { return mailOptions != null ? mailOptions : MailOptions.DEFAULT; } + /** + * Gets {@link OwnershipPlugin}'s display options. + * @return Display options. If the configuration has not been specified after the plugin update, + * {@link DisplayOptions#DEFAULT} will be returned. + * @since 0.8 + */ + public @Nonnull DisplayOptions getDisplayOptions() { + return displayOptions != null ? displayOptions : DisplayOptions.DEFAULT; + } + + public InheritanceOptions getInheritanceOptions() { + return inheritanceOptions != null ? inheritanceOptions : InheritanceOptions.DEFAULT; + } + /** * @return Global environment inject options. Null - global setup is disabled * @since 0.6 @@ -97,4 +132,14 @@ public String getDisplayName() { } } + + /** + * Gets the {@link OwnershipPlugin} configuration. + * @return The plugin configuration if available. + * @throws IllegalStateException Jenkins instance is not ready + * @since 0.8 + */ + public static OwnershipPluginConfiguration get() { + return OwnershipPlugin.getInstance().getConfiguration(); + } } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/ItemOwnershipPolicy.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/ItemOwnershipPolicy.java index dfc06a50..e03361cc 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/ItemOwnershipPolicy.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/ItemOwnershipPolicy.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2014 Oleg Nenashev , Synopsys Inc. + * Copyright 2014 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -25,6 +25,7 @@ package com.synopsys.arc.jenkins.plugins.ownership.extensions; import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import com.synopsys.arc.jenkins.plugins.ownership.extensions.item_ownership_policy.DropOwnershipPolicy; import hudson.DescriptorExtensionList; import hudson.ExtensionPoint; import hudson.model.Describable; @@ -33,15 +34,29 @@ import javax.annotation.CheckForNull; import javax.annotation.Nonnull; import jenkins.model.Jenkins; +import org.kohsuke.accmod.Restricted; +import org.kohsuke.accmod.restrictions.NoExternalUse; /** * Implements an ownership changes policy for {@link Item}s. * This policy defines actions to be implemented if specific changes in jobs occur. - * @author Oleg Nenashev + * @author Oleg Nenashev */ public abstract class ItemOwnershipPolicy implements ExtensionPoint, Describable { + private static final ItemOwnershipPolicy DEFAULT = new DropOwnershipPolicy(); + + /** + * Returns default Item Ownership Policy, which should be assigned on first startup. + * @return Ownership policy + */ + @Nonnull + @Restricted(NoExternalUse.class) + public static ItemOwnershipPolicy getDefault() { + return DEFAULT; + } + /** * A handler for newly created items. * By default, the ownership won't be set. @@ -67,7 +82,8 @@ public abstract class ItemOwnershipPolicy @Override public ItemOwnershipPolicyDescriptor getDescriptor() { - return (ItemOwnershipPolicyDescriptor) Jenkins.getInstance().getDescriptorOrDie(getClass()); + return (ItemOwnershipPolicyDescriptor) Jenkins.get() + .getDescriptorOrDie(getClass()); } /** @@ -75,8 +91,8 @@ public ItemOwnershipPolicyDescriptor getDescriptor() { * @return List of {@link ItemOwnershipPolicy}s. */ public static DescriptorExtensionList all() { - return Jenkins.getInstance(). - getDescriptorList(ItemOwnershipPolicy.class); + //TODO: rework to Extension list Lookup + return Jenkins.get().getDescriptorList(ItemOwnershipPolicy.class); } /** diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/ItemOwnershipPolicyDescriptor.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/ItemOwnershipPolicyDescriptor.java index 3fbe54fe..c6efea6f 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/ItemOwnershipPolicyDescriptor.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/ItemOwnershipPolicyDescriptor.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2014 Oleg Nenashev , Synopsys Inc. + * Copyright 2014 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -28,7 +28,7 @@ /** * Defines a descriptor for {@link ItemOwnershipPolicy}. - * @author Oleg Nenashev + * @author Oleg Nenashev */ public abstract class ItemOwnershipPolicyDescriptor extends Descriptor { diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/OwnershipLayoutFormatterProvider.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/OwnershipLayoutFormatterProvider.java index 4b0adb90..cea8ee55 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/OwnershipLayoutFormatterProvider.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/OwnershipLayoutFormatterProvider.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2014 Oleg Nenashev . + * Copyright 2014 Oleg Nenashev * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -35,25 +35,25 @@ /** * The extension creates {@link OwnershipLayoutFormatter}s for various object types. * @since 0.5 - * @author Oleg Nenashev + * @author Oleg Nenashev */ @Restricted(NoExternalUse.class) public abstract class OwnershipLayoutFormatterProvider { public static final OwnershipLayoutFormatterProvider DEFAULT_PROVIDER = new DefaultProvider(); - private static final OwnershipLayoutFormatter> DEFAULT_JOB_FORMATTER = new OwnershipLayoutFormatter.DefaultJobFormatter>(); - private static final OwnershipLayoutFormatter DEFAULT_NODE_FORMATTER = new OwnershipLayoutFormatter.DefaultJobFormatter(); - private static final OwnershipLayoutFormatter DEFAULT_RUN_FORMATTER = new OwnershipLayoutFormatter.DefaultJobFormatter(); + private static final OwnershipLayoutFormatter> DEFAULT_JOB_FORMATTER = new OwnershipLayoutFormatter.DefaultJobFormatter<>(); + private static final OwnershipLayoutFormatter DEFAULT_NODE_FORMATTER = new OwnershipLayoutFormatter.DefaultJobFormatter<>(); + private static final OwnershipLayoutFormatter DEFAULT_RUN_FORMATTER = new OwnershipLayoutFormatter.DefaultJobFormatter<>(); - public @Nonnull OwnershipLayoutFormatter> getLayoutFormatter(@Nonnull Job job) { + public @Nonnull OwnershipLayoutFormatter> getLayoutFormatter(Job job) { return DEFAULT_JOB_FORMATTER; } - public @Nonnull OwnershipLayoutFormatter getLayoutFormatter(@Nonnull Node node) { + public @Nonnull OwnershipLayoutFormatter getLayoutFormatter(Node node) { return DEFAULT_NODE_FORMATTER; } - public @Nonnull OwnershipLayoutFormatter getLayoutFormatter(@Nonnull Run run) { + public @Nonnull OwnershipLayoutFormatter getLayoutFormatter(Run run) { return DEFAULT_RUN_FORMATTER; } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/item_ownership_policy/AssignCreatorPolicy.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/item_ownership_policy/AssignCreatorPolicy.java index 8da79d69..2109dc62 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/item_ownership_policy/AssignCreatorPolicy.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/item_ownership_policy/AssignCreatorPolicy.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2014 Oleg Nenashev , Synopsys Inc. + * Copyright 2014 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -30,13 +30,12 @@ import com.synopsys.arc.jenkins.plugins.ownership.extensions.ItemOwnershipPolicyDescriptor; import hudson.Extension; import hudson.model.Item; -import hudson.model.Job; import hudson.model.User; import org.kohsuke.stapler.DataBoundConstructor; /** * A policy, which sets the item creator as an owner. - * @author Oleg Nenashev + * @author Oleg Nenashev * @since 0.5 */ public class AssignCreatorPolicy extends ItemOwnershipPolicy { @@ -48,7 +47,7 @@ public AssignCreatorPolicy() { @Override public OwnershipDescription onCreated(Item item) { User creator = User.current(); - if (creator != null && creator != User.getUnknown() && item instanceof Job) { + if (creator != null && creator != User.getUnknown()) { return new OwnershipDescription(true, creator.getId(), null); } @@ -60,7 +59,7 @@ public static class DescriptorImpl extends ItemOwnershipPolicyDescriptor { @Override public String getDisplayName() { - return Messages.ItemOwnershipPolicy_AssignCreatorPolicy_dipslayName(); + return Messages.ItemOwnershipPolicy_AssignCreatorPolicy_displayName(); } } } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/item_ownership_policy/CopyOwnerPolicy.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/item_ownership_policy/CopyOwnerPolicy.java index edf83a9b..1b2c33e6 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/item_ownership_policy/CopyOwnerPolicy.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/item_ownership_policy/CopyOwnerPolicy.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2014 Oleg Nenashev , Synopsys Inc. + * Copyright 2014 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -24,12 +24,15 @@ package com.synopsys.arc.jenkins.plugins.ownership.extensions.item_ownership_policy; -import com.synopsys.arc.jenkins.plugins.ownership.extensions.ItemOwnershipPolicy; +import org.kohsuke.accmod.Restricted; +import org.kohsuke.accmod.restrictions.NoExternalUse; /** - * - * @author Oleg Nenashev + * @deprecated Not implemented + * @author Oleg Nenashev */ +@Restricted(NoExternalUse.class) +@Deprecated public class CopyOwnerPolicy { //TODO: implement } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/item_ownership_policy/DropOwnershipPolicy.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/item_ownership_policy/DropOwnershipPolicy.java index 9fa2009f..262de454 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/item_ownership_policy/DropOwnershipPolicy.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/extensions/item_ownership_policy/DropOwnershipPolicy.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2014 Oleg Nenashev , Synopsys Inc. + * Copyright 2014 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -34,7 +34,7 @@ /** * A policy, which drops the project's ownership. - * @author Oleg Nenashev + * @author Oleg Nenashev * @since 0.5 */ public class DropOwnershipPolicy extends ItemOwnershipPolicy { @@ -58,7 +58,7 @@ public static class DescriptorImpl extends ItemOwnershipPolicyDescriptor { @Override public String getDisplayName() { - return Messages.ItemOwnershipPolicy_DropOwnershipPolicy_dipslayName(); + return Messages.ItemOwnershipPolicy_DropOwnershipPolicy_displayName(); } } } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerColumn.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerColumn.java index 8cce3dc9..5bc5b784 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerColumn.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerColumn.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -24,15 +24,21 @@ package com.synopsys.arc.jenkins.plugins.ownership.jobs; import com.synopsys.arc.jenkins.plugins.ownership.Messages; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import com.synopsys.arc.jenkins.plugins.ownership.util.AbstractOwnershipHelper; import org.kohsuke.stapler.DataBoundConstructor; import hudson.Extension; -import hudson.model.Job; +import hudson.model.Item; +import hudson.model.User; import hudson.views.ListViewColumnDescriptor; import hudson.views.ListViewColumn; +import javax.annotation.CheckForNull; +import javax.annotation.Nonnull; +import org.jenkinsci.plugins.ownership.model.OwnershipHelperLocator; /** * Provides Ownership column for the list view. - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev * @since 0.1 */ public class JobOwnerColumn extends ListViewColumn { @@ -42,12 +48,25 @@ public JobOwnerColumn() { super(); } - public String getJobOwner(@SuppressWarnings("rawtypes") Job job) { - return JobOwnerHelper.Instance.getOwner(job); + @Nonnull + public String getJobOwner(Item item) { + final OwnershipDescription description = getDescription(item); + return description != null ? description.getPrimaryOwnerId() : User.getUnknown().getId(); } - public boolean isOwnerExists(@SuppressWarnings("rawtypes") Job job) { - return JobOwnerHelper.Instance.isOwnerExists(job); + public boolean isOwnerExists(Item item) { + final OwnershipDescription description = getDescription(item); + return description != null ? description.hasPrimaryOwner(): false; + } + + @CheckForNull + private OwnershipDescription getDescription(Item item) { + AbstractOwnershipHelper helper = OwnershipHelperLocator.locate(item); + if (helper == null) { + // We cannot retrieve helper for the object => keep moving + return null; + } + return helper.getOwnershipDescription(item); } @Extension diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerHelper.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerHelper.java index 73f09769..2ee65a46 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerHelper.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerHelper.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -25,39 +25,48 @@ import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPluginConfiguration; import com.synopsys.arc.jenkins.plugins.ownership.security.itemspecific.ItemSpecificSecurity; import com.synopsys.arc.jenkins.plugins.ownership.util.AbstractOwnershipHelper; import com.synopsys.arc.jenkins.plugins.ownership.util.UserCollectionFilter; import com.synopsys.arc.jenkins.plugins.ownership.util.userFilters.AccessRightsFilter; import com.synopsys.arc.jenkins.plugins.ownership.util.userFilters.IUserFilter; -import com.synopsys.arc.jenkins.plugins.ownership.wrappers.OwnershipBuildWrapper; +import hudson.Extension; import hudson.matrix.MatrixConfiguration; -import hudson.model.AbstractBuild; +import hudson.model.Item; +import hudson.model.ItemGroup; import hudson.model.Job; import hudson.model.JobProperty; -import hudson.model.Project; import hudson.model.User; import java.io.IOException; import java.util.Collection; -import java.util.Map; import javax.annotation.CheckForNull; import javax.annotation.Nonnull; +import hudson.security.Permission; +import org.jenkinsci.plugins.ownership.model.OwnershipHelperLocator; +import org.jenkinsci.plugins.ownership.model.OwnershipInfo; +import org.jenkinsci.plugins.ownership.model.jobs.JobOwnershipDescriptionSource; +import org.kohsuke.accmod.Restricted; +import org.kohsuke.accmod.restrictions.NoExternalUse; + /** * Helper for Jobs Ownership. * @since 0.0.3 - * @author Oleg Nenashev + * @author Oleg Nenashev */ public class JobOwnerHelper extends AbstractOwnershipHelper> { public final static JobOwnerHelper Instance = new JobOwnerHelper(); /** - * Gets JobOwnerProperty from job if possible. + * Gets {@link JobOwnerJobProperty} from the job if possible. * The function also handles multi-configuration jobs, so it should be used * wherever it is possible. + * This method should not be used to retrieve Ownership descriptions, + * because it does not take inheritance into account. * @param job Job - * @return JobOwnerJobProperty or null if it is not configured + * @return JobOwnerJobProperty or {@code null} if it is not configured */ @CheckForNull public static JobOwnerJobProperty getOwnerProperty(@Nonnull Job job) { @@ -80,14 +89,57 @@ public static boolean isUserExists(@Nonnull User user) { } public static boolean isUserExists(@Nonnull String userIdOrFullName) { - assert (userIdOrFullName != null); - return User.get(userIdOrFullName, false, null) != null; + return User.getById(userIdOrFullName, false) != null; } @Override public @Nonnull OwnershipDescription getOwnershipDescription(@Nonnull Job job) { + // TODO: Maybe makes sense to unwrap the method to get a better performance (esp. for Security) + return getOwnershipInfo(job).getDescription(); + } + + @Override + public Permission getRequiredPermission() { + return OwnershipPlugin.MANAGE_ITEMS_OWNERSHIP; + } + + @Override + public boolean hasLocallyDefinedOwnership(@Nonnull Job job) { + return getOwnerProperty(job) != null; + } + + @Override + public OwnershipInfo getOwnershipInfo(Job job) { JobOwnerJobProperty prop = getOwnerProperty(job); - return (prop != null) ? prop.getOwnership() : OwnershipDescription.DISABLED_DESCR; + if (prop != null) { + OwnershipDescription d = prop.getOwnership(); + if (d.isOwnershipEnabled()) { + // If Ownership on this level is enabled, we return it + return new OwnershipInfo(d, new JobOwnershipDescriptionSource(job)); + } + } + + // We go to upper items in order to get the ownership description + if (!OwnershipPluginConfiguration.get().getInheritanceOptions().isBlockInheritanceFromItemGroups()) { + ItemGroup parent = job.getParent(); + AbstractOwnershipHelper located = OwnershipHelperLocator.locate(parent); + while (located != null) { + OwnershipInfo fromParent = located.getOwnershipInfo(parent); + if (fromParent.getDescription().isOwnershipEnabled()) { + return fromParent; + } + if (parent instanceof Item) { + Item parentItem = (Item)parent; + parent = parentItem.getParent(); + located = OwnershipHelperLocator.locate(parent); + } else { + located = null; + } + } + } + + // Fallback: we have not found the Ownership using known approaches + return OwnershipInfo.DISABLED_INFO; } /** @@ -146,4 +198,17 @@ public String getItemDisplayName(Job item) { public String getItemURL(Job item) { return item.getUrl(); } + + @Extension + @Restricted(NoExternalUse.class) + public static class LocatorImpl extends OwnershipHelperLocator> { + + @Override + public AbstractOwnershipHelper> findHelper(Object item) { + if (item instanceof Job) { + return Instance; + } + return null; + } + } } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobAction.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobAction.java index 6ada8384..07182ff4 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobAction.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobAction.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -27,6 +27,7 @@ import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin; import com.synopsys.arc.jenkins.plugins.ownership.security.itemspecific.ItemSpecificSecurity; +import hudson.model.Item; import hudson.model.Descriptor; import hudson.model.Job; @@ -45,12 +46,13 @@ import org.kohsuke.stapler.HttpResponses; import org.kohsuke.stapler.StaplerRequest; import org.kohsuke.stapler.StaplerResponse; +import org.kohsuke.stapler.interceptor.RequirePOST; /** * Ownership action for jobs. * The action displays "Manage Ownership" action on the left panel. * Actually, this action injects {@link JobOwnerJobProperty} into the project. - * @author Oleg Nenashev + * @author Oleg Nenashev */ public class JobOwnerJobAction extends ItemOwnershipAction> { @@ -68,6 +70,7 @@ public JobOwnerHelper helper() { * Gets described job. * @deprecated Just for compatibility with 0.0.1 */ + @Deprecated public Job getJob() { return getDescribedItem(); } @@ -122,25 +125,29 @@ public ItemSpecificSecurity.ItemSpecificDescriptor getItemSpecificDescriptor() { @Override public boolean actionIsAvailable() { - return getDescribedItem().hasPermission(OwnershipPlugin.MANAGE_ITEMS_OWNERSHIP); + // Action should be available to anyone with READ permission on the item + // Individual methods will check MANAGE_ITEMS_OWNERSHIP and return 403 if needed + return getDescribedItem().hasPermission(Item.READ); } + @RequirePOST public HttpResponse doOwnersSubmit(StaplerRequest req, StaplerResponse rsp) throws IOException, UnsupportedEncodingException, ServletException, Descriptor.FormException { - getDescribedItem().hasPermission(OwnershipPlugin.MANAGE_ITEMS_OWNERSHIP); + getDescribedItem().checkPermission(OwnershipPlugin.MANAGE_ITEMS_OWNERSHIP); - JSONObject jsonOwnership = (JSONObject) req.getSubmittedForm().getJSONObject("owners"); + JSONObject jsonOwnership = req.getSubmittedForm().getJSONObject("owners"); OwnershipDescription descr = OwnershipDescription.parseJSON(jsonOwnership); JobOwnerHelper.setOwnership(getDescribedItem(), descr); return HttpResponses.redirectViaContextPath(getDescribedItem().getUrl()); } + @RequirePOST public HttpResponse doProjectSpecificSecuritySubmit(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException, Descriptor.FormException { - getDescribedItem().hasPermission(OwnershipPlugin.MANAGE_ITEMS_OWNERSHIP); + getDescribedItem().checkPermission(OwnershipPlugin.MANAGE_ITEMS_OWNERSHIP); JSONObject form = req.getSubmittedForm(); if (form.containsKey("itemSpecificSecurity")) { - JSONObject jsonSpecificSecurity = (JSONObject) req.getSubmittedForm().getJSONObject("itemSpecificSecurity"); + JSONObject jsonSpecificSecurity = req.getSubmittedForm().getJSONObject("itemSpecificSecurity"); ItemSpecificSecurity specific = ItemSpecificSecurity.DESCRIPTOR.newInstance(req, jsonSpecificSecurity); JobOwnerHelper.setProjectSpecificSecurity(getDescribedItem(), specific); } else { // drop security @@ -150,8 +157,9 @@ public HttpResponse doProjectSpecificSecuritySubmit(StaplerRequest req, StaplerR return HttpResponses.redirectViaContextPath(getDescribedItem().getUrl()); } + @RequirePOST public HttpResponse doRestoreDefaultSpecificSecuritySubmit(StaplerRequest req, StaplerResponse rsp) throws IOException, ServletException, Descriptor.FormException { - getDescribedItem().hasPermission(OwnershipPlugin.MANAGE_ITEMS_OWNERSHIP); + getDescribedItem().checkPermission(OwnershipPlugin.MANAGE_ITEMS_OWNERSHIP); // Get default security ItemSpecificSecurity defaultJobsSecurity = OwnershipPlugin.getInstance().getDefaultJobsSecurity(); ItemSpecificSecurity val = defaultJobsSecurity != null ? defaultJobsSecurity.clone() : null; diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobProperty.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobProperty.java index 52cf4994..06937582 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobProperty.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobProperty.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -40,30 +40,37 @@ import hudson.Extension; import hudson.model.Descriptor; +import hudson.model.Items; import hudson.model.Job; import hudson.model.JobProperty; import hudson.model.JobPropertyDescriptor; import hudson.model.User; +import hudson.util.XStream2; import java.io.IOException; import java.io.UnsupportedEncodingException; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; import java.util.Collection; import javax.annotation.CheckForNull; -import javax.annotation.Nonnull; import javax.servlet.ServletException; import org.kohsuke.stapler.StaplerResponse; /** * Ownership job property. - * @todo Implement generic approaches from 0.0.3 - * @author Oleg Nenashev + * TODO: Implement generic approaches from 0.0.3 + * @author Oleg Nenashev * @since 0.0.1 */ public class JobOwnerJobProperty extends JobProperty> implements IOwnershipItem> { + @CheckForNull OwnershipDescription ownership; - /**Additional matrix with project security*/ + /** + * Additional matrix with project security + */ + @CheckForNull ItemSpecificSecurity itemSpecificSecurity; @DataBoundConstructor @@ -82,10 +89,10 @@ public OwnershipDescription getOwnership() { * The function returns a default configuration if security is not * configured. Use {@link #hasItemSpecificSecurity() hasItemSpecificSecurity} * to check an origin of permissions. - * @return ItemSpecific security or null if it is not configured + * @return ItemSpecific security or {@code null} if it is not configured * @since 0.3 */ - @Nonnull + @CheckForNull public ItemSpecificSecurity getItemSpecificSecurity() { return itemSpecificSecurity != null ? itemSpecificSecurity @@ -102,7 +109,7 @@ public boolean hasItemSpecificSecurity() { } public String getDisplayName(User usr) { - return JobOwnerHelper.Instance.getDisplayName(usr); + return JobOwnerHelper.Instance.getDisplayName(usr); } public Collection getUsers() @@ -147,12 +154,16 @@ public boolean isApplicable(Class jobType) { @Override public String toString() { - return ownership.toString(); + StringBuilder bldr = new StringBuilder(); + bldr.append(ownership != null ? ownership.toString() : "ownership not set"); + bldr.append(" "); + bldr.append(itemSpecificSecurity != null ? "with specific permissions" : "without specific permissions"); + return bldr.toString(); } public void doOwnersSubmit(StaplerRequest req, StaplerResponse rsp) throws IOException, UnsupportedEncodingException, ServletException, Descriptor.FormException { JSONObject formData = req.getSubmittedForm(); - JSONObject jsonOwnership = (JSONObject) formData.getJSONObject("owners"); + JSONObject jsonOwnership = formData.getJSONObject("owners"); setOwnershipDescription(OwnershipDescription.parseJSON(jsonOwnership)); } @@ -165,4 +176,14 @@ public void setItemSpecificSecurity(@CheckForNull ItemSpecificSecurity security) itemSpecificSecurity = security; owner.save(); } + + static { + // TODO: Remove reflection once baseline is updated past 2.85. + try { + Method m = XStream2.class.getMethod("addCriticalField", Class.class, String.class); + m.invoke(Items.XSTREAM2, JobOwnerJobProperty.class, "ownership"); + } catch (IllegalAccessException | InvocationTargetException | NoSuchMethodException e) { + throw new ExceptionInInitializerError(e); + } + } } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/OwnershipActionFactory.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/OwnershipActionFactory.java index 560faeb9..8bb99133 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/OwnershipActionFactory.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/OwnershipActionFactory.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -25,28 +25,36 @@ import hudson.Extension; import hudson.matrix.MatrixConfiguration; -import hudson.model.AbstractProject; import hudson.model.Action; -import hudson.model.TransientProjectActionFactory; +import hudson.model.Job; import java.util.Collection; import static java.util.Collections.singleton; import java.util.LinkedList; +import jenkins.model.TransientActionFactory; +import org.kohsuke.accmod.Restricted; +import org.kohsuke.accmod.restrictions.NoExternalUse; /** * Creates a "Manage Ownership" action for jobs. * Action will be available for all top-level job items. * Matrix configurations will be ignored. - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev */ @Extension -public class OwnershipActionFactory extends TransientProjectActionFactory { +@Restricted(NoExternalUse.class) +public class OwnershipActionFactory extends TransientActionFactory { /**Empty actions collection for invalid project type*/ private static final Collection EMPTY_ACTIONS - = new LinkedList(); + = new LinkedList<>(); @Override - public Collection createFor(AbstractProject target) { + public Collection createFor(Job target) { return (target instanceof MatrixConfiguration) ? EMPTY_ACTIONS : singleton(new JobOwnerJobAction(target)); } + + @Override + public Class type() { + return Job.class; + } } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/OwnershipItemListener.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/OwnershipItemListener.java index b2a2978c..6f5a00a5 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/OwnershipItemListener.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/OwnershipItemListener.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -37,7 +37,7 @@ * applies and modifies its ownership info. * By default, the plugin drops initial ownership settings. * It can also set the current user as a new owner (can be enabled in global configs). - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev */ @Extension public class OwnershipItemListener extends ItemListener { diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/OwnershipJobFilter.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/OwnershipJobFilter.java index e455e9c4..49c7c57c 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/OwnershipJobFilter.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/OwnershipJobFilter.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -25,10 +25,10 @@ import com.synopsys.arc.jenkins.plugins.ownership.Messages; import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import com.synopsys.arc.jenkins.plugins.ownership.util.AbstractOwnershipHelper; import com.synopsys.arc.jenkins.plugins.ownership.util.userFilters.UserComparator; import com.synopsys.arc.jenkins.plugins.ownership.util.UserWrapper; import hudson.Extension; -import hudson.model.AbstractProject; import hudson.model.Descriptor; import hudson.model.TopLevelItem; import hudson.model.User; @@ -39,13 +39,15 @@ import java.util.Collections; import java.util.LinkedList; import java.util.List; +import javax.annotation.Nonnull; import net.sf.json.JSONObject; +import org.jenkinsci.plugins.ownership.model.OwnershipHelperLocator; import org.kohsuke.stapler.DataBoundConstructor; import org.kohsuke.stapler.StaplerRequest; /** - * Filters owner's and co-owners. - * @author Oleg Nenashev + * Filters jobs by primary and secondary owners. + * @author Oleg Nenashev * @since 0.1 */ public class OwnershipJobFilter extends ViewJobFilter { @@ -62,9 +64,22 @@ public String getOwnerName() { return ownerId; } + /** + * @deprecated use {@link #isAcceptSecondaryOwners()} + */ + @Deprecated public boolean isAcceptsCoowners() { return acceptsCoowners; } + + /** + * Enables checking of secondary owners + * @return + * @since TODO + */ + public boolean isAcceptSecondaryOwners() { + return acceptsCoowners; + } public boolean isSelected(UserWrapper usr) { return ownerId.equals(usr.getId()); @@ -78,32 +93,35 @@ public OwnershipJobFilter(String ownerName, boolean acceptCoowners) { @Override public List filter(List added, List all, View filteringView) { - final ArrayList newList = new ArrayList(); + final ArrayList newList = new ArrayList<>(); final UserWrapper userWrapper = new UserWrapper(ownerId); for (TopLevelItem item : added) { - if (item instanceof AbstractProject) { // Ignore non-project items - AbstractProject project = (AbstractProject) item; - OwnershipDescription ownership = JobOwnerHelper.Instance.getOwnershipDescription(project); - if (!ownership.isOwnershipEnabled()) { - continue; - } + AbstractOwnershipHelper helper = OwnershipHelperLocator.locate(item); + if (helper == null) { + // We cannot retrieve helper for the object => keep moving + continue; + } + + OwnershipDescription ownership = helper.getOwnershipDescription(item); + if (!ownership.isOwnershipEnabled()) { + continue; + } - boolean matches = false; // Check owner - if (userWrapper.meetsMacro(ownership.getPrimaryOwnerId())) { - matches = true; - } - if (acceptsCoowners && !matches) { // Check co-owners - for (String coOwnerId : ownership.getCoownersIds()) { - if (userWrapper.meetsMacro(coOwnerId)) { - matches = true; - break; - } + boolean matches = false; // Check owner + if (userWrapper.meetsMacro(ownership.getPrimaryOwnerId())) { + matches = true; + } + if (acceptsCoowners && !matches) { // Check secondary owners + for (String coOwnerId : ownership.getSecondaryOwnerIds()) { + if (userWrapper.meetsMacro(coOwnerId)) { + matches = true; + break; } } - if (matches) { - newList.add(item); - } + } + if (matches) { + newList.add(item); } } @@ -132,14 +150,15 @@ public ViewJobFilter newInstance(StaplerRequest req, JSONObject formData) throws * * @return Collection of all registered users */ + @Nonnull public static Collection getAvailableUsers() { // Sort users UserComparator comparator = new UserComparator(); - LinkedList userList = new LinkedList(User.getAll()); + LinkedList userList = new LinkedList<>(User.getAll()); Collections.sort(userList, comparator); // Prepare new list - Collection res = new ArrayList(userList.size() + 1); + Collection res = new ArrayList<>(userList.size() + 1); res.add(new UserWrapper(MACRO_ME)); for (User user : userList) { res.add(new UserWrapper(user)); diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/ComputerOwnerHelper.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/ComputerOwnerHelper.java index 7325b8ec..c8495267 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/ComputerOwnerHelper.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/ComputerOwnerHelper.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -24,42 +24,60 @@ package com.synopsys.arc.jenkins.plugins.ownership.nodes; import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin; import com.synopsys.arc.jenkins.plugins.ownership.util.AbstractOwnershipHelper; +import hudson.Extension; import hudson.model.Computer; import hudson.model.Node; import hudson.model.User; import java.io.IOException; import java.util.Collection; +import java.util.Collections; import javax.annotation.CheckForNull; import javax.annotation.Nonnull; +import hudson.security.Permission; +import org.jenkinsci.plugins.ownership.model.OwnershipHelperLocator; +import org.jenkinsci.plugins.ownership.model.OwnershipInfo; +import org.kohsuke.accmod.Restricted; +import org.kohsuke.accmod.restrictions.NoExternalUse; + /** * Provides ownership helper for {@link Computer}. * The class implements a wrapper of {@link NodeOwnerHelper}. - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev */ public class ComputerOwnerHelper extends AbstractOwnershipHelper { - static final ComputerOwnerHelper Instance = new ComputerOwnerHelper(); + static final ComputerOwnerHelper INSTANCE = new ComputerOwnerHelper(); public static ComputerOwnerHelper getInstance() { - return Instance; + return INSTANCE; } @Override public OwnershipDescription getOwnershipDescription(@Nonnull Computer item) { + // TODO: This method impl is a performance hack. May be replaced by getOwnershipInfo() in 1.0 Node node = item.getNode(); return node != null ? NodeOwnerHelper.Instance.getOwnershipDescription(node) : OwnershipDescription.DISABLED_DESCR; // No node - no ownership } - + + @Override + public OwnershipInfo getOwnershipInfo(Computer item) { + Node node = item.getNode(); + return node != null + ? NodeOwnerHelper.Instance.getOwnershipInfo(node) + : OwnershipInfo.DISABLED_INFO; + } + @Override public Collection getPossibleOwners(@Nonnull Computer computer) { Node node = computer.getNode(); return node != null ? NodeOwnerHelper.Instance.getPossibleOwners(node) - : EMPTY_USERS_COLLECTION; + : Collections.emptyList(); } public static void setOwnership(@Nonnull Computer computer, @@ -72,17 +90,47 @@ public static void setOwnership(@Nonnull Computer computer, NodeOwnerHelper.setOwnership(node, descr); } + @Override + public Permission getRequiredPermission() { + return OwnershipPlugin.MANAGE_SLAVES_OWNERSHIP; + } + + @Override + public boolean hasLocallyDefinedOwnership(@Nonnull Computer computer) { + Node node = computer.getNode(); + if (node == null) { + // Node is not defined => permission is detached + return false; + } + return NodeOwnerHelper.Instance.hasLocallyDefinedOwnership(node); + } + @Override public String getItemTypeName(Computer item) { return "computer"; } + @Override public String getItemDisplayName(Computer item) { return item.getDisplayName(); } + @Override public String getItemURL(Computer item) { //TODO: Absolute URL return item.getUrl(); } + + @Extension + @Restricted(NoExternalUse.class) + public static class LocatorImpl extends OwnershipHelperLocator { + + @Override + public AbstractOwnershipHelper findHelper(Object item) { + if (item instanceof Computer) { + return INSTANCE; + } + return null; + } + } } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnerHelper.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnerHelper.java index 6b684981..dc59c2a1 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnerHelper.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnerHelper.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,20 +29,29 @@ import com.synopsys.arc.jenkins.plugins.ownership.util.UserCollectionFilter; import com.synopsys.arc.jenkins.plugins.ownership.util.userFilters.AccessRightsFilter; import com.synopsys.arc.jenkins.plugins.ownership.util.userFilters.IUserFilter; +import hudson.Extension; import hudson.model.Computer; +import hudson.model.Job; import hudson.model.Node; import hudson.model.User; -import hudson.slaves.NodeProperty; + import java.io.IOException; import java.util.Collection; import javax.annotation.CheckForNull; import javax.annotation.Nonnull; +import hudson.security.Permission; +import org.jenkinsci.plugins.ownership.model.OwnershipHelperLocator; +import org.jenkinsci.plugins.ownership.model.OwnershipInfo; +import org.jenkinsci.plugins.ownership.model.nodes.NodeOwnershipDescriptionSource; +import org.kohsuke.accmod.Restricted; +import org.kohsuke.accmod.restrictions.NoExternalUse; + /** * Provides helper for Node owner. - * @todo Add Bug reference + * TODO: Add Bug reference * @since 0.0.3 - * @author Oleg Nenashev + * @author Oleg Nenashev * @see OwnerNodeProperty */ public class NodeOwnerHelper extends AbstractOwnershipHelper { @@ -57,12 +66,12 @@ public class NodeOwnerHelper extends AbstractOwnershipHelper { */ @CheckForNull public static OwnerNodeProperty getOwnerProperty(@Nonnull Node node) { - NodeProperty prop = node.getNodeProperties().get(OwnerNodeProperty.class); - return prop != null ? (OwnerNodeProperty)prop : null; + return node.getNodeProperties().get(OwnerNodeProperty.class); } @Override - public OwnershipDescription getOwnershipDescription(Node item) { + public OwnershipDescription getOwnershipDescription(@CheckForNull Node item) { + // TODO: This method impl is a performance hack. May be replaced by getOwnershipInfo() in 1.0 if (item == null) { // Handle renames, etc. return OwnershipDescription.DISABLED_DESCR; } @@ -70,7 +79,28 @@ public OwnershipDescription getOwnershipDescription(Node item) { OwnerNodeProperty prop = getOwnerProperty(item); return prop != null ? prop.getOwnership() : OwnershipDescription.DISABLED_DESCR; } - + + @Override + public OwnershipInfo getOwnershipInfo(Node item) { + if (item == null) { // Handle renames, etc. + return OwnershipInfo.DISABLED_INFO; + } + + OwnerNodeProperty prop = getOwnerProperty(item); + return prop != null ? new OwnershipInfo(OwnershipDescription.DISABLED_DESCR, + new NodeOwnershipDescriptionSource(item)) : OwnershipInfo.DISABLED_INFO; + } + + @Override + public Permission getRequiredPermission() { + return OwnershipPlugin.MANAGE_SLAVES_OWNERSHIP; + } + + @Override + public boolean hasLocallyDefinedOwnership(@Nonnull Node node) { + return getOwnerProperty(node) != null; + } + @Override public Collection getPossibleOwners(Node item) { if (OwnershipPlugin.getInstance().isRequiresConfigureRights()) { @@ -111,6 +141,19 @@ public String getItemDisplayName(Node item) { @Override public String getItemURL(Node item) { Computer c = item.toComputer(); - return c != null ? ComputerOwnerHelper.Instance.getItemURL(c) : null; + return c != null ? ComputerOwnerHelper.INSTANCE.getItemURL(c) : null; + } + + @Extension + @Restricted(NoExternalUse.class) + public static class LocatorImpl extends OwnershipHelperLocator { + + @Override + public AbstractOwnershipHelper findHelper(Object item) { + if (item instanceof Node) { + return Instance; + } + return null; + } } } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnerPropertyHelper.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnerPropertyHelper.java index 7b56cfe1..b8b3c9a8 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnerPropertyHelper.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnerPropertyHelper.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -27,18 +27,28 @@ import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin; import com.synopsys.arc.jenkins.plugins.ownership.util.AbstractOwnershipHelper; import com.synopsys.arc.jenkins.plugins.ownership.util.UserCollectionFilter; +import hudson.Extension; +import hudson.model.Job; import hudson.model.Node; import hudson.model.User; +import hudson.security.Permission; import hudson.slaves.NodeProperty; import java.util.Collection; import javax.annotation.CheckForNull; import javax.annotation.Nonnull; +import org.jenkinsci.plugins.ownership.model.OwnershipHelperLocator; +import org.jenkinsci.plugins.ownership.model.OwnershipInfo; +import org.jenkinsci.plugins.ownership.model.nodes.NodeOwnershipDescriptionSource; +import org.kohsuke.accmod.Restricted; +import org.kohsuke.accmod.restrictions.NoExternalUse; + /** * Provides helper for Node owner * @since 0.0.3 - * @author Oleg Nenashev - * @see OwnerNodeProperty, NodeOwnerHelper + * @author Oleg Nenashev + * @see OwnerNodeProperty + * @see NodeOwnerHelper */ public class NodeOwnerPropertyHelper extends AbstractOwnershipHelper { @@ -57,10 +67,20 @@ private static OwnerNodeProperty getOwnerProperty(@CheckForNull NodeProperty nod @Nonnull @Override public OwnershipDescription getOwnershipDescription(@CheckForNull NodeProperty item) { + // TODO: This method impl is a performance hack. May be replaced by getOwnershipInfo() in 1.0 OwnerNodeProperty prop = getOwnerProperty(item); OwnershipDescription descr = (prop != null) ? prop.getOwnership() : null; return descr != null ? descr : OwnershipDescription.DISABLED_DESCR; } + + @Override + public OwnershipInfo getOwnershipInfo(NodeProperty item) { + OwnerNodeProperty prop = getOwnerProperty(item); + OwnershipDescription descr = (prop != null) ? prop.getOwnership() : null; + return descr != null + ? new OwnershipInfo(descr, new NodeOwnershipDescriptionSource(getNode(item))) + : OwnershipInfo.DISABLED_INFO; + } @Nonnull @Override @@ -81,6 +101,17 @@ public Collection getPossibleOwners(NodeProperty item) { return null; } + @Override + public Permission getRequiredPermission() { + return OwnershipPlugin.MANAGE_SLAVES_OWNERSHIP; + } + + @Override + public boolean hasLocallyDefinedOwnership(@Nonnull NodeProperty item) { + // Self-defined + return true; + } + @Override public String getItemTypeName(NodeProperty item) { return NodeOwnerHelper.ITEM_TYPE_NAME; @@ -96,5 +127,18 @@ public String getItemDisplayName(NodeProperty item) { public String getItemURL(NodeProperty item) { Node node = getNode(item); return node != null ? NodeOwnerHelper.Instance.getItemURL(node) : null; - } + } + + @Extension + @Restricted(NoExternalUse.class) + public static class LocatorImpl extends OwnershipHelperLocator { + + @Override + public AbstractOwnershipHelper findHelper(Object item) { + if (item instanceof NodeProperty) { + return Instance; + } + return null; + } + } } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnerWrapper.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnerWrapper.java index 1c2e4a63..d7f9cabf 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnerWrapper.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnerWrapper.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -24,13 +24,15 @@ package com.synopsys.arc.jenkins.plugins.ownership.nodes; import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import java.util.Collections; import javax.annotation.CheckForNull; import javax.annotation.Nonnull; +import org.apache.commons.lang.StringUtils; import org.kohsuke.stapler.DataBoundConstructor; /** * Data-bound wrapper for slave ownership initialization. - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev * @see OwnerNodeProperty */ public class NodeOwnerWrapper { @@ -39,7 +41,9 @@ public class NodeOwnerWrapper { @DataBoundConstructor public NodeOwnerWrapper(@CheckForNull String primaryOwner) { - description = new OwnershipDescription(primaryOwner!=null, primaryOwner); + description = StringUtils.isBlank(primaryOwner) + ? OwnershipDescription.DISABLED_DESCR + : new OwnershipDescription(true, primaryOwner, Collections.emptyList()); } @Nonnull diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnershipAction.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnershipAction.java index 42b9d0d9..08fb3bee 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnershipAction.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnershipAction.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -49,7 +49,7 @@ /** * Node ownership action. - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev * @since 0.2 */ public class NodeOwnershipAction extends ItemOwnershipAction { @@ -75,7 +75,7 @@ public Permission getProjectSpecificPermission() { @Override public IOwnershipHelper helper() { - return ComputerOwnerHelper.Instance; + return ComputerOwnerHelper.INSTANCE; } @Override @@ -90,7 +90,7 @@ public OwnershipDescription getOwnership() { * @return */ public static String getAbsoluteUrl(@Nonnull Computer computer) { - String r = Jenkins.getInstance().getRootUrl(); + String r = Jenkins.get().getRootUrl(); if(r==null) { throw new IllegalStateException("Root URL isn't configured yet. Cannot compute absolute URL."); } @@ -98,9 +98,9 @@ public static String getAbsoluteUrl(@Nonnull Computer computer) { } public HttpResponse doOwnersSubmit(StaplerRequest req, StaplerResponse rsp) throws IOException, UnsupportedEncodingException, ServletException, Descriptor.FormException { - getDescribedItem().hasPermission(OwnershipPlugin.MANAGE_SLAVES_OWNERSHIP); + getDescribedItem().checkPermission(OwnershipPlugin.MANAGE_SLAVES_OWNERSHIP); - JSONObject jsonOwnership = (JSONObject) req.getSubmittedForm().getJSONObject("owners"); + JSONObject jsonOwnership = req.getSubmittedForm().getJSONObject("owners"); OwnershipDescription descr = OwnershipDescription.parseJSON(jsonOwnership); ComputerOwnerHelper.setOwnership(getDescribedItem(), descr); diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnerNodeProperty.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnerNodeProperty.java index 814c29ab..c692e155 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnerNodeProperty.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnerNodeProperty.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -25,16 +25,20 @@ import com.synopsys.arc.jenkins.plugins.ownership.IOwnershipHelper; import com.synopsys.arc.jenkins.plugins.ownership.IOwnershipItem; -import com.synopsys.arc.jenkins.plugins.ownership.Messages; import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin; import com.synopsys.arc.jenkins.plugins.ownership.util.ui.OwnershipLayoutFormatter; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import hudson.Extension; import hudson.model.Descriptor; import hudson.model.Node; import hudson.slaves.NodeProperty; import hudson.slaves.NodePropertyDescriptor; import hudson.slaves.SlaveComputer; +import hudson.util.XStream2; +import java.io.IOException; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; import java.util.List; import javax.annotation.CheckForNull; import jenkins.model.Jenkins; @@ -45,8 +49,7 @@ /** * Implements owner property for Jenkins Nodes. - * @author Oleg Nenashev - * @deprecated Will be removed in future versions + * @author Oleg Nenashev * @since 0.0.3 */ public class OwnerNodeProperty extends NodeProperty @@ -72,15 +75,18 @@ public OwnershipDescription getOwnership() { return ownership != null ? ownership : OwnershipDescription.DISABLED_DESCR; } - public void setOwnershipDescription(OwnershipDescription descr) { + public void setOwnershipDescription(OwnershipDescription descr) throws IOException { ownership = descr; - getDescriptor().save(); + Node node = getNode(); + if (node != null) { + node.save(); + } } @CheckForNull public Node getNode() { if (node == null) { - setNode(Jenkins.getInstance().getNode(nodeName)); + setNode(Jenkins.get().getNode(nodeName)); } return node; } @@ -118,7 +124,7 @@ public static class DescriptorImpl extends NodePropertyDescriptor { * @return Instance of the node, which is being configured (or null) * * @since 0.0.5 - * @author Oleg Nenashev + * @author Oleg Nenashev */ private static Node getNodePropertyOwner(StaplerRequest req) { @@ -138,13 +144,24 @@ private static Node getNodePropertyOwner(StaplerRequest req) } @Override + @SuppressFBWarnings(value = "NP_NONNULL_RETURN_VIOLATION", justification = "TODO: should be fixed, see jenkinsci PR #1880") public String getDisplayName() { return null; } - + @Override public boolean isApplicable( Class Type ) { return true; } } + + static { + // TODO: Remove reflection once baseline is updated past 2.85. + try { + Method m = XStream2.class.getMethod("addCriticalField", Class.class, String.class); + m.invoke(Jenkins.XSTREAM2, OwnerNodeProperty.class, "ownership"); + } catch (IllegalAccessException | InvocationTargetException | NoSuchMethodException e) { + throw new ExceptionInInitializerError(e); + } + } } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnershipActionFactory.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnershipActionFactory.java index 11f34300..bf4d5cdd 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnershipActionFactory.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnershipActionFactory.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -32,7 +32,7 @@ /** * Generates ownership actions for the Jenkins nodes. - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev * @since 0.2 */ @Extension diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnershipNodeMonitor.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnershipNodeMonitor.java index de1ffc19..a69bc9e1 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnershipNodeMonitor.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnershipNodeMonitor.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -36,7 +36,7 @@ /** * Implements monitoring of ownership. - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev * @since 0.4 */ public class OwnershipNodeMonitor extends NodeMonitor { @@ -51,6 +51,12 @@ public AbstractNodeMonitorDescriptor getDescriptor() { public static class DescriptorImpl extends AbstractNodeMonitorDescriptor { + //TODO: no need to use AsyncNodeMonitor from the performance PoV, but there is no supported sync option in the core + DescriptorImpl() { + // Check every 10 minutes + super(1000*60*10L); + } + @Override protected Data monitor(Computer c) throws IOException, InterruptedException { OwnershipDescription ownership = ComputerOwnerHelper.getInstance().getOwnershipDescription(c); diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/authorizeproject/OwnershipAuthorizeProjectStrategy.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/authorizeproject/OwnershipAuthorizeProjectStrategy.java index dbb13c3a..d50910fb 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/authorizeproject/OwnershipAuthorizeProjectStrategy.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/authorizeproject/OwnershipAuthorizeProjectStrategy.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2014 Oleg Nenashev , Synopsys Inc. + * Copyright 2014 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -28,13 +28,12 @@ import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; import com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerHelper; import hudson.Extension; -import hudson.model.AbstractProject; +import hudson.model.Job; import hudson.model.Queue; import hudson.model.User; -import java.util.Collections; import jenkins.model.Jenkins; -import org.acegisecurity.Authentication; -import org.acegisecurity.userdetails.UsernameNotFoundException; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.userdetails.UsernameNotFoundException; import org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategy; import org.jenkinsci.plugins.authorizeproject.AuthorizeProjectStrategyDescriptor; import org.kohsuke.stapler.DataBoundConstructor; @@ -44,7 +43,7 @@ * This strategy authenticates as a job's owner if it is specified. * Otherwise, the anonymous user will be used. * @since 0.5 - * @author Oleg Nenashev + * @author Oleg Nenashev */ public class OwnershipAuthorizeProjectStrategy extends AuthorizeProjectStrategy { @@ -53,20 +52,19 @@ public OwnershipAuthorizeProjectStrategy() { } @Override - public Authentication authenticate(AbstractProject ap, Queue.Item item) { - OwnershipDescription d = JobOwnerHelper.Instance.getOwnershipDescription(ap); + public Authentication authenticate(Job job, Queue.Item item) { + OwnershipDescription d = JobOwnerHelper.Instance.getOwnershipDescription(job); if (!d.hasPrimaryOwner()) { // fallback to anonymous - return Jenkins.ANONYMOUS; + return Jenkins.ANONYMOUS2; } - User owner = User.get(d.getPrimaryOwnerId(), false, Collections.emptyMap()); + User owner = User.getById(d.getPrimaryOwnerId(), false); if (owner == null) { // fallback to anonymous - return Jenkins.ANONYMOUS; + return Jenkins.ANONYMOUS2; } try { - Authentication auth = owner.impersonate(); - return (auth != null) ? auth : Jenkins.ANONYMOUS; + return owner.impersonate2(); } catch (UsernameNotFoundException ex) { // fallback to anonymous - return Jenkins.ANONYMOUS; + return Jenkins.ANONYMOUS2; } } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/itemspecific/ItemSpecificSecurity.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/itemspecific/ItemSpecificSecurity.java index 9608857c..3da8db18 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/itemspecific/ItemSpecificSecurity.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/itemspecific/ItemSpecificSecurity.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -28,6 +28,8 @@ import hudson.model.Descriptor; import hudson.security.AuthorizationMatrixProperty; import hudson.security.Permission; +import java.util.HashSet; +import java.util.Map; import java.util.Set; import java.util.TreeMap; import java.util.logging.Level; @@ -36,13 +38,14 @@ import javax.annotation.Nonnull; import jenkins.model.Jenkins; import net.sf.json.JSONObject; +import org.jenkinsci.plugins.matrixauth.PermissionEntry; import org.kohsuke.stapler.DataBoundConstructor; import org.kohsuke.stapler.StaplerRequest; /** * Implements item-specific property map. * This class relies on {@link AuthorizationMatrixProperty} from Jenkins core. - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev * @since 0.3 */ public class ItemSpecificSecurity implements Describable, Cloneable { @@ -71,7 +74,18 @@ public ItemSpecificSecurity clone() { ItemSpecificSecurity newItem; try { newItem = (ItemSpecificSecurity)super.clone(); - newItem.permissionsMatrix = new AuthorizationMatrixProperty(this.permissionsMatrix.getGrantedPermissions()); + // Use getGrantedPermissionEntries() instead of deprecated getGrantedPermissions() + Map> permissionEntries = this.permissionsMatrix.getGrantedPermissionEntries(); + // Convert PermissionEntry to String (SID) for the constructor + Map> permissions = new TreeMap<>(); + for (Map.Entry> entry : permissionEntries.entrySet()) { + Set sids = new HashSet<>(); + for (PermissionEntry permEntry : entry.getValue()) { + sids.add(permEntry.getSid()); + } + permissions.put(entry.getKey(), sids); + } + newItem.permissionsMatrix = new AuthorizationMatrixProperty(permissions); return newItem; } catch (CloneNotSupportedException ex) { Logger.getLogger(ItemSpecificSecurity.class.getName()).log(Level.SEVERE, null, ex); @@ -92,8 +106,10 @@ public String getDisplayName() { public ItemSpecificSecurity newInstance(StaplerRequest req, JSONObject formData) throws FormException { AuthorizationMatrixProperty prop = null; if (formData.containsKey("permissionsMatrix")) { - Descriptor d= Jenkins.getInstance().getDescriptor(AuthorizationMatrixProperty.class); - prop = (AuthorizationMatrixProperty)d.newInstance(req, formData.getJSONObject("permissionsMatrix")); + Descriptor d= Jenkins.get().getDescriptor(AuthorizationMatrixProperty.class); + if (d != null) { + prop = (AuthorizationMatrixProperty)d.newInstance(req, formData.getJSONObject("permissionsMatrix")); + } } return new ItemSpecificSecurity(prop); } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/jobrestrictions/OwnersListJobRestriction.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/jobrestrictions/OwnersListJobRestriction.java index 4c61cb2f..95d3ece3 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/jobrestrictions/OwnersListJobRestriction.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/jobrestrictions/OwnersListJobRestriction.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -26,9 +26,11 @@ import com.synopsys.arc.jenkins.plugins.ownership.Messages; import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; import com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerHelper; +import com.synopsys.arc.jenkins.plugins.ownership.util.IdStrategyComparator; import com.synopsys.arc.jenkins.plugins.ownership.util.ui.UserSelector; import com.synopsys.arc.jenkinsci.plugins.jobrestrictions.restrictions.JobRestriction; import com.synopsys.arc.jenkinsci.plugins.jobrestrictions.restrictions.JobRestrictionDescriptor; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import hudson.Extension; import hudson.model.Job; import hudson.model.Queue; @@ -40,9 +42,11 @@ /** * Allows to restrict job executions by ownership. - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev * @since 0.2 */ +@SuppressFBWarnings(value = "SE_NO_SERIALVERSIONID", + justification = "JobRestriction should not be serializable, not required for Xstream") public class OwnersListJobRestriction extends JobRestriction { private static final JobOwnerHelper helper = new JobOwnerHelper(); @@ -60,7 +64,7 @@ public OwnersListJobRestriction(List usersList, boolean acceptsCoO protected synchronized final void updateUsersMap() { if (usersMap == null) { // Update users map - usersMap = new TreeSet(); + usersMap = new TreeSet<>(new IdStrategyComparator()); for (UserSelector selector : usersList) { String userId = hudson.Util.fixEmptyAndTrim(selector.getSelectedUserId()); if (userId != null && !usersMap.contains(userId)) { @@ -74,10 +78,23 @@ public List getUsersList() { return usersList; } + /** + * @deprecated use {@link #isAcceptSecondaryOwners() } + */ + @Deprecated public boolean isAcceptsCoOwners() { return acceptsCoOwners; } + /** + * Checks if the filter accepts secondary owners. + * @return {@code true} if secondary owners should be accepted + * @since 0.9 + */ + public boolean isAcceptSecondaryOwners() { + return acceptsCoOwners; + } + @Override public boolean canTake(Queue.BuildableItem item) { if (item.task instanceof Job) { @@ -101,22 +118,25 @@ private boolean canTake(OwnershipDescription descr) { return false; } - updateUsersMap(); - if (usersMap.contains(descr.getPrimaryOwnerId())) { - return true; - } - - // Handle co-owners if required - Set itemCoOwners = descr.getCoownersIds(); - if (acceptsCoOwners && !itemCoOwners.isEmpty()) { - for (String userID : usersMap) { - if (itemCoOwners.contains(userID)) { - return true; + synchronized(this) { + updateUsersMap(); + if (usersMap.contains(descr.getPrimaryOwnerId())) { + return true; + } + + // Handle secondary owners if required + Set itemCoOwners = new TreeSet<>(new IdStrategyComparator()); + itemCoOwners.addAll(descr.getSecondaryOwnerIds()); + if (acceptsCoOwners && !itemCoOwners.isEmpty()) { + for (String userID : usersMap) { + if (itemCoOwners.contains(userID)) { + return true; + } } } } - // Default fallback - user is not owner or co-owner + // Default fallback - user is not a primary or secondary owner return false; } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/AbstractOwnershipRoleMacro.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/AbstractOwnershipRoleMacro.java index 89295ed8..61ddba31 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/AbstractOwnershipRoleMacro.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/AbstractOwnershipRoleMacro.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -23,33 +23,38 @@ */ package com.synopsys.arc.jenkins.plugins.ownership.security.rolestrategy; -import com.synopsys.arc.jenkins.plugins.ownership.IOwnershipItem; +import com.synopsys.arc.jenkins.plugins.ownership.IOwnershipHelper; import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; -import com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerHelper; -import com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerJobProperty; -import com.synopsys.arc.jenkins.plugins.ownership.nodes.OwnerNodeProperty; +import com.synopsys.arc.jenkins.plugins.ownership.nodes.NodeOwnerHelper; +import com.michelin.cio.hudson.plugins.rolestrategy.PermissionEntry; import com.synopsys.arc.jenkins.plugins.rolestrategy.Macro; import com.synopsys.arc.jenkins.plugins.rolestrategy.RoleMacroExtension; import com.synopsys.arc.jenkins.plugins.rolestrategy.RoleType; import static com.synopsys.arc.jenkins.plugins.rolestrategy.RoleType.Project; import static com.synopsys.arc.jenkins.plugins.rolestrategy.RoleType.Slave; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import hudson.model.Computer; -import hudson.model.Job; +import hudson.model.Item; import hudson.model.Node; import hudson.model.User; import hudson.security.AccessControlled; +import hudson.security.Permission; +import org.jenkinsci.plugins.ownership.model.OwnershipHelperLocator; + +import javax.annotation.CheckForNull; /** * An abstract class for {@link RoleMacroExtension}s provided by the ownership plugin. - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev * @since 0.1 */ -abstract class AbstractOwnershipRoleMacro extends RoleMacroExtension { +public abstract class AbstractOwnershipRoleMacro extends RoleMacroExtension { public static final String NO_SID_SUFFIX="NoSid"; protected static final String AUTHENTICATED_SID = "authenticated"; @Override + @SuppressFBWarnings(value = "NM_METHOD_NAMING_CONVENTION", justification = "Part of other plugin API") public boolean IsApplicable(RoleType roleType) { switch (roleType) { case Project: @@ -62,15 +67,12 @@ public boolean IsApplicable(RoleType roleType) { } public static OwnershipDescription getOwnership(RoleType type, AccessControlled item) { - IOwnershipItem ownership = null; + //TODO refactor the code to use OwnershipHelperLocator switch(type) { case Project: - if (item instanceof Job) { - Job prj = (Job)item; - JobOwnerJobProperty prop = JobOwnerHelper.getOwnerProperty(prj); - if (prop != null) { - ownership = prop; - } + if (item instanceof Item) { + IOwnershipHelper helper = OwnershipHelperLocator.locate(item); + return helper != null ? helper.getOwnershipDescription(item) : OwnershipDescription.DISABLED_DESCR; } break; case Slave: @@ -78,21 +80,68 @@ public static OwnershipDescription getOwnership(RoleType type, AccessControlled Computer comp = (Computer)item; Node node = comp.getNode(); if (node != null) { - ownership = node.getNodeProperties().get(OwnerNodeProperty.class); + return NodeOwnerHelper.Instance.getOwnershipDescription(node); } } break; default: //do nothing => Ownership is disabled } - return ownership != null ? ownership.getOwnership() : OwnershipDescription.DISABLED_DESCR; + + // Fallback to the disabled Ownership description + return OwnershipDescription.DISABLED_DESCR; + } + + /** + * Checks if a user has the permission defined for this macro. + * @param user User + * @param type Role type + * @param item Item, for which permissions are being checked + * @param macro Macro expression + * @param acceptSecondaryOwners {@code true} if secondary owners should be considered + * @return {@code true} if the macro provides a permission. + * Always {@code false} if the user is {@code null}. + */ + public static boolean hasPermission(@CheckForNull User user, RoleType type, AccessControlled item, + Macro macro, boolean acceptSecondaryOwners) { + return user != null && getOwnership(type, item).isOwner(user, acceptSecondaryOwners); } - public static boolean hasPermission(User user, RoleType type, AccessControlled item, Macro macro, boolean acceptCoowners) { - //TODO: implement - if (user == null) { + /** + * New API method with PermissionEntry. + * Extracts SID from PermissionEntry and delegates to the old method. + */ + @Override + public boolean hasPermission(PermissionEntry entry, Permission p, RoleType type, AccessControlled item, Macro macro) { + // Extract SID from PermissionEntry + // Check for null entry first + if (entry == null) { return false; - } - return getOwnership(type, item).isOwner(user, acceptCoowners); + } + + String sid = entry.getSid(); + // Check for null or empty SID - deny access in such cases + if (sid == null || sid.trim().isEmpty()) { + return false; + } + + return hasPermission(sid, p, type, item, macro); + } + + /** + * Legacy method signature - kept for backward compatibility. + * Subclasses should override this method. + */ + public boolean hasPermission(String sid, Permission p, RoleType type, AccessControlled item, Macro macro) { + // Check for null or empty SID - deny access in such cases + if (sid == null) { + return false; + } + if (sid.trim().isEmpty()) { + return false; + } + + User user = User.getById(sid, false); + return hasPermission(user, type, item, macro, false); } } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/CoOwnerRoleMacro.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/CoOwnerRoleMacro.java index 0e9ee835..764a0fd1 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/CoOwnerRoleMacro.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/CoOwnerRoleMacro.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -33,11 +33,11 @@ import hudson.security.Permission; /** - * Checks if the user belongs to owners or co-owners of the item. - * @author Oleg Nenashev , Synopsys Inc. + * Checks if the user belongs to primary or secondary owners of the item. + * @author Oleg Nenashev * @since 0.2 */ -@Extension(optional = true) +@Extension(optional = true, ordinal = -1000) public class CoOwnerRoleMacro extends AbstractOwnershipRoleMacro { @Override @@ -51,8 +51,16 @@ public String getDescription() { } @Override - public boolean hasPermission(String sid, Permission p, RoleType type, AccessControlled item, Macro macro) { - User user = User.get(sid, false, null); + public boolean hasPermission(String sid, Permission p, RoleType type, AccessControlled item, Macro macro) { + // Check for null or empty SID - deny access in such cases + if (sid == null) { + return false; + } + if (sid.trim().isEmpty()) { + return false; + } + + User user = User.getById(sid, false); return hasPermission(user, type, item, macro, true); } } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/CoOwnerRoleMacroNoSid.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/CoOwnerRoleMacroNoSid.java index 3fa66495..e32b23aa 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/CoOwnerRoleMacroNoSid.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/CoOwnerRoleMacroNoSid.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -31,13 +31,16 @@ import hudson.model.User; import hudson.security.AccessControlled; import hudson.security.Permission; +import org.jenkinsci.plugins.ownership.integrations.rolestrategy.macros.CurrentUserIsOwnerMacro; /** - * Checks if the current user belongs to owners or co-owners of the item (w/o sid control). - * @author Oleg Nenashev , Synopsys Inc. + * Checks if the current user is a primary or secondary owner of the item (w/o sid control). + * @author Oleg Nenashev * @since 0.2 + * @deprecated Use {@link CurrentUserIsOwnerMacro} */ -@Extension(optional = true) +@Deprecated +@Extension(optional = true, ordinal = -1000) public class CoOwnerRoleMacroNoSid extends AbstractOwnershipRoleMacro{ @Override @@ -52,7 +55,7 @@ public String getDescription() { @Override public boolean hasPermission(String sid, Permission p, RoleType type, AccessControlled item, Macro macro) { - User user = User.current(); + User user = User.current(); return hasPermission(user, type, item, macro, true); } } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/ItemSpecificRoleMacro.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/ItemSpecificRoleMacro.java index 8d0588be..3ba08afe 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/ItemSpecificRoleMacro.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/ItemSpecificRoleMacro.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,6 +29,7 @@ import com.synopsys.arc.jenkins.plugins.ownership.security.itemspecific.ItemSpecificSecurity; import com.synopsys.arc.jenkins.plugins.rolestrategy.Macro; import com.synopsys.arc.jenkins.plugins.rolestrategy.RoleType; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import hudson.Extension; import hudson.model.Job; import hudson.security.AccessControlled; @@ -36,10 +37,10 @@ /** * Macro invokes evaluation of item-specific access rights. - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev * @since 0.4 */ -@Extension(optional = true) +@Extension(optional = true, ordinal = -5) public class ItemSpecificRoleMacro extends AbstractOwnershipRoleMacro { @Override @@ -53,6 +54,7 @@ public String getDescription() { } @Override + @SuppressFBWarnings(value = "NM_METHOD_NAMING_CONVENTION", justification = "Part of other plugin API") public boolean IsApplicable(RoleType roleType) { return roleType == RoleType.Project; } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/ItemSpecificRoleMacroWithUserID.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/ItemSpecificRoleMacroWithUserID.java index 85c754c3..998142a0 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/ItemSpecificRoleMacroWithUserID.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/ItemSpecificRoleMacroWithUserID.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -33,10 +33,10 @@ /** * Macro invokes evaluation of item-specific access rights for the current user. - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev * @since 0.4 */ -@Extension(optional = true) +@Extension(optional = true, ordinal = -5) public class ItemSpecificRoleMacroWithUserID extends ItemSpecificRoleMacro { @Override diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/NoOwnerRoleMacro.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/NoOwnerRoleMacro.java index 28552abe..2d49092a 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/NoOwnerRoleMacro.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/NoOwnerRoleMacro.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -33,7 +33,7 @@ /** * Checks if item has no ownership. - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev * @since 0.2 */ @Extension(optional = true) diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/OwnerRoleMacro.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/OwnerRoleMacro.java index 1f8451c9..43978f16 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/OwnerRoleMacro.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/OwnerRoleMacro.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -33,10 +33,10 @@ /** * Provides owner RoleMacro for the role-based strategy. - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev * @since 0.2 */ -@Extension(optional = true) +@Extension(optional = true, ordinal = -1000) public class OwnerRoleMacro extends AbstractOwnershipRoleMacro { @Override @@ -50,8 +50,16 @@ public String getDescription() { } @Override - public boolean hasPermission(String sid, Permission p, RoleType type, AccessControlled item, Macro macro) { - User user = User.get(sid, false, null); + public boolean hasPermission(String sid, Permission p, RoleType type, AccessControlled item, Macro macro) { + // Check for null or empty SID - deny access in such cases + if (sid == null) { + return false; + } + if (sid.trim().isEmpty()) { + return false; + } + + User user = User.getById(sid, false); return hasPermission(user, type, item, macro, false); } } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/OwnerRoleMacroNoSid.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/OwnerRoleMacroNoSid.java index b724187b..f76002d0 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/OwnerRoleMacroNoSid.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/OwnerRoleMacroNoSid.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -24,20 +24,22 @@ package com.synopsys.arc.jenkins.plugins.ownership.security.rolestrategy; import com.synopsys.arc.jenkins.plugins.ownership.Messages; -import static com.synopsys.arc.jenkins.plugins.ownership.security.rolestrategy.AbstractOwnershipRoleMacro.hasPermission; import com.synopsys.arc.jenkins.plugins.rolestrategy.Macro; import com.synopsys.arc.jenkins.plugins.rolestrategy.RoleType; import hudson.Extension; import hudson.model.User; import hudson.security.AccessControlled; import hudson.security.Permission; +import org.jenkinsci.plugins.ownership.integrations.rolestrategy.macros.CurrentUserIsPrimaryOwnerMacro; /** * Provides owner RoleMacro for the role-based strategy (w/o Sid check). - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev * @since 0.2 + * @deprecated Use {@link CurrentUserIsPrimaryOwnerMacro} */ -@Extension(optional = true) +@Deprecated +@Extension(optional = true, ordinal = -1000) public class OwnerRoleMacroNoSid extends AbstractOwnershipRoleMacro { @Override diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/AbstractOwnershipHelper.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/AbstractOwnershipHelper.java index 8124f86d..6fc9903b 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/AbstractOwnershipHelper.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/AbstractOwnershipHelper.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -24,34 +24,27 @@ package com.synopsys.arc.jenkins.plugins.ownership.util; import com.synopsys.arc.jenkins.plugins.ownership.IOwnershipHelper; -import com.synopsys.arc.jenkins.plugins.ownership.Messages; import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin; -import org.jenkinsci.plugins.ownership.util.mail.MailFormatter; import hudson.model.User; -import java.io.UnsupportedEncodingException; -import java.util.ArrayList; -import java.util.Arrays; import java.util.Collection; -import java.util.List; -import java.util.Set; +import java.util.Collections; import javax.annotation.CheckForNull; import javax.annotation.Nonnull; + +import hudson.security.Permission; import jenkins.model.Jenkins; +import org.jenkinsci.plugins.ownership.model.OwnershipInfo; /** * Provides basic operations for ownership helpers. * @param An item type, which is supported by the class. * @since 0.0.4 - * @author Oleg Nenashev + * @author Oleg Nenashev */ public abstract class AbstractOwnershipHelper implements IOwnershipHelper { - /**An empty collection of users*/ - protected final static Collection EMPTY_USERS_COLLECTION = new ArrayList(0); - - @Override public final @Nonnull String getDisplayName(@CheckForNull User usr) { return UserStringFormatter.format(usr); @@ -87,6 +80,52 @@ public final boolean isOwnerExists(@Nonnull TObjectType item) { @Override public Collection getPossibleOwners(TObjectType item) { - return EMPTY_USERS_COLLECTION; + return Collections.emptyList(); + } + + //TODO: promote to interface + /** + * Checks if the summary box should be displayed. + * @param item Current item + * @return {@code true} if the summary box should be displayed (even if there is no data); + * @since 0.8 + */ + public boolean isDisplayOwnershipSummaryBox(@Nonnull TObjectType item) { + // If there is no data, check global options + if (!getOwnershipDescription(item).isOwnershipEnabled()) { + return !OwnershipPlugin.getInstance().getConfiguration().getDisplayOptions().isHideOwnershipIfNoData(); + } + + return true; + } + + /** + * Gets ownership info of the requested item. + * @param item Item to be described + * @return Ownership description. The method returns a + * {@link OwnershipDescription#DISABLED_DESCR} + * @since 0.9 + */ + @Nonnull + public abstract OwnershipInfo getOwnershipInfo(@Nonnull TObjectType item); + + /** + * Gets permission required to manage ownership for the item. + * {@link Jenkins#ADMINISTER} by default if not overridden. + * @return Permission which is needed to change ownership. + * @since TODO + */ + @Nonnull + public Permission getRequiredPermission() { + return Jenkins.ADMINISTER; } + + /** + * Check if the objeck has locally defined ownership info. + * @param item Item + * @return {@code true} if the object has ownership defined locally. + * {@code false} will be returned otherwise, even if ownership is inherited. + * @since TODO + */ + public boolean hasLocallyDefinedOwnership(@Nonnull TObjectType item) { return false; } } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/HTMLFormatter.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/HTMLFormatter.java index 29c08963..c16e70f3 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/HTMLFormatter.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/HTMLFormatter.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -23,16 +23,20 @@ */ package com.synopsys.arc.jenkins.plugins.ownership.util; +import hudson.Functions; import hudson.model.User; + import javax.annotation.CheckForNull; import javax.annotation.Nonnull; + import jenkins.model.Jenkins; + import org.kohsuke.accmod.Restricted; import org.kohsuke.accmod.restrictions.NoExternalUse; /** * Provides additional formatters for jelly layout. - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev * @since 0.2 */ @Restricted(NoExternalUse.class) @@ -44,9 +48,9 @@ public class HTMLFormatter { * @return User e-mail in the following format: <user@doma.in> */ public static @CheckForNull String formatEmailURI(@Nonnull String userId) { - String email = UserStringFormatter.formatEmail(userId); + String email = Functions.escape(UserStringFormatter.formatEmail(userId)); if (email != null) { - return "<"+email+">"; + return "<"+email+">"; } else { return null; } @@ -61,12 +65,19 @@ public class HTMLFormatter { } public static @Nonnull String formatUserURI(@Nonnull String userId, boolean useLongFormat) { - User usr = User.get(userId, false, null); + User usr = User.getById(userId, false); if (usr != null) { String userStr = useLongFormat ? usr.getDisplayName() : UserStringFormatter.formatShort(usr.getId()); - return ""+userStr+""; + // URL-encoding for the URL part, HTML-escaping for the link text + try { + String encodedUserId = java.net.URLEncoder.encode(userId, "UTF-8"); + return ""+Functions.escape(userStr)+""; + } catch (java.io.UnsupportedEncodingException e) { + // Fallback to original behavior if encoding fails + return ""+Functions.escape(userStr)+""; + } } else { // just return name w/o hyperlink return userId + " (unregistered)"; } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/IdStrategyComparator.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/IdStrategyComparator.java new file mode 100644 index 00000000..af51e58e --- /dev/null +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/IdStrategyComparator.java @@ -0,0 +1,28 @@ +package com.synopsys.arc.jenkins.plugins.ownership.util; + +import hudson.security.SecurityRealm; +import java.util.Comparator; +import jenkins.model.IdStrategy; +import jenkins.model.Jenkins; + + +public class IdStrategyComparator implements Comparator { + + private final SecurityRealm securityRealm; + private final IdStrategy groupIdStrategy; + private final IdStrategy userIdStrategy; + + public IdStrategyComparator() { + securityRealm = Jenkins.get().getSecurityRealm(); + groupIdStrategy = securityRealm.getGroupIdStrategy(); + userIdStrategy = securityRealm.getUserIdStrategy(); + } + + public int compare(String o1, String o2) { + int r = userIdStrategy.compare(o1, o2); + if (r == 0) { + r = groupIdStrategy.compare(o1, o2); + } + return r; + } +} diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/OwnershipDescriptionHelper.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/OwnershipDescriptionHelper.java index a359770d..f24ab958 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/OwnershipDescriptionHelper.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/OwnershipDescriptionHelper.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -24,34 +24,70 @@ package com.synopsys.arc.jenkins.plugins.ownership.util; import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import java.util.Set; +import java.util.TreeSet; import javax.annotation.Nonnull; +import org.kohsuke.accmod.Restricted; +import org.kohsuke.accmod.restrictions.NoExternalUse; +//TODO: Do we really need this helper class now? +//TODO co-owners have not been renamed to secondary owners, but it's an internal-only class /** * Provides handlers for ownership description. - * @author Oleg Nenashev , Synopsys Inc. - * @since 0.4 + * @author Oleg Nenashev + * @since 0.4 - Public API class + * @since TODO - Class API is restricted, use OwnershipDescription instead * @see OwnershipDescription */ +@Restricted(NoExternalUse.class) public class OwnershipDescriptionHelper { private OwnershipDescriptionHelper() {} /** - * Gets id of the owner. + * Gets ID of the primary owner. * @param descr Ownership description * @return userId of the primary owner. The result will be "unknown" if the * user is not specified. + * @deprecated Use {@link #getPrimaryOwnerId(com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription)} */ - public static @Nonnull String getOwnerID(@Nonnull OwnershipDescription descr) { + @Nonnull + @Deprecated + public static String getOwnerID(@Nonnull OwnershipDescription descr) { + return getPrimaryOwnerId(descr); + } + + /** + * Gets id of the primary owner. + * @param descr Ownership description + * @return userId of the primary owner. The result will be "unknown" if the + * user is not specified. + */ + @Nonnull + public static String getPrimaryOwnerId(@Nonnull OwnershipDescription descr) { return descr.getPrimaryOwnerId(); } /** * Gets owner's e-mail. * @param descr Ownership description - * @return Owner's e-mail or empty string if it is not available + * @return Owner's e-mail or empty string if it is not available + * @deprecated Use {@link #getPrimaryOwnerEmail(com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription)} */ + @Nonnull + @Deprecated public static String getOwnerEmail(@Nonnull OwnershipDescription descr) { + return getPrimaryOwnerEmail(descr); + } + + /** + * Gets e-mail of the primary owner. + * @param descr Ownership description + * @return Owner's e-mail or empty string if it is not available + * @since 0.9 + */ + @Nonnull + public static String getPrimaryOwnerEmail(@Nonnull OwnershipDescription descr) { String ownerEmail = UserStringFormatter.formatEmail(descr.getPrimaryOwnerId()); return ownerEmail != null ? ownerEmail : ""; } @@ -59,12 +95,46 @@ public static String getOwnerEmail(@Nonnull OwnershipDescription descr) { /** * Gets a comma-separated list of co-owners. * @param descr Ownership description + * @param includeOwner Include owner to the list + * @return Set of co-owner user IDs + * @since 0.9 + */ + @Nonnull + public static Set getSecondaryOwnerIds(@Nonnull OwnershipDescription descr, boolean includeOwner) { + Set res = new TreeSet<>(); + if (includeOwner) { + res.add(getPrimaryOwnerId(descr)); + } + for (String userId : descr.getSecondaryOwnerIds()) { + res.add(userId); + } + return res; + } + + /** + * Gets a comma-separated list of co-owners. + * Owner will be also considered as co-owner. + * @param descr Ownership description * @return List of co-owner user IDs + * @deprecated Use {@link #getAllOwnerIdsString(com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription)} + */ + @Deprecated + @Nonnull + public static String getCoOwnerIDs(@Nonnull OwnershipDescription descr) { + return getAllOwnerEmailsString(descr); + } + + /** + * Gets a comma-separated list of primary and secondary owners. + * @param descr Ownership description + * @return String containing comma-separated list of owner user IDs + * @since 0.9 */ - public static @Nonnull String getCoOwnerIDs(@Nonnull OwnershipDescription descr) { - StringBuilder coowners= new StringBuilder(getOwnerID(descr)); - for (String userId : descr.getCoownersIds()) { - if (coowners.length() == 0) { + @Nonnull + public static String getAllOwnerIdsString(@Nonnull OwnershipDescription descr) { + StringBuilder coowners= new StringBuilder(); + for (String userId : getSecondaryOwnerIds(descr, true)) { + if (coowners.length() != 0) { coowners.append(","); } coowners.append(userId); @@ -73,21 +143,41 @@ public static String getOwnerEmail(@Nonnull OwnershipDescription descr) { } /** - * Gets e-mails of co-owners. + * Gets e-mails of secondary owners (including owner if required). * @param descr Ownership description - * @return Comma-separated list of co-owner e-mails (may be empty) + * @param includeOwner Include owner to the list + * @return Set of secondary owner emails + * @since 0.9 */ - public static String getCoOwnerEmails(@Nonnull OwnershipDescription descr) { - StringBuilder coownerEmails=new StringBuilder(getOwnerEmail(descr)); - for (String userId : descr.getCoownersIds()) { + public static Set getSecondaryOwnerEmails(@Nonnull OwnershipDescription descr, boolean includeOwner) { + Set res = new TreeSet<>(); + + if (includeOwner) { + res.add(getOwnerEmail(descr)); + } + for (String userId : descr.getSecondaryOwnerIds()) { String coownerEmail = UserStringFormatter.formatEmail(userId); if (coownerEmail != null) { - if (coownerEmails.length() != 0) { - coownerEmails.append(","); - } - coownerEmails.append(coownerEmail); + res.add(coownerEmail); } } + return res; + } + + /** + * Gets e-mails of secondary owners (including primary owner). + * @param descr Ownership description + * @return Comma-separated list of secondary owner e-mails (may be empty) + * @since 0.9 + */ + public static String getAllOwnerEmailsString(@Nonnull OwnershipDescription descr) { + StringBuilder coownerEmails=new StringBuilder(); + for (String coownerEmail : getSecondaryOwnerEmails(descr, true)) { + if (coownerEmails.length() != 0) { + coownerEmails.append(","); + } + coownerEmails.append(coownerEmail); + } return coownerEmails.toString(); } } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/UserCollectionFilter.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/UserCollectionFilter.java index e528d949..7d72710c 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/UserCollectionFilter.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/UserCollectionFilter.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -36,7 +36,7 @@ /** * Filters {@link Collection}s of {@link User}s. - * @author Oleg Nenashev + * @author Oleg Nenashev * @since 0.1 */ @Restricted(NoExternalUse.class) @@ -46,13 +46,13 @@ public class UserCollectionFilter { public static Collection filterUsers(@Nonnull Collection input, boolean enableSort, @Nonnull IUserFilter... filters) { // Sort users UserComparator comparator = new UserComparator(); - LinkedList userList = new LinkedList(User.getAll()); + LinkedList userList = new LinkedList<>(User.getAll()); if (enableSort) { Collections.sort(userList, comparator); } // Prepare new list - Collection res = new ArrayList(); + Collection res = new ArrayList<>(); for (User user : userList) { if (user == null) { continue; diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/UserStringFormatter.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/UserStringFormatter.java index 861e5050..86a1b6a8 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/UserStringFormatter.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/UserStringFormatter.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -32,7 +32,7 @@ /** * Helper for User string formatting. - * @author Oleg Nenashev + * @author Oleg Nenashev */ @Restricted(NoExternalUse.class) public class UserStringFormatter { @@ -49,7 +49,7 @@ public class UserStringFormatter { } public static @Nonnull String format(@Nonnull String userId) { - return format(User.get(userId, false, null)); + return format(User.getById(userId, false)); } public static @Nonnull String formatShort(@CheckForNull String userId) { @@ -63,7 +63,7 @@ public class UserStringFormatter { * @since 0.2 */ public static @CheckForNull String formatEmail(@Nonnull String userId) { - return formatEmail(User.get(userId, false, null)); + return formatEmail(User.getById(userId, false)); } public static @CheckForNull String formatEmail(@CheckForNull User user) { diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/UserValidator.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/UserValidator.java index ae52eac8..916f3c2d 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/UserValidator.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/UserValidator.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -23,12 +23,11 @@ */ package com.synopsys.arc.jenkins.plugins.ownership.util; -import hudson.util.FormValidation; - /** * @deprecated Old non-used stuff, which will be deleted in further versions - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev */ +@Deprecated public class UserValidator { } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/UserWrapper.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/UserWrapper.java index 2ef18f36..58721d4b 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/UserWrapper.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/UserWrapper.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -23,6 +23,7 @@ */ package com.synopsys.arc.jenkins.plugins.ownership.util; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import hudson.model.User; import javax.annotation.Nonnull; import org.kohsuke.accmod.Restricted; @@ -30,7 +31,7 @@ /** * Implements a wrapper, which allows to implement the "non-existent" user macro. - * @author Oleg Nenashev + * @author Oleg Nenashev * @since 0.1 */ @Restricted(NoExternalUse.class) @@ -59,20 +60,29 @@ public UserWrapper(@Nonnull String userMacro) { this.macro = userMacro; } else { this.isUser = true; - this.user = User.get(userMacro, false, null); + this.user = User.getById(userMacro, false); // throw new UnsupportedOperationException("User macro must start with prefix '"+USER_MACRO_PREFIX+"'"); } } + /** + * @deprecated Use {@link #isUser() } + */ + @Deprecated + @SuppressFBWarnings(value = "NM_METHOD_NAMING_CONVENTION") public boolean IsUser() { return isUser; } + + public boolean isUser() { + return isUser; + } /** * Gets id of the user (calls User.getId() or returns macro). * - * @return + * @return ID or macro */ public String getId() { return isUser ? user.getId() : macro; @@ -84,7 +94,7 @@ public String toString() { } public boolean meetsMacro(String userId) { - // Handle macroses and get effective user's id + // Handle macros and get effective user's id String comparedId; if (isUser) { if (user == null) { @@ -100,7 +110,7 @@ public boolean meetsMacro(String userId) { } // Check - return comparedId.equals(userId); + return User.idStrategy().equals(comparedId, userId); } } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/ui/OwnershipLayoutFormatter.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/ui/OwnershipLayoutFormatter.java index f1c25037..febb2b4e 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/ui/OwnershipLayoutFormatter.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/ui/OwnershipLayoutFormatter.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2014 Oleg Nenashev . + * Copyright 2014 Oleg Nenashev * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -25,29 +25,62 @@ package com.synopsys.arc.jenkins.plugins.ownership.util.ui; import com.synopsys.arc.jenkins.plugins.ownership.IOwnershipHelper; -import com.synopsys.arc.jenkins.plugins.ownership.Messages; import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPluginConfiguration; import com.synopsys.arc.jenkins.plugins.ownership.util.HTMLFormatter; import org.jenkinsci.plugins.ownership.util.mail.OwnershipMailHelper; import javax.annotation.Nonnull; /** * Formats layouts for UI interfaces. - * This extension is being used by {@link OwnershipLayoutFormatterProvider}. * @param Type of object, for which ownership should be resolved - * @see OwnershipLayoutFormatterProvider * @since 0.5 - * @author Oleg Nenashev + * @author Oleg Nenashev */ public abstract class OwnershipLayoutFormatter { - public abstract String formatUser(@Nonnull TObjectType item, String userId); + @Nonnull + public abstract String formatUser(@Nonnull TObjectType item, @Nonnull String userId); - public String formatOwner(@Nonnull TObjectType item, String userId) { + /** + * Formats primary owner. + * @param item Item, for which the formatting is being performed + * @param userId User ID + * @return Raw HTML with user format + * @since 0.9 + */ + @Nonnull + public String formatPrimaryOwner(@Nonnull TObjectType item, @Nonnull String userId) { + return formatOwner(item, userId); + } + + /** + * @deprecated Use {@link #formatPrimaryOwner(java.lang.Object, java.lang.String)} + */ + @Deprecated + @Nonnull + public String formatOwner(@Nonnull TObjectType item, @Nonnull String userId) { return formatUser(item, userId); } - public String formatCoOwner(@Nonnull TObjectType item, String userId) { + /** + * Formats secondary owner. + * @param item Item, for which the formatting is being performed + * @param userId User ID + * @return Raw HTML with user format + * @since 0.9 + */ + @Nonnull + public String formatSecondaryOwner(@Nonnull TObjectType item, @Nonnull String userId) { + return formatCoOwner(item, userId); + } + + /** + * @deprecated Use {@link #formatSecondaryOwner(java.lang.Object, java.lang.String)} + */ + @Deprecated + @Nonnull + public String formatCoOwner(@Nonnull TObjectType item, @Nonnull String userId) { return formatUser(item, userId); } @@ -77,10 +110,19 @@ public static class DefaultJobFormatter extends OwnershipLayoutForm @Override public String formatUser(TObjectType item, String userId) { - final String userURI = HTMLFormatter.formatUserURI(userId, true); - final String userEmail = HTMLFormatter.formatEmailURI(userId); - final String userInfoHTML = userURI + (userEmail != null ? " " + userEmail : ""); - return userInfoHTML; + StringBuilder rawHtmlBuilder = new StringBuilder(); + rawHtmlBuilder.append(HTMLFormatter.formatUserURI(userId, true)); + + // Append e-mail to the output if it is not prohibited. + if (!OwnershipPluginConfiguration.get().getMailOptions().isHideOwnerAndCoOwnerEmails()) { + final String userEmail = HTMLFormatter.formatEmailURI(userId); + if (userEmail != null) { + rawHtmlBuilder.append(' '); + rawHtmlBuilder.append(userEmail); + } + } + + return rawHtmlBuilder.toString(); } @Override diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/ui/UserSelector.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/ui/UserSelector.java index 59e11f79..b93b57a3 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/ui/UserSelector.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/ui/UserSelector.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -31,13 +31,16 @@ import hudson.util.FormValidation; import java.io.Serializable; import javax.annotation.CheckForNull; + +import org.kohsuke.accmod.Restricted; +import org.kohsuke.accmod.restrictions.NoExternalUse; import org.kohsuke.stapler.DataBoundConstructor; import org.kohsuke.stapler.QueryParameter; /** * Describable Item, which allows to configure user. * Features: validation - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev */ //TODO: Autocompletion public class UserSelector implements Describable, Serializable { @@ -84,14 +87,15 @@ public static class DescriptorImpl extends Descriptor { public String getDisplayName() { return "N/A"; } - + + @Restricted(NoExternalUse.class) public FormValidation doCheckSelectedUserId(@QueryParameter String selectedUserId) { selectedUserId = Util.fixEmptyAndTrim(selectedUserId); if (selectedUserId == null) { return FormValidation.error("Field is empty. Field will be ignored"); } - User usr = User.get(selectedUserId, false, null); + User usr = User.getById(selectedUserId, false); if (usr == null) { return FormValidation.warning("User " + selectedUserId + " is not registered in Jenkins"); } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/userFilters/AccessRightsFilter.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/userFilters/AccessRightsFilter.java index 03df226f..ab80096d 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/userFilters/AccessRightsFilter.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/userFilters/AccessRightsFilter.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -34,7 +34,7 @@ /** * Filters user according to access rights to specified item. - * @author Oleg Nenashev + * @author Oleg Nenashev * @since 0.1 */ public class AccessRightsFilter implements IUserFilter { diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/userFilters/IUserFilter.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/userFilters/IUserFilter.java index 3db91e31..fab31669 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/userFilters/IUserFilter.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/userFilters/IUserFilter.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -28,7 +28,7 @@ /** * Provides filtering of users. - * @author Oleg Nenashev + * @author Oleg Nenashev * @since 0.1 */ public interface IUserFilter { diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/userFilters/UserComparator.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/userFilters/UserComparator.java index d69690a2..f7db36ac 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/userFilters/UserComparator.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/util/userFilters/UserComparator.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,7 +29,7 @@ /** * Compares two {@link User}s by their full names. - * @author Oleg Nenashev + * @author Oleg Nenashev * @since 0.1 */ public class UserComparator implements java.util.Comparator, Serializable diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/wrappers/OwnershipBuildWrapper.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/wrappers/OwnershipBuildWrapper.java index 0a825473..e175ddb7 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/wrappers/OwnershipBuildWrapper.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/wrappers/OwnershipBuildWrapper.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Oleg Nenashev , Synopsys Inc. + * Copyright 2013 Oleg Nenashev, Synopsys Inc. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -24,6 +24,7 @@ package com.synopsys.arc.jenkins.plugins.ownership.wrappers; import com.synopsys.arc.jenkins.plugins.ownership.Messages; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; import hudson.Extension; import hudson.Launcher; import hudson.model.AbstractBuild; @@ -39,19 +40,19 @@ /** * Provides wrapper, which injects ownership variables into the build environment. * The wrapper support both slave and node ownership information. - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev * @since 0.2 */ public class OwnershipBuildWrapper extends BuildWrapper { private @Nonnull EnvSetupOptions envSetupOptions; @Deprecated - private transient final boolean injectNodeOwnership = false; + private static final transient boolean injectNodeOwnership = false; @Deprecated - private transient final boolean injectJobOwnership = false; + private static final transient boolean injectJobOwnership = false; @DataBoundConstructor - public OwnershipBuildWrapper(EnvSetupOptions envSetupOptions) { + public OwnershipBuildWrapper(@Nonnull EnvSetupOptions envSetupOptions) { this.envSetupOptions = envSetupOptions; } @@ -59,6 +60,7 @@ public OwnershipBuildWrapper(boolean injectJobOwnership, boolean injectNodeOwner this(new EnvSetupOptions(injectJobOwnership, injectNodeOwnership)); } + @SuppressFBWarnings(value = "RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE", justification = "Migration of the old data") public Object readResolve() { if (envSetupOptions == null) { envSetupOptions = new EnvSetupOptions(injectJobOwnership, injectNodeOwnership); @@ -69,7 +71,7 @@ public Object readResolve() { @Override public Environment setUp(AbstractBuild build, Launcher launcher, BuildListener listener) throws IOException, InterruptedException { return new Environment() { - // Empty instantination. The entire code has been moved to OwnershipRunListener + // Empty instantiation. The entire code has been moved to OwnershipRunListener }; } diff --git a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/wrappers/OwnershipTokenMacro.java b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/wrappers/OwnershipTokenMacro.java index 43f92107..5fafd788 100644 --- a/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/wrappers/OwnershipTokenMacro.java +++ b/src/main/java/com/synopsys/arc/jenkins/plugins/ownership/wrappers/OwnershipTokenMacro.java @@ -1,7 +1,7 @@ /* * The MIT License * - * Copyright 2013 Synopsys Inc., Oleg Nenashev + * Copyright 2013 Synopsys Inc., Oleg Nenashev * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal @@ -29,6 +29,7 @@ import com.synopsys.arc.jenkins.plugins.ownership.util.OwnershipDescriptionHelper; import hudson.Extension; import hudson.model.AbstractBuild; +import hudson.model.Node; import hudson.model.TaskListener; import java.io.IOException; import org.jenkinsci.plugins.tokenmacro.DataBoundTokenMacro; @@ -39,7 +40,7 @@ * This macro allows to extract information about ownership. * An information type can be specified by additional var parameter * (see {@link OwnershipFunction} to get a list of supported operations). - * @author Oleg Nenashev , Synopsys Inc. + * @author Oleg Nenashev * @since 0.4 */ @Extension(optional = true) @@ -72,10 +73,19 @@ public String evaluate(AbstractBuild ab, TaskListener tl, String string) t } OwnershipDescription job = JobOwnerHelper.Instance.getOwnershipDescription(ab.getProject()); - OwnershipDescription node = NodeOwnerHelper.Instance.getOwnershipDescription(ab.getBuiltOn()); - return func.evaluate(job, node); + + // Get data for node + final Node node = ab.getBuiltOn(); + OwnershipDescription nodeDescription = node != null + ? NodeOwnerHelper.Instance.getOwnershipDescription(node) + : OwnershipDescription.DISABLED_DESCR; + + // Evaluate the macro + return func.evaluate(job, nodeDescription); } - + + // TODO: This implementation needs some polishing in order to address naming changes + // in primary and secondary owners private static enum OwnershipFunction { JOB_OWNER(true), JOB_OWNER_EMAIL(true), @@ -86,7 +96,7 @@ private static enum OwnershipFunction { NODE_COOWNERS(false), NODE_COOWNERS_EMAILS(false); - private boolean isJob; + private final boolean isJob; private OwnershipFunction(boolean isJob) { this.isJob = isJob; @@ -110,21 +120,21 @@ public String evaluate(OwnershipDescription job, OwnershipDescription node) thro switch(this) { case JOB_OWNER: - return OwnershipDescriptionHelper.getOwnerID(job); + return OwnershipDescriptionHelper.getPrimaryOwnerId(job); case JOB_OWNER_EMAIL: - return OwnershipDescriptionHelper.getOwnerEmail(job); + return OwnershipDescriptionHelper.getPrimaryOwnerEmail(job); case JOB_COOWNERS: - return OwnershipDescriptionHelper.getCoOwnerIDs(job); + return OwnershipDescriptionHelper.getAllOwnerIdsString(job); case JOB_COOWNERS_EMAILS: - return OwnershipDescriptionHelper.getCoOwnerEmails(job); + return OwnershipDescriptionHelper.getAllOwnerEmailsString(job); case NODE_OWNER: - return OwnershipDescriptionHelper.getOwnerID(node); + return OwnershipDescriptionHelper.getPrimaryOwnerId(node); case NODE_OWNER_EMAIL: - return OwnershipDescriptionHelper.getOwnerEmail(node); + return OwnershipDescriptionHelper.getPrimaryOwnerEmail(node); case NODE_COOWNERS: - return OwnershipDescriptionHelper.getCoOwnerIDs(node); + return OwnershipDescriptionHelper.getAllOwnerIdsString(node); case NODE_COOWNERS_EMAILS: - return OwnershipDescriptionHelper.getCoOwnerEmails(node); + return OwnershipDescriptionHelper.getAllOwnerEmailsString(node); default: throw new IOException(this+" ownership function is not implemented"); } diff --git a/src/main/java/org/jenkinsci/plugins/ownership/config/DisplayOptions.java b/src/main/java/org/jenkinsci/plugins/ownership/config/DisplayOptions.java new file mode 100644 index 00000000..857b1a70 --- /dev/null +++ b/src/main/java/org/jenkinsci/plugins/ownership/config/DisplayOptions.java @@ -0,0 +1,86 @@ +/* + * The MIT License + * + * Copyright 2015 Oleg Nenashev + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package org.jenkinsci.plugins.ownership.config; + +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPluginConfiguration; +import hudson.Extension; +import hudson.model.Describable; +import hudson.model.Descriptor; + +import org.jenkinsci.plugins.ownership.model.runs.RunOwnershipAction; +import org.kohsuke.stapler.DataBoundConstructor; + +/** + * Stores display options for {@link OwnershipPlugin}. + * This section is attached as an advanced section to {@link OwnershipPluginConfiguration}. + * @author Oleg Nenashev + * @since 0.8 + */ +public class DisplayOptions implements Describable { + + public static final DisplayOptions DEFAULT = new DisplayOptions(false, false); + + private final boolean hideRunOwnership; + private final boolean hideOwnershipIfNoData; + + @DataBoundConstructor + public DisplayOptions(boolean hideRunOwnership, boolean hideOwnershipIfNoData) { + this.hideRunOwnership = hideRunOwnership; + this.hideOwnershipIfNoData = hideOwnershipIfNoData; + } + + /** + * Disables Run summary boxes in {@link RunOwnershipAction}. + * @return {@code true} if {@link RunOwnershipAction}'s summary box should not be displayed. + */ + public boolean isHideRunOwnership() { + return hideRunOwnership; + } + + /** + * Does not display Ownership summary boxes if Ownership is not configured. + * @return {@code true} to hide empty Ownership summary boxes. + */ + public boolean isHideOwnershipIfNoData() { + return hideOwnershipIfNoData; + } + + @Extension + public static final DescriptorImpl DESCRIPTOR = new DescriptorImpl(); + + @Override + public DescriptorImpl getDescriptor() { + return DESCRIPTOR; + } + + public static class DescriptorImpl extends Descriptor { + + @Override + public String getDisplayName() { + return "N/A"; + } + } +} diff --git a/src/main/java/org/jenkinsci/plugins/ownership/config/InheritanceOptions.java b/src/main/java/org/jenkinsci/plugins/ownership/config/InheritanceOptions.java new file mode 100644 index 00000000..eb9ca998 --- /dev/null +++ b/src/main/java/org/jenkinsci/plugins/ownership/config/InheritanceOptions.java @@ -0,0 +1,81 @@ +/* + * The MIT License + * + * Copyright 2016 Oleg Nenashev + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package org.jenkinsci.plugins.ownership.config; + +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPluginConfiguration; +import com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerHelper; +import hudson.Extension; +import hudson.model.Describable; +import hudson.model.Descriptor; +import hudson.model.ItemGroup; +import org.jenkinsci.plugins.ownership.model.folders.FolderOwnershipHelper; +import org.kohsuke.stapler.DataBoundConstructor; + +/** + * Stores inheritance options for {@link OwnershipPlugin}. + * This section is attached as an advanced section to {@link OwnershipPluginConfiguration}. + * These options has been created + * @author Oleg Nenashev + * @since 0.9 + */ +public class InheritanceOptions implements Describable { + + public static final InheritanceOptions DEFAULT = new InheritanceOptions(false); + + private final boolean blockInheritanceFromItemGroups; + + @DataBoundConstructor + public InheritanceOptions(boolean blockInheritanceFromItemGroups) { + this.blockInheritanceFromItemGroups = blockInheritanceFromItemGroups; + } + + /** + * Blocks ownership inheritance from {@link ItemGroup}s. + * This inheritance is used in {@link JobOwnerHelper} and {@link FolderOwnershipHelper} + * in order to retrieve the info from parent folders. + * Such inheritance may impact the performance of Jenkins instance, hence it is possible to disable it. + * @return {@code true} if ownership inheritance should be blocked. + */ + public boolean isBlockInheritanceFromItemGroups() { + return blockInheritanceFromItemGroups; + } + + @Extension + public static final DescriptorImpl DESCRIPTOR = new DescriptorImpl(); + + @Override + public DescriptorImpl getDescriptor() { + return DESCRIPTOR; + } + + public static class DescriptorImpl extends Descriptor { + + @Override + public String getDisplayName() { + return "N/A"; + } + } +} diff --git a/src/main/java/org/jenkinsci/plugins/ownership/config/PreserveOwnershipPolicy.java b/src/main/java/org/jenkinsci/plugins/ownership/config/PreserveOwnershipPolicy.java new file mode 100644 index 00000000..641a6aa2 --- /dev/null +++ b/src/main/java/org/jenkinsci/plugins/ownership/config/PreserveOwnershipPolicy.java @@ -0,0 +1,42 @@ +package org.jenkinsci.plugins.ownership.config; + +import com.synopsys.arc.jenkins.plugins.ownership.Messages; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import com.synopsys.arc.jenkins.plugins.ownership.extensions.ItemOwnershipPolicy; +import com.synopsys.arc.jenkins.plugins.ownership.extensions.ItemOwnershipPolicyDescriptor; +import com.synopsys.arc.jenkins.plugins.ownership.util.AbstractOwnershipHelper; +import hudson.Extension; +import hudson.model.Item; +import org.jenkinsci.plugins.ownership.model.OwnershipHelperLocator; +import org.kohsuke.stapler.DataBoundConstructor; + +import javax.annotation.Nonnull; + +/** + * A policy, which keeps the previous job's ownership. + * @author cpuydebois + * @since TODO + */ +public class PreserveOwnershipPolicy extends ItemOwnershipPolicy { + + @DataBoundConstructor + public PreserveOwnershipPolicy() { + } + + @Override + public OwnershipDescription onCreated(@Nonnull Item item) { + AbstractOwnershipHelper helper = OwnershipHelperLocator.locate(item); + if (helper != null) { + return helper.getOwnershipDescription(item); + } + return null; + } + + @Extension + public static class DescriptorImpl extends ItemOwnershipPolicyDescriptor { + @Override + public String getDisplayName() { + return Messages.ItemOwnershipPolicy_PreserveOwnershipPolicy_displayName(); + } + } +} diff --git a/src/main/java/org/jenkinsci/plugins/ownership/integrations/rolestrategy/macros/CurrentUserIsOwnerMacro.java b/src/main/java/org/jenkinsci/plugins/ownership/integrations/rolestrategy/macros/CurrentUserIsOwnerMacro.java new file mode 100644 index 00000000..33cc11c0 --- /dev/null +++ b/src/main/java/org/jenkinsci/plugins/ownership/integrations/rolestrategy/macros/CurrentUserIsOwnerMacro.java @@ -0,0 +1,59 @@ +/* + * The MIT License + * + * Copyright 2013 Oleg Nenashev, Synopsys Inc. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.integrations.rolestrategy.macros; + +import com.synopsys.arc.jenkins.plugins.ownership.security.rolestrategy.AbstractOwnershipRoleMacro; +import com.synopsys.arc.jenkins.plugins.rolestrategy.Macro; +import com.synopsys.arc.jenkins.plugins.rolestrategy.RoleType; +import hudson.Extension; +import hudson.model.User; +import hudson.security.AccessControlled; +import hudson.security.Permission; +import org.jenkinsci.plugins.ownership.integrations.rolestrategy.Messages; + +/** + * Checks if the current user is an owner. + * Primary and secondary owners are fine. + * @author Oleg Nenashev + * @since 0.9 + */ +@Extension(optional = true) +public class CurrentUserIsOwnerMacro extends AbstractOwnershipRoleMacro { + + @Override + public String getName() { + return "CurrentUserIsOwner"; + } + + @Override + public String getDescription() { + return Messages.CurrentUserIsOwnerMacro_description(); + } + + @Override + public boolean hasPermission(String sid, Permission p, RoleType type, AccessControlled item, Macro macro) { + User user = User.current(); + return hasPermission(user, type, item, macro, true); + } +} diff --git a/src/main/java/org/jenkinsci/plugins/ownership/integrations/rolestrategy/macros/CurrentUserIsPrimaryOwnerMacro.java b/src/main/java/org/jenkinsci/plugins/ownership/integrations/rolestrategy/macros/CurrentUserIsPrimaryOwnerMacro.java new file mode 100644 index 00000000..a45ade2f --- /dev/null +++ b/src/main/java/org/jenkinsci/plugins/ownership/integrations/rolestrategy/macros/CurrentUserIsPrimaryOwnerMacro.java @@ -0,0 +1,58 @@ +/* + * The MIT License + * + * Copyright 2013 Oleg Nenashev, Synopsys Inc. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.integrations.rolestrategy.macros; + +import com.synopsys.arc.jenkins.plugins.ownership.security.rolestrategy.AbstractOwnershipRoleMacro; +import com.synopsys.arc.jenkins.plugins.rolestrategy.Macro; +import com.synopsys.arc.jenkins.plugins.rolestrategy.RoleType; +import hudson.Extension; +import hudson.model.User; +import hudson.security.AccessControlled; +import hudson.security.Permission; +import org.jenkinsci.plugins.ownership.integrations.rolestrategy.Messages; + +/** + * Checks if the current user is a primary owner of the item. + * @author Oleg Nenashev + * @since 0.9 + */ +@Extension(optional = true) +public class CurrentUserIsPrimaryOwnerMacro extends AbstractOwnershipRoleMacro { + + @Override + public String getName() { + return "CurrentUserIsPrimaryOwner"; + } + + @Override + public String getDescription() { + return Messages.CurrentUserIsPrimaryOwnerMacro_description(); + } + + @Override + public boolean hasPermission(String sid, Permission p, RoleType type, AccessControlled item, Macro macro) { + User user = User.current(); + return hasPermission(user, type, item, macro, false); + } +} diff --git a/src/main/java/org/jenkinsci/plugins/ownership/integrations/securityinspector/OwnerFilter.java b/src/main/java/org/jenkinsci/plugins/ownership/integrations/securityinspector/OwnerFilter.java new file mode 100644 index 00000000..3f4b378d --- /dev/null +++ b/src/main/java/org/jenkinsci/plugins/ownership/integrations/securityinspector/OwnerFilter.java @@ -0,0 +1,174 @@ +/* + * The MIT License + * + * Copyright 2017 Ksenia Nenasheva . + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.integrations.securityinspector; + +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import com.synopsys.arc.jenkins.plugins.ownership.util.AbstractOwnershipHelper; +import hudson.Util; +import hudson.model.Descriptor; +import hudson.model.Item; +import hudson.model.ItemGroup; +import hudson.model.TopLevelItem; +import hudson.model.User; +import java.util.ArrayList; +import java.util.Collection; +import java.util.Collections; +import java.util.List; +import java.util.logging.Level; +import java.util.logging.Logger; +import java.util.regex.Pattern; +import java.util.regex.PatternSyntaxException; +import javax.annotation.CheckForNull; +import javax.annotation.Nonnull; +import javax.servlet.ServletException; +import jenkins.model.Jenkins; +import org.jenkinsci.plugins.ownership.model.OwnershipHelperLocator; +import org.kohsuke.accmod.Restricted; +import org.kohsuke.accmod.restrictions.NoExternalUse; +import org.kohsuke.stapler.StaplerRequest; + +class OwnerFilter { + + private static final Logger LOGGER = Logger.getLogger(OwnerFilter.class.getName()); + + /** + * Include regex string. + */ + @CheckForNull + private final String includeRegex; + + /** + * Compiled include pattern from the includeRegex string. + */ + @CheckForNull + private final Pattern includePattern; + + /** + * Folder name for report + */ + @CheckForNull + private final String report4folder; + + /** + * Constructs empty filter. + */ + public OwnerFilter() { + this.includeRegex = null; + this.includePattern = null; + this.report4folder = null; + } + + @Restricted(NoExternalUse.class) + public OwnerFilter(@Nonnull StaplerRequest req) + throws Descriptor.FormException, ServletException { + if (req.getParameter("useincluderegex") != null) { + includeRegex = Util.nullify(req.getParameter("_.includeRegex")); + if (includeRegex == null) { + includePattern = null; + } else { + try { + includePattern = Pattern.compile(includeRegex); + } catch(PatternSyntaxException ex) { + throw new Descriptor.FormException(ex, "includeRegex"); + } + } + } else { + includeRegex = null; + includePattern = null; + } + + if (req.getParameter("usefolder") != null) { + report4folder = req.getParameter("selectedFolder"); + } else { + report4folder = null; + } + } + + @Nonnull + @Restricted(NoExternalUse.class) + public List doFilter(User owner) { + + final Jenkins jenkins = Jenkins.get(); + final List allItems; + + if (report4folder != null) { + Item folder = jenkins.getItem(report4folder); + if (folder instanceof ItemGroup) { + Collection items = ((ItemGroup)folder).getItems(); + allItems = new ArrayList<>(items.size()); + for (Item item : items) { + allItems.add(item); + } + allItems.add(folder); + } else { + LOGGER.log(Level.WARNING, report4folder + " is not an ItemGroup"); + return Collections.emptyList(); + } + } else { + allItems = jenkins.getAllItems(Item.class); + } + + String itemName; + + List items = new ArrayList<>(); + OwnershipDescription ownershipDescription; + AbstractOwnershipHelper located; + + for (Item item : allItems) { + + if (!(item instanceof TopLevelItem)) { + continue; + } + + located = OwnershipHelperLocator.locate(item); + if (located == null) { + continue; + } + + itemName = item.getFullName(); + ownershipDescription = located.getOwnershipDescription(item); + + if (ownershipDescription.isOwnershipEnabled() + && ownershipDescription.isOwner(owner, true)) { + + if (includePattern == null + || includePattern.matcher(itemName).matches()) { + items.add((TopLevelItem) item); + } + } + } + + return items; + } + + @CheckForNull + public Pattern getIncludePattern() { + return includePattern; + } + + @CheckForNull + public String getIncludeRegex() { + return includeRegex; + } +} diff --git a/src/main/java/org/jenkinsci/plugins/ownership/integrations/securityinspector/PermissionsForOwnerReportBuilder.java b/src/main/java/org/jenkinsci/plugins/ownership/integrations/securityinspector/PermissionsForOwnerReportBuilder.java new file mode 100644 index 00000000..f8d90685 --- /dev/null +++ b/src/main/java/org/jenkinsci/plugins/ownership/integrations/securityinspector/PermissionsForOwnerReportBuilder.java @@ -0,0 +1,230 @@ +/* + * The MIT License + * + * Copyright 2017 Ksenia Nenasheva . + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.integrations.securityinspector; + +import hudson.Extension; +import hudson.model.Computer; +import hudson.model.Descriptor; +import hudson.model.Item; +import hudson.model.TopLevelItem; +import hudson.model.User; +import hudson.model.View; +import hudson.security.Permission; +import hudson.security.PermissionGroup; +import java.util.HashSet; +import java.util.List; +import java.util.Set; +import java.util.logging.Level; +import java.util.logging.Logger; +import java.util.regex.Pattern; +import java.util.regex.PatternSyntaxException; +import javax.annotation.Nonnull; +import javax.servlet.ServletException; +import jenkins.model.Jenkins; +import org.acegisecurity.Authentication; +import org.acegisecurity.context.SecurityContext; +import org.acegisecurity.context.SecurityContextHolder; +import org.acegisecurity.userdetails.UsernameNotFoundException; +import org.jenkinsci.plugins.securityinspector.Messages; +import static org.jenkinsci.plugins.securityinspector.SecurityInspectorAction.getSessionId; +import org.jenkinsci.plugins.securityinspector.UserContextCache; +import org.jenkinsci.plugins.securityinspector.UserContext; +import org.jenkinsci.plugins.securityinspector.impl.users.UserReportBuilder; +import org.jenkinsci.plugins.securityinspector.model.PermissionReport; +import org.jenkinsci.plugins.securityinspector.model.SecurityInspectorReport; +import org.kohsuke.accmod.Restricted; +import org.kohsuke.accmod.restrictions.NoExternalUse; +import org.kohsuke.accmod.restrictions.suppressions.SuppressRestrictedWarnings; +import org.kohsuke.stapler.HttpResponses; +import org.kohsuke.stapler.StaplerRequest; + +@Extension(optional = true) +public class PermissionsForOwnerReportBuilder extends UserReportBuilder { + private static final Logger LOGGER = Logger.getLogger(PermissionsForOwnerReportBuilder.class.getName()); + @Override + public String getIcon() { + return "fingerprint.png"; + } + + @Override + public String getIndex() { + return "items-for-owner"; + } + + @Override + public String getDisplayName() { + return "Single any owner, multiple items"; + } + + @Override + public String getDescription() { + return "Display job permissions for the specified owner"; + } + + @Override + @SuppressRestrictedWarnings({UserContextCache.class}) + public void processParameters(StaplerRequest req) throws Descriptor.FormException, ServletException { + final String regex = req.getParameter("_.includeRegex"); + try { + Pattern.compile(regex); + } catch (PatternSyntaxException exception) { + throw new Descriptor.FormException(exception, "includeRegex"); + } + final String selectedItem = req.getParameter("selectedOwner"); + OwnerFilter filters = new OwnerFilter(req); + + User owner = User.get(selectedItem); + List selectedJobs = filters.doFilter(owner); + UserContextCache.updateSearchCache(selectedJobs, null, null, selectedItem); + } + + @Override + public SecurityInspectorReport getReport() { + Set items = getRequestedJobs(); + User user = getRequestedUser(); + final PermissionsForOwnerReportBuilder.ReportImpl report; + + // Impersonate to check the permission + final Authentication auth; + try { + auth = user.impersonate(); + } catch (UsernameNotFoundException ex) { + return new PermissionsForOwnerReportBuilder.ReportImpl(user); + } + + //TODO: rework the logic to guarantee that report is initialized + SecurityContext initialContext = null; + try { + initialContext = hudson.security.ACL.impersonate(auth); + report = PermissionsForOwnerReportBuilder.ReportImpl.createReport(items, user); + } finally { + if (initialContext != null) { + SecurityContextHolder.setContext(initialContext); + } + } + return report; + } + + @Nonnull + @Restricted(NoExternalUse.class) + @SuppressRestrictedWarnings({UserContextCache.class, UserContext.class}) + public Set getRequestedJobs() throws HttpResponses.HttpResponseException { + try { + UserContextCache cacheInstance = UserContextCache.getInstance(); + UserContext context = cacheInstance.get(getSessionId()); + + if (context == null) { + throw HttpResponses.error(404, "Context has not been found"); + } + + final List selectedJobs = context.getJobs(); + if (selectedJobs == null) { + throw HttpResponses.error(500, "The retrieved context does not contain job filter settings"); + } + + final Set res = new HashSet<>(selectedJobs.size()); + for (TopLevelItem item : selectedJobs) { + // TODO ??? + if (item != null) { + res.add(item); + } + } + return res; + } catch (Exception e) { + throw HttpResponses.error(500, "Failed to retrieve context: " + e.getMessage()); + } + } + + public static class ReportImpl extends PermissionReport { + + @Nonnull + final User user4report; + + /**package*/ ReportImpl(@Nonnull User user) { + this.user4report = user; + } + + @Override + public String getReportTargetName() { + return user4report.getDisplayName(); + } + + @Override + protected Boolean getEntryReport(TopLevelItem column, Permission item) { + + final Authentication auth; + try { + auth = user4report.impersonate(); + } catch (UsernameNotFoundException ex) { + return Boolean.FALSE; + } + + SecurityContext initialContext = null; + Item i = Jenkins.get().getItemByFullName(column.getFullName()); + if (i == null) { + return Boolean.FALSE; + } + try { + initialContext = hudson.security.ACL.impersonate(auth); + return i.hasPermission(item); + } finally { + if (initialContext != null) { + SecurityContextHolder.setContext(initialContext); + } + } + } + + public final void generateReport(@Nonnull Set rows) { + Set groups = new HashSet<>(PermissionGroup.getAll()); + groups.remove(PermissionGroup.get(Permission.class)); + groups.remove(PermissionGroup.get(Jenkins.class)); + groups.remove(PermissionGroup.get(Computer.class)); + groups.remove(PermissionGroup.get(View.class)); + + super.generateReport(rows, groups); + } + + @Nonnull + public static ReportImpl createReport(@Nonnull Set rows, @Nonnull User user) { + ReportImpl report = new ReportImpl(user); + report.generateReport(rows); + return report; + } + + @Override + public String getRowColumnHeader() { + return Messages.JobReport_RowColumnHeader(); + } + + @Override + public String getRowTitle(TopLevelItem row) { + return row.getFullDisplayName(); + } + + @Override + public boolean isEntryReportOk(TopLevelItem row, Permission item, Boolean report) { + return report != null ? report : false; + } + } +} diff --git a/src/main/java/org/jenkinsci/plugins/ownership/model/OwnershipDescriptionSource.java b/src/main/java/org/jenkinsci/plugins/ownership/model/OwnershipDescriptionSource.java new file mode 100644 index 00000000..74c7d785 --- /dev/null +++ b/src/main/java/org/jenkinsci/plugins/ownership/model/OwnershipDescriptionSource.java @@ -0,0 +1,64 @@ +/* + * The MIT License + * + * Copyright (c) 2016 Oleg Nenashev. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.model; + +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import hudson.model.Job; +import hudson.model.Node; +import javax.annotation.CheckForNull; + +/** + * References the source of {@link OwnershipDescription}. + * This describable class is being used in UI (e.g. {@code manage-owners} page). + * The summary info can be retrieved using {@code summary.jelly}. + * @param Type of the source items. + * @author Oleg Nenashev + * @since 0.9 + */ +public abstract class OwnershipDescriptionSource { + + @CheckForNull + private final TSourceType item; + + public OwnershipDescriptionSource(@CheckForNull TSourceType item) { + this.item = item; + } + + /** + * Provides a reference to the item, which acts as a source. + * It may be {@link Job}, {@link Node} or whatever other class. + * @return Instance, which is referenced as an Item source. + * {@code null} means that there is no item, which could describe the {@link OwnershipDescription}. + */ + @CheckForNull + public TSourceType getItem() { + return item; + } + + public static class DisabledSource extends OwnershipDescriptionSource{ + public DisabledSource() { + super(null); + } + } +} diff --git a/src/main/java/org/jenkinsci/plugins/ownership/model/OwnershipHelperLocator.java b/src/main/java/org/jenkinsci/plugins/ownership/model/OwnershipHelperLocator.java new file mode 100644 index 00000000..c88a5e65 --- /dev/null +++ b/src/main/java/org/jenkinsci/plugins/ownership/model/OwnershipHelperLocator.java @@ -0,0 +1,90 @@ +/* + * The MIT License + * + * Copyright (c) 2016 Oleg Nenashev. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.model; + +import com.synopsys.arc.jenkins.plugins.ownership.IOwnershipHelper; +import com.synopsys.arc.jenkins.plugins.ownership.util.AbstractOwnershipHelper; +import hudson.ExtensionList; +import hudson.ExtensionPoint; +import javax.annotation.CheckForNull; +import javax.annotation.Nonnull; +import jenkins.model.Jenkins; + +/** + * Extension point, which allows to identify {@link IOwnershipHelper} for particular classes. + * @param Type of the item + * @author Oleg Nenashev + * @since 0.9 + */ +public abstract class OwnershipHelperLocator implements ExtensionPoint { + + /** + * Looks up ownership helpers for a class. + * @param item Item, for which the ownership should be retrieved + * @return Helper. Returns null if there is no applicable helper provided by this extension. + */ + @CheckForNull + public abstract AbstractOwnershipHelper findHelper(Object item); + + /** + * Returns all the registered {@link OwnershipHelperLocator}s. + * @return All registered {@link OwnershipHelperLocator}s + */ + @Nonnull + public static ExtensionList all() { + return Jenkins.get().getExtensionList(OwnershipHelperLocator.class); + } + + /** + * Locates {@link IOwnershipHelper} for the specified item. + * @param Class of the required helper + * @param item Item, for which we need a helper + * @return Located helper. May be null if there is no relevant helper + */ + @CheckForNull + @SuppressWarnings("unchecked") + public static AbstractOwnershipHelper locate(T item) { + return (AbstractOwnershipHelper)locate(item, item.getClass()); + } + + /** + * Locates {@link IOwnershipHelper} for the specified item. + * @param Class of the required helper + * @param item Item, for which we need a helper + * @param requiredClass Required class + * @return Located helper. May be null if there is no relevant helper + */ + @CheckForNull + @SuppressWarnings("unchecked") + public static AbstractOwnershipHelper locate(Object item, Class requiredClass) { + for (OwnershipHelperLocator helper : all()) { + AbstractOwnershipHelper located = helper.findHelper(item); + //TODO: Helper verification would be useful + if (located != null) { + return (AbstractOwnershipHelper) located; + } + } + return null; + } +} diff --git a/src/main/java/org/jenkinsci/plugins/ownership/model/OwnershipInfo.java b/src/main/java/org/jenkinsci/plugins/ownership/model/OwnershipInfo.java new file mode 100644 index 00000000..0b30107a --- /dev/null +++ b/src/main/java/org/jenkinsci/plugins/ownership/model/OwnershipInfo.java @@ -0,0 +1,59 @@ +/* + * The MIT License + * + * Copyright (c) 2016 Oleg Nenashev. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.model; + +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import javax.annotation.Nonnull; + +/** + * Provides a full info about Ownership. + * {@link OwnershipDescription} is designed to store the persisted data only, + * this class also provides a runtime content. It should not be serialized anywhere. + * @author Oleg Nenashev + * @since 0.9 + */ +public class OwnershipInfo { + + private final OwnershipDescription description; + private final OwnershipDescriptionSource source; + + public static final OwnershipInfo DISABLED_INFO = + new OwnershipInfo(OwnershipDescription.DISABLED_DESCR, new OwnershipDescriptionSource.DisabledSource<>()); + + public OwnershipInfo(@Nonnull OwnershipDescription description, + @Nonnull OwnershipDescriptionSource source) { + this.description = description; + this.source = source; + } + + @Nonnull + public OwnershipDescription getDescription() { + return description; + } + + @Nonnull + public OwnershipDescriptionSource getSource() { + return source; + } +} diff --git a/src/main/java/org/jenkinsci/plugins/ownership/model/folders/FolderItemListener.java b/src/main/java/org/jenkinsci/plugins/ownership/model/folders/FolderItemListener.java new file mode 100644 index 00000000..e705ad41 --- /dev/null +++ b/src/main/java/org/jenkinsci/plugins/ownership/model/folders/FolderItemListener.java @@ -0,0 +1,86 @@ +/* + * The MIT License + * + * Copyright (c) 2016-2017 Oleg Nenashev. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.model.folders; + +import com.cloudbees.hudson.plugins.folder.AbstractFolder; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin; +import com.synopsys.arc.jenkins.plugins.ownership.extensions.ItemOwnershipPolicy; +import hudson.Extension; +import hudson.Plugin; +import hudson.model.Item; +import hudson.model.listeners.ItemListener; +import java.io.IOException; +import java.util.logging.Level; +import java.util.logging.Logger; +import jenkins.model.Jenkins; + +/** + * Locates changes in {@link AbstractFolder}s and assigns ownership accordingly. + * @author Oleg Nenashev + */ +@Extension(optional = true) +public class FolderItemListener extends ItemListener { + + private static final Logger LOGGER = Logger.getLogger(FolderItemListener.class.getName()); + + @Override + public void onCopied(Item src, Item item) { + if (!isFoldersPluginEnabled()) { + return; + } + OwnershipDescription d = getPolicy().onCopied(src, item); + modifyOwnership(item, d); + } + + @Override + public void onCreated(Item item) { + if (!isFoldersPluginEnabled()) { + return; + } + OwnershipDescription d = getPolicy().onCreated(item); + modifyOwnership(item, d); + } + + private ItemOwnershipPolicy getPolicy() { + return OwnershipPlugin.getInstance().getConfiguration().getItemOwnershipPolicy(); + } + + private boolean isFoldersPluginEnabled() { + final Plugin plugin = Jenkins.get().getPlugin("cloudbees-folder"); + return plugin != null && plugin.getWrapper().isActive(); + } + + private void modifyOwnership(Item item, OwnershipDescription ownership) { + if (item instanceof AbstractFolder) { + AbstractFolder folder = (AbstractFolder) item; + try { + FolderOwnershipHelper.setOwnership(folder, ownership); + } catch (IOException ex) { + LOGGER.log(Level.WARNING, "Cannot change ownership of {0} to [{1}]. {2}", + new Object[] {item, ownership, ex}); + } + } + } +} diff --git a/src/main/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipAction.java b/src/main/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipAction.java new file mode 100644 index 00000000..0363ee88 --- /dev/null +++ b/src/main/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipAction.java @@ -0,0 +1,92 @@ +/* + * The MIT License + * + * Copyright (c) 2015-2017 Oleg Nenashev. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.model.folders; + +import com.cloudbees.hudson.plugins.folder.AbstractFolder; +import com.synopsys.arc.jenkins.plugins.ownership.IOwnershipHelper; +import com.synopsys.arc.jenkins.plugins.ownership.ItemOwnershipAction; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin; +import com.synopsys.arc.jenkins.plugins.ownership.util.ui.OwnershipLayoutFormatter; +import hudson.model.Descriptor; +import hudson.security.Permission; +import java.io.IOException; +import java.io.UnsupportedEncodingException; +import javax.annotation.Nonnull; +import javax.servlet.ServletException; +import net.sf.json.JSONObject; +import org.kohsuke.stapler.HttpResponse; +import org.kohsuke.stapler.HttpResponses; +import org.kohsuke.stapler.StaplerRequest; +import org.kohsuke.stapler.StaplerResponse; + +/** + * Allows managing actions for {@link AbstractFolder}s. + * @author Oleg Nenashev + * @since 0.9 + */ +public class FolderOwnershipAction extends ItemOwnershipAction> { + + //TODO: May become a problem once we need to make it flexible (not implemented). Move to helper? + private static final OwnershipLayoutFormatter> DEFAULT_FOLDER_FORMATTER + = new OwnershipLayoutFormatter.DefaultJobFormatter<>(); + + public FolderOwnershipAction(@Nonnull AbstractFolder folder) { + super(folder); + } + + @Override + public Permission getOwnerPermission() { + return OwnershipPlugin.MANAGE_ITEMS_OWNERSHIP; + } + + @Override + public Permission getProjectSpecificPermission() { + return OwnershipPlugin.MANAGE_ITEMS_OWNERSHIP; + } + + @Override + public boolean actionIsAvailable() { + return getDescribedItem().hasPermission(OwnershipPlugin.MANAGE_ITEMS_OWNERSHIP); + } + + @Override + public IOwnershipHelper> helper() { + return FolderOwnershipHelper.getInstance(); + } + + public OwnershipLayoutFormatter> getLayoutFormatter() { + return DEFAULT_FOLDER_FORMATTER; + } + + public HttpResponse doOwnersSubmit(StaplerRequest req, StaplerResponse rsp) throws IOException, UnsupportedEncodingException, ServletException, Descriptor.FormException { + getDescribedItem().checkPermission(OwnershipPlugin.MANAGE_ITEMS_OWNERSHIP); + + JSONObject jsonOwnership = req.getSubmittedForm().getJSONObject("owners"); + OwnershipDescription descr = OwnershipDescription.parseJSON(jsonOwnership); + FolderOwnershipHelper.setOwnership(getDescribedItem(), descr); + + return HttpResponses.redirectViaContextPath(getDescribedItem().getUrl()); + } +} diff --git a/src/main/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipActionFactory.java b/src/main/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipActionFactory.java new file mode 100644 index 00000000..d513a1c8 --- /dev/null +++ b/src/main/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipActionFactory.java @@ -0,0 +1,52 @@ +/* + * The MIT License + * + * Copyright (c) 2015-2017 Oleg Nenashev. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.model.folders; + +import com.cloudbees.hudson.plugins.folder.AbstractFolder; +import hudson.Extension; +import hudson.model.Action; +import java.util.Collection; +import java.util.Collections; +import jenkins.model.TransientActionFactory; +import org.kohsuke.accmod.Restricted; +import org.kohsuke.accmod.restrictions.NoExternalUse; + +/** + * Injects {@link FolderOwnershipAction}s. + * @author Oleg Nenashev + */ +@Extension(optional = true) +@Restricted(NoExternalUse.class) +public class FolderOwnershipActionFactory extends TransientActionFactory { + + @Override + public Collection createFor(AbstractFolder target) { + return Collections.singleton(new FolderOwnershipAction(target)); + } + + @Override + public Class type() { + return AbstractFolder.class; + } +} diff --git a/src/main/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipDescriptionSource.java b/src/main/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipDescriptionSource.java new file mode 100644 index 00000000..e3308fe1 --- /dev/null +++ b/src/main/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipDescriptionSource.java @@ -0,0 +1,42 @@ +/* + * The MIT License + * + * Copyright (c) 2016 Oleg Nenashev. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.model.folders; + +import com.cloudbees.hudson.plugins.folder.AbstractFolder; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import javax.annotation.CheckForNull; +import org.jenkinsci.plugins.ownership.model.OwnershipDescriptionSource; + +/** + * References {@link OwnershipDescription}s provided by various {@link AbstractFolder}s. + * @author Oleg Nenashev + * @since 0.9 + */ +public class FolderOwnershipDescriptionSource extends OwnershipDescriptionSource> { + + public FolderOwnershipDescriptionSource(@CheckForNull AbstractFolder item) { + super(item); + } + +} diff --git a/src/main/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipHelper.java b/src/main/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipHelper.java new file mode 100644 index 00000000..89088949 --- /dev/null +++ b/src/main/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipHelper.java @@ -0,0 +1,182 @@ +/* + * The MIT License + * + * Copyright (c) 2015-2017 Oleg Nenashev. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.model.folders; + +import com.cloudbees.hudson.plugins.folder.AbstractFolder; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPluginConfiguration; +import com.synopsys.arc.jenkins.plugins.ownership.util.AbstractOwnershipHelper; +import com.synopsys.arc.jenkins.plugins.ownership.util.UserCollectionFilter; +import com.synopsys.arc.jenkins.plugins.ownership.util.userFilters.AccessRightsFilter; +import com.synopsys.arc.jenkins.plugins.ownership.util.userFilters.IUserFilter; +import hudson.Extension; +import hudson.model.Item; +import hudson.model.ItemGroup; +import hudson.model.User; +import java.io.IOException; +import java.util.Collection; +import javax.annotation.CheckForNull; +import javax.annotation.Nonnull; + +import hudson.security.Permission; +import org.jenkinsci.plugins.ownership.model.OwnershipHelperLocator; +import org.jenkinsci.plugins.ownership.model.OwnershipInfo; +import org.kohsuke.accmod.Restricted; +import org.kohsuke.accmod.restrictions.NoExternalUse; + +/** + * Integration with Folders plugin. + * @author Oleg Nenashev + * @since 0.9 + */ +public class FolderOwnershipHelper extends AbstractOwnershipHelper> { + + static final FolderOwnershipHelper INSTANCE = new FolderOwnershipHelper(); + + @Nonnull + public static FolderOwnershipHelper getInstance() { + return INSTANCE; + } + + /** + * Gets OwnerNodeProperty from job if possible. + * @param folder Folder + * @return OwnerNodeProperty or null + */ + @CheckForNull + public static FolderOwnershipProperty getOwnerProperty(@Nonnull AbstractFolder folder) { + FolderOwnershipProperty prop = folder.getProperties().get(FolderOwnershipProperty.class); + return prop != null ? prop : null; + } + + @Override + public String getItemTypeName(AbstractFolder item) { + return "folder"; + } + + @Override + public String getItemDisplayName(AbstractFolder item) { + return item.getDisplayName(); + } + + @Override + public String getItemURL(AbstractFolder item) { + return item.getUrl(); + } + + @Override + public OwnershipDescription getOwnershipDescription(AbstractFolder item) { + // TODO: Maybe makes sense to unwrap the method to get a better performance (esp. for Security) + return getOwnershipInfo(item).getDescription(); + } + + @Nonnull + @Override + public Permission getRequiredPermission() { + return OwnershipPlugin.MANAGE_ITEMS_OWNERSHIP; + } + + @Override + public boolean hasLocallyDefinedOwnership(@Nonnull AbstractFolder folder) { + return getOwnerProperty(folder) != null; + } + + @Override + public OwnershipInfo getOwnershipInfo(AbstractFolder item) { + if (item == null) { // Handle renames, etc. + return OwnershipInfo.DISABLED_INFO; + } + + // Retrieve Ownership from the Folder property + FolderOwnershipProperty prop = getOwnerProperty(item); + if (prop != null) { + OwnershipDescription d = prop.getOwnership(); + if (d.isOwnershipEnabled()) { + return new OwnershipInfo(prop.getOwnership(), new FolderOwnershipDescriptionSource(item)); + } + } + + // We go to upper items in order to get the ownership description + if (!OwnershipPluginConfiguration.get().getInheritanceOptions().isBlockInheritanceFromItemGroups()) { + ItemGroup parent = item.getParent(); + AbstractOwnershipHelper located = OwnershipHelperLocator.locate(parent); + while (located != null) { + OwnershipInfo fromParent = located.getOwnershipInfo(parent); + if (fromParent.getDescription().isOwnershipEnabled()) { + return fromParent; + } + if (parent instanceof Item) { + Item parentItem = (Item)parent; + parent = parentItem.getParent(); + located = OwnershipHelperLocator.locate(parent); + } else { + located = null; + } + } + } + + return OwnershipInfo.DISABLED_INFO; + } + + @Override + public Collection getPossibleOwners(AbstractFolder item) { + if (OwnershipPlugin.getInstance().isRequiresConfigureRights()) { + IUserFilter filter = new AccessRightsFilter(item, AbstractFolder.CONFIGURE); + return UserCollectionFilter.filterUsers(User.getAll(), true, filter); + } else { + return User.getAll(); + } + } + + /** + * Sets the ownership information. + * @param folder Folder to be modified + * @param descr A description to be set. Use null to drop settings. + * @throws IOException + */ + public static void setOwnership(@Nonnull AbstractFolder folder, + @CheckForNull OwnershipDescription descr) throws IOException { + FolderOwnershipProperty prop = getOwnerProperty(folder); + if (prop == null) { + prop = new FolderOwnershipProperty(descr); + folder.addProperty(prop); + } else { + prop.setOwnershipDescription(descr); + } + } + + @Extension(optional = true) + @Restricted(NoExternalUse.class) + public static class LocatorImpl extends OwnershipHelperLocator> { + + @Override + public AbstractOwnershipHelper> findHelper(Object item) { + if (item instanceof AbstractFolder) { + return INSTANCE; + } + return null; + } + } +} diff --git a/src/main/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipProperty.java b/src/main/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipProperty.java new file mode 100644 index 00000000..1a78ac8a --- /dev/null +++ b/src/main/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipProperty.java @@ -0,0 +1,112 @@ +/* + * The MIT License + * + * Copyright (c) 2015-2017 Oleg Nenashev. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.model.folders; + +import com.cloudbees.hudson.plugins.folder.AbstractFolder; +import com.cloudbees.hudson.plugins.folder.AbstractFolderProperty; +import com.cloudbees.hudson.plugins.folder.AbstractFolderPropertyDescriptor; +import com.synopsys.arc.jenkins.plugins.ownership.IOwnershipHelper; +import com.synopsys.arc.jenkins.plugins.ownership.IOwnershipItem; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import edu.umd.cs.findbugs.annotations.SuppressFBWarnings; +import hudson.Extension; +import hudson.model.Descriptor; +import hudson.model.Items; +import hudson.util.XStream2; +import java.io.IOException; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import javax.annotation.CheckForNull; +import net.sf.json.JSONObject; +import org.kohsuke.stapler.StaplerRequest; + +/** + * Ownership property for {@link AbstractFolder}s. + * @author Oleg Nenashev + * @since 0.9 + */ +public class FolderOwnershipProperty + extends AbstractFolderProperty> + implements IOwnershipItem>{ + + @CheckForNull + OwnershipDescription ownership; + + public FolderOwnershipProperty(@CheckForNull OwnershipDescription ownership) { + this.ownership = ownership; + } + + @Override + public IOwnershipHelper> helper() { + return FolderOwnershipHelper.getInstance(); + } + + @Override + public AbstractFolder getDescribedItem() { + return owner; + } + + @Override + public OwnershipDescription getOwnership() { + return ownership != null ? ownership : OwnershipDescription.DISABLED_DESCR; + } + + /** + * Sets the new ownership description. + * @param description Description to be set. Use {@code null} to drop settings. + * @throws IOException Property cannot be saved. + */ + public void setOwnershipDescription(@CheckForNull OwnershipDescription description) throws IOException { + ownership = description; + owner.save(); + } + + @Override + public AbstractFolderProperty reconfigure(StaplerRequest req, JSONObject form) throws Descriptor.FormException { + // Retain the current configuration in order to prevent changes by form submissions + return new FolderOwnershipProperty(ownership); + } + + @Extension(optional = true) + public static class DescriptorImpl extends AbstractFolderPropertyDescriptor { + + @Override + @SuppressFBWarnings(value = "NP_NONNULL_RETURN_VIOLATION", justification = "TODO: should be fixed, see jenkinsci PR #1880") + public String getDisplayName() { + // It prevents the property from displaying + return null; + } + + } + + static { + // TODO: Remove reflection once baseline is updated past 2.85. + try { + Method m = XStream2.class.getMethod("addCriticalField", Class.class, String.class); + m.invoke(Items.XSTREAM2, FolderOwnershipProperty.class, "ownership"); + } catch (IllegalAccessException | InvocationTargetException | NoSuchMethodException e) { + throw new ExceptionInInitializerError(e); + } + } +} diff --git a/src/main/java/org/jenkinsci/plugins/ownership/model/jobs/JobOwnershipDescriptionSource.java b/src/main/java/org/jenkinsci/plugins/ownership/model/jobs/JobOwnershipDescriptionSource.java new file mode 100644 index 00000000..614a0314 --- /dev/null +++ b/src/main/java/org/jenkinsci/plugins/ownership/model/jobs/JobOwnershipDescriptionSource.java @@ -0,0 +1,42 @@ +/* + * The MIT License + * + * Copyright (c) 2016 Oleg Nenashev. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.model.jobs; + +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import hudson.model.Job; +import javax.annotation.CheckForNull; +import org.jenkinsci.plugins.ownership.model.OwnershipDescriptionSource; + +/** + * References {@link OwnershipDescription}s provided by various {@link Job}s. + * @author Oleg Nenashev + * @since 0.9 + */ +public class JobOwnershipDescriptionSource extends OwnershipDescriptionSource> { + + public JobOwnershipDescriptionSource(@CheckForNull Job item) { + super(item); + } + +} diff --git a/src/main/java/org/jenkinsci/plugins/ownership/model/nodes/NodeOwnershipDescriptionSource.java b/src/main/java/org/jenkinsci/plugins/ownership/model/nodes/NodeOwnershipDescriptionSource.java new file mode 100644 index 00000000..6c344a13 --- /dev/null +++ b/src/main/java/org/jenkinsci/plugins/ownership/model/nodes/NodeOwnershipDescriptionSource.java @@ -0,0 +1,41 @@ +/* + * The MIT License + * + * Copyright (c) 2016 Oleg Nenashev. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.model.nodes; + +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import hudson.model.Node; +import org.jenkinsci.plugins.ownership.model.OwnershipDescriptionSource; + +/** + * References {@link OwnershipDescription}s provided by various {@link Node}s. + * @author Oleg Nenashev + * @since 0.9 + */ +public class NodeOwnershipDescriptionSource extends OwnershipDescriptionSource { + + public NodeOwnershipDescriptionSource(Node node) { + super(node); + } + +} diff --git a/src/main/java/org/jenkinsci/plugins/ownership/model/runs/OwnershipRunListener.java b/src/main/java/org/jenkinsci/plugins/ownership/model/runs/OwnershipRunListener.java index 42c0309f..3815a9bc 100644 --- a/src/main/java/org/jenkinsci/plugins/ownership/model/runs/OwnershipRunListener.java +++ b/src/main/java/org/jenkinsci/plugins/ownership/model/runs/OwnershipRunListener.java @@ -31,7 +31,7 @@ /** * Injects {@link RunOwnershipAction}s to all runs. - * @author Oleg Nenashev + * @author Oleg Nenashev * @since 0.6 */ @Extension diff --git a/src/main/java/org/jenkinsci/plugins/ownership/model/runs/RunOwnershipAction.java b/src/main/java/org/jenkinsci/plugins/ownership/model/runs/RunOwnershipAction.java index 4317481e..409a93fd 100644 --- a/src/main/java/org/jenkinsci/plugins/ownership/model/runs/RunOwnershipAction.java +++ b/src/main/java/org/jenkinsci/plugins/ownership/model/runs/RunOwnershipAction.java @@ -31,9 +31,9 @@ import com.synopsys.arc.jenkins.plugins.ownership.wrappers.OwnershipBuildWrapper;; import hudson.EnvVars; import hudson.model.AbstractBuild; +import hudson.model.BuildableItemWithBuildWrappers; import hudson.model.EnvironmentContributingAction; import hudson.model.Job; -import hudson.model.Project; import hudson.model.Run; import hudson.security.Permission; import javax.annotation.Nonnull; @@ -43,7 +43,7 @@ * Displays ownership info for builds. * This implementation is a stub for summaries visualization. * Currently, users cannot manage builds ownership. - * @author Oleg Nenashev + * @author Oleg Nenashev * @since 0.6 */ public class RunOwnershipAction extends ItemOwnershipAction @@ -92,10 +92,9 @@ public void buildEnvVars(AbstractBuild build, EnvVars env) { // Check BuildWrapper options id available final Job parent = build.getParent(); - if (parent instanceof Project) { - final Project prj = (Project) parent; - final OwnershipBuildWrapper wrapper = (OwnershipBuildWrapper) - prj.getBuildWrappersList().get(OwnershipBuildWrapper.class); + if (parent instanceof BuildableItemWithBuildWrappers) { + final BuildableItemWithBuildWrappers prj = (BuildableItemWithBuildWrappers) parent; + final OwnershipBuildWrapper wrapper = prj.getBuildWrappersList().get(OwnershipBuildWrapper.class); if (wrapper != null) { injectJobOwnership |= wrapper.isInjectJobOwnership(); injectNodeOwnership |= wrapper.isInjectNodeOwnership(); diff --git a/src/main/java/org/jenkinsci/plugins/ownership/model/runs/RunOwnershipHelper.java b/src/main/java/org/jenkinsci/plugins/ownership/model/runs/RunOwnershipHelper.java index 2075fec1..3b390fb6 100644 --- a/src/main/java/org/jenkinsci/plugins/ownership/model/runs/RunOwnershipHelper.java +++ b/src/main/java/org/jenkinsci/plugins/ownership/model/runs/RunOwnershipHelper.java @@ -25,11 +25,12 @@ package org.jenkinsci.plugins.ownership.model.runs; import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin; import com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerHelper; -import com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerJobProperty; import com.synopsys.arc.jenkins.plugins.ownership.nodes.OwnerNodeProperty; import com.synopsys.arc.jenkins.plugins.ownership.util.AbstractOwnershipHelper; import com.synopsys.arc.jenkins.plugins.ownership.util.UserStringFormatter; +import hudson.Extension; import hudson.model.AbstractBuild; import hudson.model.BuildListener; import hudson.model.Node; @@ -38,17 +39,23 @@ import javax.annotation.CheckForNull; import javax.annotation.Nonnull; +import hudson.security.Permission; +import org.jenkinsci.plugins.ownership.model.OwnershipHelperLocator; +import org.jenkinsci.plugins.ownership.model.OwnershipInfo; +import org.kohsuke.accmod.Restricted; +import org.kohsuke.accmod.restrictions.NoExternalUse; + /** * Helper for {@link Run} ownership management. - * @author Oleg Nenashev + * @author Oleg Nenashev * @since 0.6 */ public class RunOwnershipHelper extends AbstractOwnershipHelper { - private static final RunOwnershipHelper instance = new RunOwnershipHelper(); + private static final RunOwnershipHelper INSTANCE = new RunOwnershipHelper(); public static RunOwnershipHelper getInstance() { - return instance; + return INSTANCE; } @Override @@ -70,7 +77,18 @@ public String getItemURL(Run item) { public OwnershipDescription getOwnershipDescription(Run item) { return JobOwnerHelper.Instance.getOwnershipDescription(item.getParent()); } - + + @Override + public OwnershipInfo getOwnershipInfo(Run item) { + return JobOwnerHelper.Instance.getOwnershipInfo(item.getParent()); + } + + @Override + public Permission getRequiredPermission() { + // Runs do not have separate permission management logic now, so we rely on Items + return OwnershipPlugin.MANAGE_ITEMS_OWNERSHIP; + } + /** * Environment setup according to wrapper configurations. * @param build Input build @@ -83,9 +101,8 @@ public OwnershipDescription getOwnershipDescription(Run item) { public static void setUp (@Nonnull AbstractBuild build, @Nonnull Map target, @CheckForNull BuildListener listener, boolean injectJobOwnership, boolean injectNodeOwnership) { - if (injectJobOwnership) { - JobOwnerJobProperty prop = JobOwnerHelper.getOwnerProperty(build.getParent()); - OwnershipDescription descr = prop != null ? prop.getOwnership() : OwnershipDescription.DISABLED_DESCR; + if (injectJobOwnership) { + OwnershipDescription descr = JobOwnerHelper.Instance.getOwnershipDescription(build.getParent()); getVariables(descr, target, "JOB"); } @@ -112,7 +129,7 @@ private static void getVariables(OwnershipDescription descr, Map String ownerEmail = UserStringFormatter.formatEmail(descr.getPrimaryOwnerId()); target.put(prefix+"_OWNER_EMAIL", ownerEmail != null ? ownerEmail : ""); - StringBuilder coowners=new StringBuilder(prefix+"_OWNER"); + StringBuilder coowners=new StringBuilder(target.get(prefix+"_OWNER")); StringBuilder coownerEmails= new StringBuilder(target.get(prefix+"_OWNER_EMAIL")); for (String userId : descr.getCoownersIds()) { if (coowners.length() != 0) { @@ -132,4 +149,23 @@ private static void getVariables(OwnershipDescription descr, Map target.put(prefix+"_COOWNERS", coowners.toString()); target.put(prefix+"_COOWNERS_EMAILS", coownerEmails.toString()); } + + @Override + public boolean isDisplayOwnershipSummaryBox(Run item) { + return super.isDisplayOwnershipSummaryBox(item) && + !OwnershipPlugin.getInstance().getConfiguration().getDisplayOptions().isHideRunOwnership(); + } + + @Extension + @Restricted(NoExternalUse.class) + public static class LocatorImpl extends OwnershipHelperLocator { + + @Override + public AbstractOwnershipHelper findHelper(Object item) { + if (item instanceof Run) { + return INSTANCE; + } + return null; + } + } } diff --git a/src/main/java/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariable.java b/src/main/java/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariable.java new file mode 100644 index 00000000..82d8a3f8 --- /dev/null +++ b/src/main/java/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariable.java @@ -0,0 +1,142 @@ +/* + * The MIT License + * + * Copyright (c) 2016 CloudBees, Inc. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.model.workflow; + +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerHelper; +import com.synopsys.arc.jenkins.plugins.ownership.nodes.NodeOwnerHelper; +import groovy.lang.Binding; +import hudson.Extension; +import hudson.model.Node; +import hudson.model.Run; +import java.io.IOException; +import java.io.InputStream; +import javax.annotation.CheckForNull; +import javax.annotation.Nonnull; +import jenkins.model.Jenkins; +import org.apache.commons.io.IOUtils; +import org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.ProxyWhitelist; +import org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.StaticWhitelist; +import org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.Whitelisted; +import org.jenkinsci.plugins.workflow.cps.CpsScript; +import org.jenkinsci.plugins.workflow.cps.GlobalVariable; +import org.jenkinsci.plugins.workflow.support.steps.build.RunWrapper; +import org.kohsuke.accmod.Restricted; +import org.kohsuke.accmod.restrictions.NoExternalUse; + +/** + * Provides {@link OwnershipDescription}s for different item types. + * @author Oleg Nenashev + * @since 0.9 + */ +@Extension +public class OwnershipGlobalVariable extends GlobalVariable { + + @Override + public final Object getValue(CpsScript script) throws Exception { + final Binding binding = script.getBinding(); + final Object loadedObject; + if (binding.hasVariable(getName())) { + loadedObject = binding.getVariable(getName()); + } else { + // Note that if this were a method rather than a constructor, we would need to mark it @NonCPS lest it throw CpsCallableInvocation. + loadedObject = script.getClass().getClassLoader() + .loadClass(getClassName()) + .getConstructor(CpsScript.class).newInstance(script); + binding.setVariable(getName(), loadedObject); + } + return loadedObject; + } + + /** + * Canonical name of the class to be loaded. + * @return Canonical class name + */ + @Nonnull + private String getClassName() { + return getClass().getName() + ".Impl"; + } + + @Override + public String getName() { + return "ownership"; + } + + /** + * Loads a snippet from the resource file. + * @param name Name of the snippet (e.g. "loadMultipleFiles") + * @return Workflow script text + * @throws IOException Loading error + */ + @Restricted(NoExternalUse.class) + public static String getSampleSnippet(String name) throws IOException { + final String resourceName = "OwnershipGlobalVariable/sample_" + name + ".groovy"; + final InputStream scriptStream = OwnershipGlobalVariable.class.getResourceAsStream(resourceName); + if (scriptStream == null) { + throw new IOException("Cannot find sample script in " + resourceName); + } + return IOUtils.toString(scriptStream, "UTF-8"); + } + + @Restricted(NoExternalUse.class) + @Whitelisted + public static OwnershipDescription getJobOwnershipDescription(RunWrapper currentRun) { + Run rawBuild = currentRun.getRawBuild(); + if (rawBuild == null) { + throw new IllegalStateException("Cannot retrieve build from Pipeline Run Wrapper"); + } + return JobOwnerHelper.Instance.getOwnershipDescription(rawBuild.getParent()); + } + + @CheckForNull + @Whitelisted + @Restricted(NoExternalUse.class) + public static OwnershipDescription getNodeOwnershipDescription(@CheckForNull String nodeName) { + if (nodeName == null || nodeName.isEmpty()) { + // Master node may have null or empty name, use Jenkins.get() as fallback + return NodeOwnerHelper.Instance.getOwnershipDescription(Jenkins.get()); + } + final Node node = "master".equals(nodeName) + ? Jenkins.get() + : Jenkins.get().getNode(nodeName); + if (node == null) { + // If node is not found by name, try to use master node as fallback + // This handles cases where env.NODE_NAME is set but node doesn't exist + return NodeOwnerHelper.Instance.getOwnershipDescription(Jenkins.get()); + } + return NodeOwnerHelper.Instance.getOwnershipDescription(node); + } + + @Extension(optional = true) + public static class MiscWhitelist extends ProxyWhitelist { + + public MiscWhitelist() throws IOException { + super(new StaticWhitelist( + "new java.util.TreeMap", + "method groovy.lang.Closure call java.lang.Object", + "method java.lang.Object toString" + )); + } + } +} diff --git a/src/main/java/org/jenkinsci/plugins/ownership/util/environment/EnvSetupOptions.java b/src/main/java/org/jenkinsci/plugins/ownership/util/environment/EnvSetupOptions.java index ae13f269..37ab777d 100644 --- a/src/main/java/org/jenkinsci/plugins/ownership/util/environment/EnvSetupOptions.java +++ b/src/main/java/org/jenkinsci/plugins/ownership/util/environment/EnvSetupOptions.java @@ -32,7 +32,7 @@ /** * Stores environment setup options for {@link OwnershipPlugin}. - * @author Oleg Nenashev + * @author Oleg Nenashev * @since 0.6 */ public class EnvSetupOptions implements Describable { diff --git a/src/main/java/org/jenkinsci/plugins/ownership/util/mail/MailFormatter.java b/src/main/java/org/jenkinsci/plugins/ownership/util/mail/MailFormatter.java index 1a4f46b3..2d457830 100644 --- a/src/main/java/org/jenkinsci/plugins/ownership/util/mail/MailFormatter.java +++ b/src/main/java/org/jenkinsci/plugins/ownership/util/mail/MailFormatter.java @@ -37,7 +37,7 @@ /** * Provides the support of operations with e-mails. - * @author Oleg Nenashev + * @author Oleg Nenashev * @since 0.6 */ public class MailFormatter { @@ -79,7 +79,7 @@ public MailFormatter(@Nonnull String encoding, @Nonnull String separator) { if (toString != null) { b.append(URLEncoder.encode(toString, encoding)); } - List params = new LinkedList(); + List params = new LinkedList<>(); joinMailAddresses(cc, "cc", params); joinMailAddresses(bcc, "bcc", params); if (subject != null) { diff --git a/src/main/java/org/jenkinsci/plugins/ownership/util/mail/MailOptions.java b/src/main/java/org/jenkinsci/plugins/ownership/util/mail/MailOptions.java index db6b5796..ec8fc2d4 100644 --- a/src/main/java/org/jenkinsci/plugins/ownership/util/mail/MailOptions.java +++ b/src/main/java/org/jenkinsci/plugins/ownership/util/mail/MailOptions.java @@ -34,19 +34,23 @@ /** * Stores mailing options for {@link OwnershipPlugin}. - * @author Oleg Nenashev + * @author Oleg Nenashev * @since 0.6 */ public class MailOptions implements Describable { private final @CheckForNull String contactOwnersSubjectTemplate; private final @CheckForNull String contactOwnersBodyTemplate; + private final boolean contactOwnersLinkDisabled; + private final @CheckForNull String contactAdminsSubjectTemplate; private final @CheckForNull String contactAdminsBodyTemplate; - + private final boolean contactAdminsLinkDisabled; + private final @CheckForNull String emailListSeparator; private final @CheckForNull String adminsContactEmail; - + private final boolean hideOwnerAndCoOwnerEmails; + private static final String DEFAULT_LIST_SEPARATOR = ";"; public static final MailOptions DEFAULT = new MailOptions(); @@ -58,16 +62,46 @@ private MailOptions() { @DataBoundConstructor public MailOptions( String contactOwnersSubjectTemplate, String contactOwnersBodyTemplate, + boolean contactOwnersLinkDisabled, String contactAdminsSubjectTemplate, String contactAdminsBodyTemplate, - String adminsContactEmail, String emailListSeparator) { + boolean contactAdminsLinkDisabled, + String adminsContactEmail, String emailListSeparator, + boolean hideOwnerAndCoOwnerEmails) { this.contactOwnersSubjectTemplate = contactOwnersSubjectTemplate; this.contactOwnersBodyTemplate = contactOwnersBodyTemplate; + this.contactOwnersLinkDisabled = contactOwnersLinkDisabled; + this.contactAdminsSubjectTemplate = contactAdminsSubjectTemplate; this.contactAdminsBodyTemplate = contactAdminsBodyTemplate; + this.contactAdminsLinkDisabled = contactAdminsLinkDisabled; + this.emailListSeparator = emailListSeparator; - this.adminsContactEmail = adminsContactEmail; + this.adminsContactEmail = adminsContactEmail; + this.hideOwnerAndCoOwnerEmails = hideOwnerAndCoOwnerEmails; + } + + @Deprecated + public MailOptions( + String contactOwnersSubjectTemplate, String contactOwnersBodyTemplate, + boolean contactOwnersLinkDisabled, + String contactAdminsSubjectTemplate, String contactAdminsBodyTemplate, + boolean contactAdminsLinkDisabled, + String adminsContactEmail, String emailListSeparator) { + this(contactOwnersSubjectTemplate, contactOwnersBodyTemplate, contactOwnersLinkDisabled, + contactAdminsSubjectTemplate, contactAdminsBodyTemplate, contactAdminsLinkDisabled, + adminsContactEmail, emailListSeparator, false); } + @Deprecated + public MailOptions( + String contactOwnersSubjectTemplate, String contactOwnersBodyTemplate, + String contactAdminsSubjectTemplate, String contactAdminsBodyTemplate, + String adminsContactEmail, String emailListSeparator) { + this(contactOwnersSubjectTemplate, contactOwnersBodyTemplate, false, + contactAdminsSubjectTemplate, contactAdminsBodyTemplate, false, + adminsContactEmail, emailListSeparator); + } + public @Nonnull String getContactOwnersSubjectTemplate() { return contactOwnersSubjectTemplate != null ? contactOwnersSubjectTemplate @@ -99,6 +133,31 @@ public MailOptions( public @CheckForNull String getAdminsContactEmail() { return adminsContactEmail; } + + /** + * @return Indicates that contact admins link should not be displayed + * @since 0.7 + */ + public boolean isContactAdminsLinkDisabled() { + return contactAdminsLinkDisabled; + } + + /** + * @return Indicates that contact owners link should not be displayed + * @since 0.7 + */ + public boolean isContactOwnersLinkDisabled() { + return contactOwnersLinkDisabled; + } + + /** + * Check if displaying e-mails of item owners is disabled. + * @return {@code} true if the links should not be visualized. + * @since 0.8 + */ + public boolean isHideOwnerAndCoOwnerEmails() { + return hideOwnerAndCoOwnerEmails; + } @Extension public static final DescriptorImpl DESCRIPTOR = new DescriptorImpl(); diff --git a/src/main/java/org/jenkinsci/plugins/ownership/util/mail/OwnershipMailHelper.java b/src/main/java/org/jenkinsci/plugins/ownership/util/mail/OwnershipMailHelper.java index f6f8c3a3..1a9c65ff 100644 --- a/src/main/java/org/jenkinsci/plugins/ownership/util/mail/OwnershipMailHelper.java +++ b/src/main/java/org/jenkinsci/plugins/ownership/util/mail/OwnershipMailHelper.java @@ -41,7 +41,7 @@ /** * - * @author Oleg Nenashev + * @author Oleg Nenashev */ public class OwnershipMailHelper { @@ -69,11 +69,7 @@ public static String getContactAdminsMailToURL (TObjectType item, private static String getMailToURL (TObjectType item, IOwnershipHelper helper, Mode mode) { - final Jenkins instance = Jenkins.getInstance(); - if (instance == null) { - // Cannot construct e-mail if Jenkins has not been initialized - return null; - } + final Jenkins instance = Jenkins.get(); final OwnershipPlugin plugin = instance.getPlugin(OwnershipPlugin.class); if (plugin == null) { // Plugin is not initialized @@ -81,15 +77,30 @@ private static String getMailToURL (TObjectType item, return null; } final MailOptions mailOptions = plugin.getConfiguration().getMailOptions(); + final OwnershipDescription ownershipDescription = helper.getOwnershipDescription(item); - OwnershipDescription ownershipDescription = helper.getOwnershipDescription(item); + // Handle enablers if (!ownershipDescription.isOwnershipEnabled()) { return null; } + switch (mode) { + case ContactOwners: + if (mailOptions.isContactOwnersLinkDisabled()) { + return null; + } + break; + case ContactAdmins: + if (mailOptions.isContactAdminsLinkDisabled()) { + return null; + } + break; + default: + // Do nothing + } // Prepare the data - final List to = new LinkedList(); - final List cc = new LinkedList(); + final List to = new LinkedList<>(); + final List cc = new LinkedList<>(); final Map envVars = getSubstitutionVars(instance,item,helper); // to - job owner @@ -106,8 +117,8 @@ private static String getMailToURL (TObjectType item, } } - // cc - job co-owners - final Set coOwners = ownershipDescription.getCoownersIds(); + // cc - job secondary owners + final Set coOwners = ownershipDescription.getSecondaryOwnerIds(); if (!coOwners.isEmpty()) { for (String coOwnerId : coOwners) { String email = UserStringFormatter.formatEmail(coOwnerId); @@ -149,7 +160,7 @@ private static String getMailToURL (TObjectType item, @Nonnull Jenkins jenkins, @Nonnull TObjectType item, @Nonnull IOwnershipHelper helper) { - Map res = new TreeMap(); + Map res = new TreeMap<>(); // User info final User user = User.current(); diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/ItemOwnershipAction/ownershipSource.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/ItemOwnershipAction/ownershipSource.jelly new file mode 100644 index 00000000..060f81b2 --- /dev/null +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/ItemOwnershipAction/ownershipSource.jelly @@ -0,0 +1,55 @@ + + + + + + + + + + + + + + + + ${%warningHeader} ${%warningText} +
+
+ ${%ownershipSource} + + + + diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/ItemOwnershipAction/ownershipSource.properties b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/ItemOwnershipAction/ownershipSource.properties new file mode 100644 index 00000000..409c39e1 --- /dev/null +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/ItemOwnershipAction/ownershipSource.properties @@ -0,0 +1,5 @@ +warningHeader=Warning! +warningText=The ownership is specified by another source. \ + If you save this form, the ownership settings will be overridden in this item. \ + Configuration of the initial ownership info source won't be modified. +ownershipSource=Ownership is defined by: \ No newline at end of file diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobAction/propertyConfig.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/ItemOwnershipAction/propertyConfig.jelly similarity index 84% rename from src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobAction/propertyConfig.jelly rename to src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/ItemOwnershipAction/propertyConfig.jelly index 362ddbee..aefc6a91 100644 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobAction/propertyConfig.jelly +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/ItemOwnershipAction/propertyConfig.jelly @@ -1,7 +1,7 @@ + + xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:o="/lib/ownership"> @@ -47,7 +48,7 @@ - + - + - - - + + + @@ -76,7 +77,7 @@ -
+ - \ No newline at end of file + diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/Messages.properties b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/Messages.properties index d858c086..b764c02b 100644 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/Messages.properties +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/Messages.properties @@ -1,13 +1,13 @@ # Ownership plugin OwnershipPlugin.ManagePermissions.Title=Manage ownership -OwnershipPlugin.ManagePermissions.SlaveDescription=Manage node ownership(set owners and co-owners) -OwnershipPlugin.ManagePermissions.JobDescription=Manage jobs ownership(set owners and co-owners) +OwnershipPlugin.ManagePermissions.SlaveDescription=Manage node ownership (set primary and secondary owners) +OwnershipPlugin.ManagePermissions.JobDescription=Manage jobs ownership (set primary and secondary owners) OwnershipPlugin.FloatingBox.ContactOwners.Title=Contact Owners JobOwnership.Config.SectionTitle=Job ownership -JobOwnership.Column.Title=Job Owner +JobOwnership.Column.Title=Primary Owner JobOwnership.Filter.DisplayName=Ownership Filter NodeOwnership.Config.SectionTitle=Node ownership @@ -15,13 +15,13 @@ NodeOwnership.Monitor.DisplayName=Ownership NodesOwnership.Config.SectionTitle=Node ownership Security.RoleStrategy.OwnerRoleMacro.Name=Owner -Security.RoleStrategy.OwnerRoleMacro.Description=Checks if the user is an item’s owner. +Security.RoleStrategy.OwnerRoleMacro.Description=Deprecated. Checks if the user is an item’s owner. Security.RoleStrategy.CoOwnerRoleMacro.Name=CoOwner -Security.RoleStrategy.CoOwnerRoleMacro.Description=Checks if the current user belongs to item’s owners or co-owners. +Security.RoleStrategy.CoOwnerRoleMacro.Description=Deprecated. Checks if the current user is an item’s primary or secondary owner. Security.RoleStrategy.IgnoreSidDescriptionSuffix=

Warning! User SID will be replaced by the current user

Security.RoleStrategy.WithUserDescriptionSuffix=In addition to SIDs, macro checks ID of the current user during evaluation of "authenticated" SID. Security.RoleStrategy.NoOwnerRoleMacro.Name=NoOwner -Security.RoleStrategy.NoOwnerRoleMacro.Description=Checks if the item has not ownership. +Security.RoleStrategy.NoOwnerRoleMacro.Description=Checks if the item has no ownership specified. Security.RoleStrategy.ItemSpecificMacro.Name=ItemSpecific Security.RoleStrategy.ItemSpecificMacro.Description=Invokes evaluation of item-specific access rights. Security.JobRestrictions.OwnershipRestriction.DisplayName=Job's owners belong to the list @@ -36,5 +36,6 @@ OwnershipAction.ConfigureSpecificAccess.DisplayName=Configure specific access ri Utils.UI.UserSelector=User ID # Extensions -ItemOwnershipPolicy.AssignCreatorPolicy.dipslayName=Assign job creators as owners -ItemOwnershipPolicy.DropOwnershipPolicy.dipslayName=Do not assign ownership +ItemOwnershipPolicy.AssignCreatorPolicy.displayName=Assign job creator as owner +ItemOwnershipPolicy.DropOwnershipPolicy.displayName=Do not assign ownership +ItemOwnershipPolicy.PreserveOwnershipPolicy.displayName=Preserve job''s ownership diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/Messages_ru.properties b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/Messages_ru.properties new file mode 100644 index 00000000..90937d13 --- /dev/null +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/Messages_ru.properties @@ -0,0 +1,39 @@ +# Ownership plugin +OwnershipPlugin.ManagePermissions.Title=\u0423\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c\u0438 +OwnershipPlugin.ManagePermissions.SlaveDescription=\u0423\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c\u0438 \u043d\u043e\u0434\u044b (\u043d\u0430\u0437\u043d\u0430\u0447\u0438\u0442\u044c \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430 \u0438 \u0441\u043e\u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430) +OwnershipPlugin.ManagePermissions.JobDescription=\u0423\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u0435 \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c\u0438 \u0437\u0430\u0434\u0430\u0447\u0438 (\u043d\u0430\u0437\u043d\u0430\u0447\u0438\u0442\u044c \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430 \u0438 \u0441\u043e\u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430) + +OwnershipPlugin.FloatingBox.ContactOwners.Title=Email \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c + +JobOwnership.Config.SectionTitle=\u0412\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u044b \u0437\u0430\u0434\u0430\u0447\u0438 +JobOwnership.Column.Title=\u041e\u0441\u043d\u043e\u0432\u043d\u043e\u0439 \u0432\u043b\u0430\u0434\u0435\u043b\u0435\u0446 +JobOwnership.Filter.DisplayName=\u0424\u0438\u043b\u044c\u0442\u0440\u0430\u0446\u0438\u044f \u043f\u043e \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u043c + +NodeOwnership.Config.SectionTitle=\u0412\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u044b \u043d\u043e\u0434\u044b +NodeOwnership.Monitor.DisplayName=\u0412\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u044b +NodesOwnership.Config.SectionTitle=\u0412\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u044b \u043d\u043e\u0434 + +Security.RoleStrategy.OwnerRoleMacro.Name=Owner +Security.RoleStrategy.OwnerRoleMacro.Description=Deprecated. \u041f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043b\u0438 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u043c \u0438\u043b\u0438 \u0441\u043e\u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u043c \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u0430 +Security.RoleStrategy.CoOwnerRoleMacro.Name=CoOwner +Security.RoleStrategy.CoOwnerRoleMacro.Description=Deprecated. \u041f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c, \u044f\u0432\u043b\u044f\u0435\u0442\u0441\u044f \u043b\u0438 \u0442\u0435\u043a\u0443\u0449\u0438\u0439 \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044c \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u043c \u0438\u043b\u0438 \u0441\u043e\u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u043c \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u0430 +Security.RoleStrategy.IgnoreSidDescriptionSuffix=

Warning! SID \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0431\u0443\u0434\u0435\u0442 \u0437\u0430\u043c\u0435\u043d\u0435\u043d \u043d\u0430 \u0442\u0435\u043a\u0443\u0449\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f

+Security.RoleStrategy.WithUserDescriptionSuffix=\u0412 \u0434\u043e\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u043a SID-\u0430\u043c, \u043c\u0430\u043a\u0440\u043e\u0441 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442 ID \u0442\u0435\u043a\u0443\u0449\u0435\u0433\u043e \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f \u0432\u043e \u0432\u0440\u0435\u043c\u044f \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0438 "authenticated" SID +Security.RoleStrategy.NoOwnerRoleMacro.Name=NoOwner +Security.RoleStrategy.NoOwnerRoleMacro.Description=\u041f\u0440\u043e\u0432\u0435\u0440\u0438\u0442\u044c, \u0447\u0442\u043e \u0434\u043b\u044f \u044d\u043b\u0435\u043c\u0435\u043d\u0442\u0430 \u043d\u0435 \u0443\u043a\u0430\u0437\u0430\u043d\u044b \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u044b +Security.RoleStrategy.ItemSpecificMacro.Name=ItemSpecific +Security.RoleStrategy.ItemSpecificMacro.Description=\u0412\u044b\u0437\u044b\u0432\u0430\u0435\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u043a\u0443 item-specific \u043f\u0440\u0430\u0432 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 +Security.JobRestrictions.OwnershipRestriction.DisplayName=\u0412\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u044b \u0437\u0430\u0434\u0430\u0447\u0438 \u0432\u0445\u043e\u0434\u044f\u0442 \u0432 \u0441\u043f\u0438\u0441\u043e\u043a +Security.AuthorizeProject.OwnershipAuthorizeProjectStrategy.DisplayName=\u0417\u0430\u043f\u0443\u0441\u043a \u043e\u0442 \u0438\u043c\u0435\u043d\u0438 \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430 \u0437\u0430\u0434\u0430\u0447\u0438 + +Wrappers.OwnershipBuildWrapper.DisplayName=\u0414\u043e\u0431\u0430\u0432\u0438\u0442\u044c \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044e \u043e \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430\u0445 \u0432 \u043e\u043a\u0440\u0443\u0436\u0435\u043d\u0438\u0435 + +OwnershipAction.ManageOwnership.DisplayName=\u041d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u0432 +OwnershipAction.ManageOwners.DisplayName=\u041d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0435\u0432 +OwnershipAction.ConfigureSpecificAccess.DisplayName=\u041d\u0430\u0441\u0442\u0440\u043e\u0438\u0442\u044c item-specific \u043f\u0440\u0430\u0432\u0430 \u0434\u043e\u0441\u0442\u0443\u043f\u0430 + +Utils.UI.UserSelector=ID \u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u0442\u0435\u043b\u044f\u008f + +# Extensions +ItemOwnershipPolicy.AssignCreatorPolicy.displayName=\u041d\u0430\u0437\u043d\u0430\u0447\u0438\u0442\u044c \u0441\u043e\u0437\u0434\u0430\u0442\u0435\u043b\u044f \u0437\u0430\u0434\u0430\u0447\u0438 \u043a\u0430\u043a \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430 +ItemOwnershipPolicy.DropOwnershipPolicy.displayName=\u041d\u0435 \u043d\u0430\u0437\u043d\u0430\u0447\u0430\u0442\u044c \u0432\u043b\u0430\u0434\u0435\u043b\u044c\u0446\u0430 diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPlugin/config.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPlugin/config.jelly index 81a68664..8ea1d052 100644 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPlugin/config.jelly +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPlugin/config.jelly @@ -1,7 +1,7 @@ + - - -
-
${itemType} ${%Ownership}
- - - - - - - - - + + + + +
+ + +
+
-
${%Owner}
- 		- -
- + - -
-
${%Co-owners}
- 		- - - +
${%Primary}
+ 		+
- -
- - - - - - - - - - - + + + + + + - - + +
- - ${%ownersMailToLink.text(itemType)} -
+
${%Secondary}
+ 		- - ${%adminsMailToLink.text} + + +
+ +
+ + + + + + + + + + + + + + +
+ + ${%ownersMailToLink.text(itemType)} + + + ${%adminsMailToLink.text} +
+
-
- \ No newline at end of file + + + + + +
+
${itemType} ${%Ownership}
+

+ ${%noOwnership.info.text(itemType)} +

+

+ ${%noOwnership.info.hint} ${%noOwnership.disableDisplayHint.text} ${%noOwnership.disableDisplayHint.configPath} +

+
+ + diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPlugin/floatingBoxTemplate.properties b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPlugin/floatingBoxTemplate.properties index 48887ad4..70dcfe42 100644 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPlugin/floatingBoxTemplate.properties +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPlugin/floatingBoxTemplate.properties @@ -1,2 +1,9 @@ ownersMailToLink.text=E-mail to {0} owners adminsMailToLink.text=E-mail to Service owners + +noOwnership.info.hint=HINT: +noOwnership.info.text=Ownership is not configured for this {0}. \ + It can be configured using the "Manage Ownership" link on the left menu if you have appropriate permissions. +noOwnership.disableDisplayHint.text=If you want to hide this box, you can do it via +noOwnership.disableDisplayHint.configPath=\ + "Jenkins Global Configuration/Ownership/Ownership Display Options/Hide ownership summaries for missing ownership info" diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPlugin/propertyConfig.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPlugin/propertyConfig.jelly deleted file mode 100644 index 1df41a6d..00000000 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPlugin/propertyConfig.jelly +++ /dev/null @@ -1,96 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - User, who have specific access rights to the item. - - - -
- -
- -
- - - \ No newline at end of file diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPluginConfiguration/config.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPluginConfiguration/config.jelly index 3eb9d271..02c132ae 100644 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPluginConfiguration/config.jelly +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/OwnershipPluginConfiguration/config.jelly @@ -1,7 +1,7 @@ +

- + ${%Manage item-specific access rights}

@@ -53,4 +54,4 @@ - \ No newline at end of file + diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobAction/index.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobAction/index.jelly index d6bd6837..f0b60191 100644 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobAction/index.jelly +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobAction/index.jelly @@ -1,7 +1,7 @@ +

- ${it.displayName} + ${it.displayName}

This page allows to configure ownership and specific access rights of the item.

@@ -46,14 +47,14 @@ - - ${%Manage Owners, add co-owners, etc.} + + ${%Manage primary and secondary owners} - + ${%Configure job-specific access rights}. - \ No newline at end of file + diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobAction/manage-owners.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobAction/manage-owners.jelly index 29d264cf..68029221 100644 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobAction/manage-owners.jelly +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobAction/manage-owners.jelly @@ -1,7 +1,7 @@ + @@ -28,10 +29,11 @@

- + ${%Manage Owners}

Warning! You may lose access rights to this page if you change ownership

+ @@ -46,4 +48,4 @@ - \ No newline at end of file + diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobProperty/config.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobProperty/config.jelly index 658a83af..d4955dfd 100644 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobProperty/config.jelly +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobProperty/config.jelly @@ -1,7 +1,7 @@ + diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobProperty/summary.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobProperty/summary.jelly index 0be9e44c..ba33db49 100644 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobProperty/summary.jelly +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobProperty/summary.jelly @@ -1,7 +1,7 @@ + diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/OwnershipJobFilter/config.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/OwnershipJobFilter/config.jelly index b6fec10d..09557690 100644 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/OwnershipJobFilter/config.jelly +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/jobs/OwnershipJobFilter/config.jelly @@ -1,7 +1,7 @@ + @@ -35,6 +36,6 @@ Filter will check ownership of the specified user - ${%Accept co-owned jobs} + ${%Accept items, where the user is a secondary owner} \ No newline at end of file diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnershipAction/configure-project-specifics.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnershipAction/configure-project-specifics.jelly index a5369e73..d8584607 100644 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnershipAction/configure-project-specifics.jelly +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnershipAction/configure-project-specifics.jelly @@ -1,7 +1,7 @@ +

- ${%Configure node-specific access rights} + ${%Configure node-specific access rights}

@@ -36,4 +37,4 @@ - \ No newline at end of file + diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnershipAction/index.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnershipAction/index.jelly index f1afbffe..45084af1 100644 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnershipAction/index.jelly +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnershipAction/index.jelly @@ -1,7 +1,7 @@ +

- ${it.displayName} + ${it.displayName}

This page allows to configure ownership and specific access rights of the item.

@@ -46,8 +47,8 @@ - - ${%Manage Owners, add co-owners, etc.} + + ${%Manage primary and secondary owners} + @@ -28,10 +29,11 @@

- ${%Manage owners} + ${%Manage Owners}

Warning! You may lose access rights to this page if you change ownership

+ @@ -46,4 +48,4 @@ - \ No newline at end of file + diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnershipAction/propertyConfig.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnershipAction/propertyConfig.jelly deleted file mode 100644 index ecb70e60..00000000 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/NodeOwnershipAction/propertyConfig.jelly +++ /dev/null @@ -1,82 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - ID of the user, who have specific access rights to the item. - Unregistered users are accepted as well. - - - -
- -
- -
- - - \ No newline at end of file diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnerNodeProperty/config.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnerNodeProperty/config.jelly index 658a83af..d4955dfd 100644 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnerNodeProperty/config.jelly +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnerNodeProperty/config.jelly @@ -1,7 +1,7 @@ + diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnerNodeProperty/summary.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnerNodeProperty/summary.jelly index f4639153..bd344e53 100644 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnerNodeProperty/summary.jelly +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnerNodeProperty/summary.jelly @@ -1,7 +1,7 @@ + diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnershipNodeMonitor/Data/cause.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnershipNodeMonitor/Data/cause.jelly index 7210dfe1..fb66b5af 100644 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnershipNodeMonitor/Data/cause.jelly +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnershipNodeMonitor/Data/cause.jelly @@ -1,7 +1,7 @@ + diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/security/itemspecific/ItemSpecificSecurity/config.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/security/itemspecific/ItemSpecificSecurity/config.jelly index b0560964..6ca99dd6 100644 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/security/itemspecific/ItemSpecificSecurity/config.jelly +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/security/itemspecific/ItemSpecificSecurity/config.jelly @@ -1,8 +1,9 @@ + + xmlns:l="/lib/layout" xmlns:t="/lib/hudson" xmlns:f="/lib/form" xmlns:o="/lib/ownership"> - + -
+ - \ No newline at end of file + diff --git a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/security/jobrestrictions/OwnersListJobRestriction/config.jelly b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/security/jobrestrictions/OwnersListJobRestriction/config.jelly index 83280349..eec10f6a 100644 --- a/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/security/jobrestrictions/OwnersListJobRestriction/config.jelly +++ b/src/main/resources/com/synopsys/arc/jenkins/plugins/ownership/security/jobrestrictions/OwnersListJobRestriction/config.jelly @@ -1,7 +1,7 @@ + diff --git a/src/main/resources/index.jelly b/src/main/resources/index.jelly index 02f08adc..2f9e7b75 100644 --- a/src/main/resources/index.jelly +++ b/src/main/resources/index.jelly @@ -1,3 +1,4 @@ +
- Provides explicit support of Jobs and Nodes ownership (property fields, columns, etc.) + Provides ownership management engine for Jobs, Nodes and Folders (UI, security integration, etc.)
\ No newline at end of file diff --git a/src/main/resources/lib/ownership/blockWrapper.jelly b/src/main/resources/lib/ownership/blockWrapper.jelly new file mode 100644 index 00000000..06a23c03 --- /dev/null +++ b/src/main/resources/lib/ownership/blockWrapper.jelly @@ -0,0 +1,20 @@ + + + + The wrapper will be a `table` tag on Jenkins Core less than ~2.241, and a `div` tag after that + + + + +
+ +
+ + + + +
+ + + + diff --git a/src/main/resources/lib/ownership/taglib b/src/main/resources/lib/ownership/taglib new file mode 100644 index 00000000..e69de29b diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/config/DisplayOptions/config.jelly b/src/main/resources/org/jenkinsci/plugins/ownership/config/DisplayOptions/config.jelly new file mode 100644 index 00000000..176625dc --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/config/DisplayOptions/config.jelly @@ -0,0 +1,39 @@ + + + + + + + + + + + + + + + + diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/config/DisplayOptions/help-hideOwnershipIfNoData.html b/src/main/resources/org/jenkinsci/plugins/ownership/config/DisplayOptions/help-hideOwnershipIfNoData.html new file mode 100644 index 00000000..4e67cdad --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/config/DisplayOptions/help-hideOwnershipIfNoData.html @@ -0,0 +1,6 @@ +
+ This option hides empty Ownership summary boxes. +

+ If enabled, Jenkins will not show Ownership info box if the data is missing. + If disabled, Jenkins will show a summary box with "Ownership is not configured"message. +

diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/config/DisplayOptions/help-hideRunOwnership.html b/src/main/resources/org/jenkinsci/plugins/ownership/config/DisplayOptions/help-hideRunOwnership.html new file mode 100644 index 00000000..5f2cb64a --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/config/DisplayOptions/help-hideRunOwnership.html @@ -0,0 +1,3 @@ +
+ Hides ownership info on Run pages. This option may be used to save some space on the page. +
diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/config/InheritanceOptions/config.jelly b/src/main/resources/org/jenkinsci/plugins/ownership/config/InheritanceOptions/config.jelly new file mode 100644 index 00000000..0304ba67 --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/config/InheritanceOptions/config.jelly @@ -0,0 +1,32 @@ + + + + + + + + + diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/config/InheritanceOptions/help-blockInheritanceFromItemGroups.html b/src/main/resources/org/jenkinsci/plugins/ownership/config/InheritanceOptions/help-blockInheritanceFromItemGroups.html new file mode 100644 index 00000000..9e7bbec5 --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/config/InheritanceOptions/help-blockInheritanceFromItemGroups.html @@ -0,0 +1,13 @@ +
+

+ Blocks ownership inheritance from item groups like + Folders or + Multi-branch projects. +

+

+ By default the plugin inherits ownership info from upper items. + Such inheritance may impact the performance of the Jenkins instance (especially + Ownership-based security), + hence it is possible to disable it. +

+
diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/config/PreserveOwnershipPolicy/config.jelly b/src/main/resources/org/jenkinsci/plugins/ownership/config/PreserveOwnershipPolicy/config.jelly new file mode 100644 index 00000000..0a0fbad5 --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/config/PreserveOwnershipPolicy/config.jelly @@ -0,0 +1,29 @@ + + + + + \ No newline at end of file diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/integrations/rolestrategy/Messages.properties b/src/main/resources/org/jenkinsci/plugins/ownership/integrations/rolestrategy/Messages.properties new file mode 100644 index 00000000..6fca43d3 --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/integrations/rolestrategy/Messages.properties @@ -0,0 +1,3 @@ +CurrentUserIsOwnerMacro.description= Checks if the current user is an owner of the item (both primary and secondary work) +CurrentUserIsPrimaryOwnerMacro.description= Checks if the current user is a primary owner of the item + diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/integrations/securityinspector/PermissionsForOwnerReportBuilder/configureReport.jelly b/src/main/resources/org/jenkinsci/plugins/ownership/integrations/securityinspector/PermissionsForOwnerReportBuilder/configureReport.jelly new file mode 100644 index 00000000..2f08f021 --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/integrations/securityinspector/PermissionsForOwnerReportBuilder/configureReport.jelly @@ -0,0 +1,69 @@ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/integrations/securityinspector/PermissionsForOwnerReportBuilder/reportBody.jelly b/src/main/resources/org/jenkinsci/plugins/ownership/integrations/securityinspector/PermissionsForOwnerReportBuilder/reportBody.jelly new file mode 100644 index 00000000..590e41c0 --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/integrations/securityinspector/PermissionsForOwnerReportBuilder/reportBody.jelly @@ -0,0 +1,34 @@ + + + + + + + +

${%Permissions of} "${_user.id}" ${%for items}

+ + + + diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/model/OwnershipDescriptionSource/DisabledSource/summary.jelly b/src/main/resources/org/jenkinsci/plugins/ownership/model/OwnershipDescriptionSource/DisabledSource/summary.jelly new file mode 100644 index 00000000..dfe88a57 --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/model/OwnershipDescriptionSource/DisabledSource/summary.jelly @@ -0,0 +1,30 @@ + + + + + ${%blurb} + + diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/model/OwnershipDescriptionSource/DisabledSource/summary.properties b/src/main/resources/org/jenkinsci/plugins/ownership/model/OwnershipDescriptionSource/DisabledSource/summary.properties new file mode 100644 index 00000000..b87144eb --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/model/OwnershipDescriptionSource/DisabledSource/summary.properties @@ -0,0 +1 @@ +blurb=Ownership of this item is not set up. Once saved, the new ownership settings will be applied. diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipAction/index.jelly b/src/main/resources/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipAction/index.jelly new file mode 100644 index 00000000..4f60ffe1 --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipAction/index.jelly @@ -0,0 +1,57 @@ + + + + + + +

+ + ${it.displayName} +

+

This page allows to configure ownership and specific access rights of the item.

+ + + + + +
${title}
+
+ +
+ + + + + + + ${%Manage primary and secondary owners} + + + + + + diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipAction/manage-owners.jelly b/src/main/resources/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipAction/manage-owners.jelly new file mode 100644 index 00000000..f0ef6678 --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipAction/manage-owners.jelly @@ -0,0 +1,51 @@ + + + + + + + +

+ + ${%Manage Owners} +

+

Warning! You may lose access rights to this page if you change ownership

+ + + + + + + + + + + + + + + + diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipAction/summary.jelly b/src/main/resources/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipAction/summary.jelly new file mode 100644 index 00000000..428b8f47 --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipAction/summary.jelly @@ -0,0 +1,31 @@ + + + + + + + + diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipDescriptionSource/summary.jelly b/src/main/resources/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipDescriptionSource/summary.jelly new file mode 100644 index 00000000..54c88bb6 --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipDescriptionSource/summary.jelly @@ -0,0 +1,33 @@ + + + + + + ${folder.iconColor.description} + + + diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipProperty/config.jelly b/src/main/resources/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipProperty/config.jelly new file mode 100644 index 00000000..836c588f --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipProperty/config.jelly @@ -0,0 +1,28 @@ + + + + + \ No newline at end of file diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipProperty/summary.jelly b/src/main/resources/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipProperty/summary.jelly new file mode 100644 index 00000000..47b4c592 --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipProperty/summary.jelly @@ -0,0 +1,31 @@ + + + + + + + + \ No newline at end of file diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/model/jobs/JobOwnershipDescriptionSource/summary.jelly b/src/main/resources/org/jenkinsci/plugins/ownership/model/jobs/JobOwnershipDescriptionSource/summary.jelly new file mode 100644 index 00000000..a3a6fb2a --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/model/jobs/JobOwnershipDescriptionSource/summary.jelly @@ -0,0 +1,28 @@ + + + + + diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/model/nodes/NodeOwnershipDescriptionSource/summary.jelly b/src/main/resources/org/jenkinsci/plugins/ownership/model/nodes/NodeOwnershipDescriptionSource/summary.jelly new file mode 100644 index 00000000..a6c2ab5d --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/model/nodes/NodeOwnershipDescriptionSource/summary.jelly @@ -0,0 +1,28 @@ + + + + + diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/model/runs/RunOwnershipAction/summary.jelly b/src/main/resources/org/jenkinsci/plugins/ownership/model/runs/RunOwnershipAction/summary.jelly index a0328e74..73dd00b9 100644 --- a/src/main/resources/org/jenkinsci/plugins/ownership/model/runs/RunOwnershipAction/summary.jelly +++ b/src/main/resources/org/jenkinsci/plugins/ownership/model/runs/RunOwnershipAction/summary.jelly @@ -21,6 +21,7 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. --> + diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariable/Impl.groovy b/src/main/resources/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariable/Impl.groovy new file mode 100644 index 00000000..67b988da --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariable/Impl.groovy @@ -0,0 +1,46 @@ +/* + * The MIT License + * + * Copyright (c) 2016 CloudBees, Inc. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.model + +import org.jenkinsci.plugins.workflow.cps.CpsScript +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription + +class OwnershipGlobalVariableImpl implements Serializable { + + private CpsScript script + + public OwnershipGlobalVariableImpl(CpsScript script) { + this.script = script + } + + public OwnershipDescription getJob() { + return org.jenkinsci.plugins.ownership.model.workflow.OwnershipGlobalVariable + .getJobOwnershipDescription(script.currentBuild) + } + + public OwnershipDescription getNode() { + return org.jenkinsci.plugins.ownership.model.workflow.OwnershipGlobalVariable + .getNodeOwnershipDescription(script.env.NODE_NAME) + } +} diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariable/help.jelly b/src/main/resources/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariable/help.jelly new file mode 100644 index 00000000..af9beb37 --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariable/help.jelly @@ -0,0 +1,64 @@ + + +
+ Provides ownership info for different item types. +

+ Currently the macro supports retrieval of ownership info for jobs and nodes only. + It can be done via the nested variables: +

+
ownership.job
+
+ Job ownership info. + This info may be inherited from parent folders. +
+
ownership.node
+
+ Node ownership info. + The expression must be used within the node() Pipeline block. + Otherwise the command will throw an exception. +
+
+ + Each call returns a structure, which provides the following fields: +
+
ownershipEnabled
+
Indicates that ownership is configured for the item. + Type: boolean. +
+ +
primaryOwnerId
+
+ User ID of the primary owner. + Type: java.lang.String. +
+ +
primaryOwnerEmail
+
+ Email of the primary owner. Type: java.lang.String. +
+ +
secondaryOwnerIds
+
+ Collection of the item secondary owner user IDs (does not include the item owner). + Type: java.util.Set<String>. +
+ +
secondaryOwnerEmails
+
Collection of the secondary owner e-mails (does not include the item owner). + Type: java.util.Set<String>. +
+
+ + + + + + Usage example: + 
+    ${snippetCode}
+
+
+ diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariable/sample_forHelp.groovy b/src/main/resources/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariable/sample_forHelp.groovy new file mode 100644 index 00000000..2730ffef --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariable/sample_forHelp.groovy @@ -0,0 +1,17 @@ +stage('Print Job Ownership Info') { + def primaryOwnerEmail = ownership.job.primaryOwnerEmail + if (ownership.job.ownershipEnabled) { + println "Primary owner ID: ${ownership.job.primaryOwnerId}" + println "Primary owner e-mail: ${primaryOwnerEmail}" + println "Secondary owner IDs: ${ownership.job.secondaryOwnerIds}" + println "Secondary owner e-mails: ${ownership.job.secondaryOwnerEmails}" + } else { + println "Ownership is disabled" + } +} + +stage('Send e-mail to the job owner') { + mail to: primaryOwnerEmail, + subject: "Job '${env.JOB_NAME}' (${env.BUILD_NUMBER}) is waiting for input", + body: "Please go to ${env.BUILD_URL} and verify the build" +} diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariable/sample_printJobOwnershipInfo.groovy b/src/main/resources/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariable/sample_printJobOwnershipInfo.groovy new file mode 100644 index 00000000..c99dc602 --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariable/sample_printJobOwnershipInfo.groovy @@ -0,0 +1,8 @@ +if (ownership.job.ownershipEnabled) { + println "Owner ID: ${ownership.job.primaryOwnerId}" + println "Owner e-mail: ${ownership.job.primaryOwnerEmail}" + println "Co-owner IDs: ${ownership.job.secondaryOwnerIds}" + println "Co-owner e-mails: ${ownership.job.secondaryOwnerEmails}" +} else { + println "Ownership is disabled" +} diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariable/sample_printNodeOwnershipInfo.groovy b/src/main/resources/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariable/sample_printNodeOwnershipInfo.groovy new file mode 100644 index 00000000..c26706c4 --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariable/sample_printNodeOwnershipInfo.groovy @@ -0,0 +1,11 @@ +node('requiredLabel') { + echo "Current NODE_NAME = ${env.NODE_NAME}" + if (ownership.node.ownershipEnabled) { + println "Owner ID: ${ownership.node.primaryOwnerId}" + println "Owner e-mail: ${ownership.node.primaryOwnerEmail}" + println "Co-owner IDs: ${ownership.node.secondaryOwnerIds}" + println "Co-owner e-mails: ${ownership.node.secondaryOwnerEmails}" + } else { + println "Ownership of ${env.NODE_NAME} is disabled" + } +} \ No newline at end of file diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/util/environment/EnvSetupOptions/config.jelly b/src/main/resources/org/jenkinsci/plugins/ownership/util/environment/EnvSetupOptions/config.jelly index 891f5d13..dde12380 100644 --- a/src/main/resources/org/jenkinsci/plugins/ownership/util/environment/EnvSetupOptions/config.jelly +++ b/src/main/resources/org/jenkinsci/plugins/ownership/util/environment/EnvSetupOptions/config.jelly @@ -21,16 +21,13 @@ * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. --> + - - - - - - - - -
- - \ No newline at end of file + + + + + + + diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/util/mail/MailOptions/config.jelly b/src/main/resources/org/jenkinsci/plugins/ownership/util/mail/MailOptions/config.jelly index b379a312..56ec8a73 100644 --- a/src/main/resources/org/jenkinsci/plugins/ownership/util/mail/MailOptions/config.jelly +++ b/src/main/resources/org/jenkinsci/plugins/ownership/util/mail/MailOptions/config.jelly @@ -30,18 +30,31 @@ + + + + + + + + + + + + + diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/util/mail/MailOptions/config.properties b/src/main/resources/org/jenkinsci/plugins/ownership/util/mail/MailOptions/config.properties index 9b7e1849..8a158906 100644 --- a/src/main/resources/org/jenkinsci/plugins/ownership/util/mail/MailOptions/config.properties +++ b/src/main/resources/org/jenkinsci/plugins/ownership/util/mail/MailOptions/config.properties @@ -1,4 +1,9 @@ +hideOwnerAndCoOwnerEmails.title=Hide e-mails of owners + contactOwnersSubjectTemplate.title=Item Owners Email Subject Template contactOwnersBodyTemplate.title=Item Owners Email Subject Template +contactOwnersLinkDisabled.title=Disable Contact Item Owners link + contactAdminsSubjectTemplate.title=Service Owners Email Subject Template -contactAdminsBodyTemplate.title=Service Owners Email Body Template \ No newline at end of file +contactAdminsBodyTemplate.title=Service Owners Email Body Template +contactAdminsLinkDisabled.title=Disable Contact Service Owners link \ No newline at end of file diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/util/mail/MailOptions/help-contactAdminsLinkDisabled.html b/src/main/resources/org/jenkinsci/plugins/ownership/util/mail/MailOptions/help-contactAdminsLinkDisabled.html new file mode 100644 index 00000000..1431b8ba --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/util/mail/MailOptions/help-contactAdminsLinkDisabled.html @@ -0,0 +1,7 @@ +
+ Disables "Contact Service Owners" link in summary boxes. +

+ This option is recommended if there is no dedicated service administrators + or if an internal CRM is being used. +

+
\ No newline at end of file diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/util/mail/MailOptions/help-contactOwnersLinkDisabled.html b/src/main/resources/org/jenkinsci/plugins/ownership/util/mail/MailOptions/help-contactOwnersLinkDisabled.html new file mode 100644 index 00000000..d5555807 --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/util/mail/MailOptions/help-contactOwnersLinkDisabled.html @@ -0,0 +1,3 @@ +
+ Disables "Contact Item Owners" link in summary boxes +
\ No newline at end of file diff --git a/src/main/resources/org/jenkinsci/plugins/ownership/util/mail/MailOptions/help-hideOwnerAndCoOwnerEmails.html b/src/main/resources/org/jenkinsci/plugins/ownership/util/mail/MailOptions/help-hideOwnerAndCoOwnerEmails.html new file mode 100644 index 00000000..cc70bb04 --- /dev/null +++ b/src/main/resources/org/jenkinsci/plugins/ownership/util/mail/MailOptions/help-hideOwnerAndCoOwnerEmails.html @@ -0,0 +1,6 @@ +
+ If checked, disables the visualization of primary and secondary owner e-mails in the web interface. +

+ This option may be used to prevent the access to user e-mails by bots if the + Jenkins instance is exposed to the Internet. +

\ No newline at end of file diff --git a/src/main/webapp/css/ownership.css b/src/main/webapp/css/ownership.css index 93f0b9aa..2b6bd114 100644 --- a/src/main/webapp/css/ownership.css +++ b/src/main/webapp/css/ownership.css @@ -1,5 +1,5 @@ .ownership-summary-box { - width: 400px; + width: 75%; background-color: #F0F0F0; border-color: #BBBBBB; border-style: double; @@ -21,10 +21,39 @@ } .ownership-text { - } .ownership-contact-links { margin-left: 5px; border-spacing: 5px; -} \ No newline at end of file +} + +.ownership-toggle-box { + display: none; +} + +.ownership-toggle-box + label { + text-align: center; + font-weight: bold; +} + +.ownership-toggle-box + label:before { + color: #000000; + content: "\25BA"; + display: block; + float: left; + text-align: center; + margin-right: 10px; +} + +.ownership-toggle-box:checked + label:before { + content: "\25BC"; +} + +.ownership-toggle-box + label + div { + display: none; +} + +.ownership-toggle-box:checked + label + div { + display: block; +} diff --git a/src/main/webapp/help/coOwner.html b/src/main/webapp/help/coOwner.html index f152c6fd..8d9f9d24 100644 --- a/src/main/webapp/help/coOwner.html +++ b/src/main/webapp/help/coOwner.html @@ -1,4 +1,5 @@
-Additional users, who have ownership privileges (ex, backup of primary owner). -Plugin allows to set non-registered users as a co-owners. +Additional users, who have ownership privileges. +Plugin allows assigning non-registered users as a secondary owners, +but they will need to login in order to make the ownership effective in the entire Ownership plugin logic.
\ No newline at end of file diff --git a/src/main/webapp/help/primaryOwner.html b/src/main/webapp/help/primaryOwner.html index 4c87df27..67cbf78c 100644 --- a/src/main/webapp/help/primaryOwner.html +++ b/src/main/webapp/help/primaryOwner.html @@ -1,10 +1,11 @@
- User, who owns item and has appropriate access rights (ex, maintainer of the job/node). + User, who owns the item and has an appropriate access permissions (ex, maintainer of the job/node). There're following requirements to the primary owner:
  • Owner is a registered user
    • -
  • Owner should have "Configure" access rights to the job/slave
    • +
  • Owner should have "Configure" access rights to the item
- During initial setup of the job/slave, ownership will be assigned to the current user. You will be able to change owner after clicking on the "Save" button. + During initial setup of the item, ownership will be assigned to the current user. + It is possible to change the owner after clicking the "Save" button.
\ No newline at end of file diff --git a/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipActionTest.java b/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipActionTest.java new file mode 100644 index 00000000..8cafd7ac --- /dev/null +++ b/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipActionTest.java @@ -0,0 +1,109 @@ +/* + * The MIT License + * + * Copyright (c) 2015 Red Hat, Inc. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package com.synopsys.arc.jenkins.plugins.ownership; + +import static org.hamcrest.Matchers.containsString; +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.not; + +import java.util.Arrays; + +import hudson.model.FreeStyleProject; +import hudson.model.User; +import hudson.tasks.Mailer; + +import org.junit.Rule; +import org.junit.Test; +import org.jvnet.hudson.test.JenkinsRule; +import org.jvnet.hudson.test.JenkinsRule.WebClient; + +import org.htmlunit.html.HtmlPage; +import com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerHelper; +import com.synopsys.arc.jenkins.plugins.ownership.nodes.NodeOwnerHelper; + +public class OwnershipActionTest { + + @Rule public JenkinsRule j = new JenkinsRule(); + + @Test + public void test() throws Exception { + // There is no particular reason why email value should look like this, but for a user configurable field this is a realistic scenario. + String mail = "\"T&J\" "; + String id = "_T&J_"; + User user = User.get(id, true); // Use the same ID for user creation and ownership + user.addProperty(new Mailer.UserProperty(mail)); + + FreeStyleProject project = j.createFreeStyleProject(); + JobOwnerHelper.setOwnership(project, new OwnershipDescription(true, id, Arrays.asList(id))); + NodeOwnerHelper.setOwnership(j.jenkins, new OwnershipDescription(true, id, Arrays.asList(id))); + + final WebClient wc = j.createWebClient(); + + final HtmlPage job = wc.getPage(project); + assertThat(job.asXml(), not(containsString(""))); + // Find anchor by partial href match - HtmlUnit normalizes URLs automatically + // Try with URL-encoded version first (as it appears in HTML) + String encodedId = java.net.URLEncoder.encode(id, "UTF-8"); + String userUrlEncoded = j.getURL() + "user/" + encodedId; + String userUrlPlain = j.getURL() + "user/" + id; + + // Try to find the anchor - HtmlUnit should handle URL normalization + org.htmlunit.html.HtmlAnchor anchor = null; + try { + anchor = job.getAnchorByHref(userUrlEncoded); + } catch (org.htmlunit.ElementNotFoundException e1) { + try { + anchor = job.getAnchorByHref(userUrlPlain); + } catch (org.htmlunit.ElementNotFoundException e2) { + // If both fail, try finding by XPath or CSS selector + anchor = job.getFirstByXPath("//a[contains(@href, 'user/" + encodedId + "')]"); + if (anchor == null) { + anchor = job.getFirstByXPath("//a[contains(@href, 'user/" + id.replace("&", "&") + "')]"); + } + } + } + if (anchor != null) { + anchor.click(); + } + + final HtmlPage slave = wc.getPage(j.jenkins); + assertThat(slave.asXml(), not(containsString(""))); + // Same logic for slave page + try { + anchor = job.getAnchorByHref(userUrlEncoded); + } catch (org.htmlunit.ElementNotFoundException e1) { + try { + anchor = job.getAnchorByHref(userUrlPlain); + } catch (org.htmlunit.ElementNotFoundException e2) { + anchor = job.getFirstByXPath("//a[contains(@href, 'user/" + encodedId + "')]"); + if (anchor == null) { + anchor = job.getFirstByXPath("//a[contains(@href, 'user/" + id.replace("&", "&") + "')]"); + } + } + } + if (anchor != null) { + anchor.click(); + } + } +} diff --git a/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipDescriptionTest.java b/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipDescriptionTest.java new file mode 100644 index 00000000..f36dcb3f --- /dev/null +++ b/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/OwnershipDescriptionTest.java @@ -0,0 +1,80 @@ +package com.synopsys.arc.jenkins.plugins.ownership; + +import hudson.model.User; +import hudson.security.HudsonPrivateSecurityRealm; +import java.io.IOException; +import java.util.Arrays; +import java.util.Collections; +import jenkins.model.IdStrategy; +import static org.hamcrest.Matchers.equalTo; +import static org.junit.Assert.assertThat; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.jvnet.hudson.test.JenkinsRule; + + +public class OwnershipDescriptionTest { + private static final IdStrategy CASE_SENSITIVE = new IdStrategy.CaseSensitive(); + + @Rule + public final JenkinsRule j = new JenkinsRule(); + + @Before + public void setUp() throws Exception { + applyIdStrategy(CASE_SENSITIVE); + } + + private void applyIdStrategy(final IdStrategy idStrategy) throws IOException { + HudsonPrivateSecurityRealm realm = new HudsonPrivateSecurityRealm(false, false, null) { + @Override + public IdStrategy getUserIdStrategy() { + return idStrategy; + } + + @Override + public IdStrategy getGroupIdStrategy() { + return idStrategy; + } + }; + realm.createAccount("owner", "owner"); + j.jenkins.setSecurityRealm(realm); + } + + @Test + public void isOwnerShouldRespectCaseSensitiveIdStrategy() throws Exception { + User user = User.get("owner"); + + OwnershipDescription description = new OwnershipDescription(true, "owner", Collections.emptyList()); + assertThat("OwnershipDescription doesn't respect case sensitive strategy", description.isOwner(user, false), equalTo(true)); + + description = new OwnershipDescription(true, "OWNER", Collections.emptyList()); + assertThat("OwnershipDescription doesn't respect case sensitive strategy", description.isOwner(user, false), equalTo(false)); + + description = new OwnershipDescription(true, "another.owner", Arrays.asList("owner")); + assertThat("OwnershipDescription doesn't respect case sensitive strategy", description.isOwner(user, true), equalTo(true)); + + description = new OwnershipDescription(true, "ANOTHER.OWNER", Arrays.asList("OWNER")); + assertThat("OwnershipDescription doesn't respect case sensitive strategy", description.isOwner(user, true), equalTo(false)); + } + + @Test + public void isOwnerShouldRespectCaseInsensitiveIdStrategy() throws Exception { + applyIdStrategy(IdStrategy.CASE_INSENSITIVE); + User user = User.get("owner"); + + OwnershipDescription description = new OwnershipDescription(true, "owner", Collections.emptyList()); + assertThat("OwnershipDescription doesn't respect case sensitive strategy", description.isOwner(user, false), equalTo(true)); + + description = new OwnershipDescription(true, "OWNER", Collections.emptyList()); + assertThat("OwnershipDescription doesn't respect case sensitive strategy", description.isOwner(user, false), equalTo(true)); + + description = new OwnershipDescription(true, "another.owner", Arrays.asList("owner")); + assertThat("OwnershipDescription doesn't respect case sensitive strategy", description.isOwner(user, true), equalTo(true)); + + description = new OwnershipDescription(true, "ANOTHER.OWNER", Arrays.asList("OWNER")); + assertThat("OwnershipDescription doesn't respect case sensitive strategy", description.isOwner(user, true), equalTo(true)); + } + + +} \ No newline at end of file diff --git a/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerHelperTest.java b/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerHelperTest.java new file mode 100644 index 00000000..7afb8b22 --- /dev/null +++ b/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerHelperTest.java @@ -0,0 +1,49 @@ +/* + * The MIT License + * + * Copyright (c) 2016 Oleg Nenashev. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package com.synopsys.arc.jenkins.plugins.ownership.jobs; + +import hudson.model.FreeStyleProject; +import org.jenkinsci.plugins.ownership.model.OwnershipHelperLocator; +import static org.junit.Assert.assertEquals; +import org.junit.Rule; +import org.junit.Test; +import org.jvnet.hudson.test.JenkinsRule; + +/** + * Tests for {@link JobOwnerHelper}. + * @author Oleg Nenashev + */ +public class JobOwnerHelperTest { + + @Rule + public JenkinsRule j = new JenkinsRule(); + + @Test + public void locatorShouldReturnRightHelperForFolder() throws Exception { + FreeStyleProject folder = j.jenkins.createProject(FreeStyleProject.class, "myFolder"); + + assertEquals("OwnershipHelperLocator should return the FolderOwnershipHelper instance", + OwnershipHelperLocator.locate(folder), JobOwnerHelper.Instance); + } +} diff --git a/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobActionSecurityTest.java b/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobActionSecurityTest.java new file mode 100644 index 00000000..0fcb8fc2 --- /dev/null +++ b/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobActionSecurityTest.java @@ -0,0 +1,300 @@ +/* + * The MIT License + * + * Copyright 2022 + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package com.synopsys.arc.jenkins.plugins.ownership.jobs; + +import org.htmlunit.FailingHttpStatusCodeException; +import org.htmlunit.HttpMethod; +import org.htmlunit.WebRequest; +import org.htmlunit.html.HtmlForm; +import org.htmlunit.html.HtmlPage; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin; +import hudson.model.FreeStyleProject; +import hudson.model.Item; +import hudson.model.User; +import jenkins.model.Jenkins; +import net.sf.json.JSONObject; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.jvnet.hudson.test.Issue; +import org.jvnet.hudson.test.JenkinsRule; +import org.jvnet.hudson.test.JenkinsRule.WebClient; +import org.jvnet.hudson.test.MockAuthorizationStrategy; + +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.is; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.fail; + +/** + * Security tests for JobOwnerJobAction endpoints. + * Tests CSRF protection and permission checks for SECURITY-2062 fixes. + */ +public class JobOwnerJobActionSecurityTest { + + @Rule + public JenkinsRule r = new JenkinsRule(); + + private FreeStyleProject project; + + @Before + public void setupSecurity() throws Exception { + r.jenkins.setSecurityRealm(r.createDummySecurityRealm()); + + // Create users explicitly + User.get("admin", true); + User.get("readonly-user", true); + User.get("configure-user", true); + + // Create project first, before setting up authorization strategy + project = r.createFreeStyleProject("test-project"); + JobOwnerHelper.setOwnership(project, new OwnershipDescription(true, "admin", null)); + + MockAuthorizationStrategy mas = new MockAuthorizationStrategy(); + + // Admin has all permissions including MANAGE_ITEMS_OWNERSHIP + mas.grant(Jenkins.ADMINISTER) + .everywhere() + .to("admin"); + + // Explicitly grant MANAGE_ITEMS_OWNERSHIP on the specific project + mas.grant(OwnershipPlugin.MANAGE_ITEMS_OWNERSHIP) + .onItems(project) + .to("admin"); + + // User with only READ permission (should not be able to modify ownership) + // Grant READ on the project so action is available, but methods will check MANAGE_ITEMS_OWNERSHIP + mas.grant(Item.READ, Jenkins.READ) + .everywhere() + .to("readonly-user"); + mas.grant(Item.READ) + .onItems(project) + .to("readonly-user"); + + // User with CONFIGURE but not MANAGE_ITEMS_OWNERSHIP (should not be able to modify ownership) + // Grant READ on the project so action is available, but methods will check MANAGE_ITEMS_OWNERSHIP + mas.grant(Item.CONFIGURE, Item.READ, Jenkins.READ) + .everywhere() + .to("configure-user"); + mas.grant(Item.READ) + .onItems(project) + .to("configure-user"); + + r.jenkins.setAuthorizationStrategy(mas); + r.jenkins.save(); // Save configuration to ensure it's persisted + } + + @Test + @Issue("SECURITY-2062") + public void doOwnersSubmit_requiresPOST() throws Exception { + WebClient wc = r.createWebClient(); + wc.login("admin", "admin"); + + // Try GET request - should fail + try { + WebRequest req = new WebRequest( + wc.createCrumbedUrl(project.getUrl() + "ownership/ownersSubmit"), + HttpMethod.GET); + wc.getPage(req); + fail("GET request should be rejected for doOwnersSubmit"); + } catch (FailingHttpStatusCodeException e) { + // Expected: should return 405 Method Not Allowed or similar + assertThat("GET request should be rejected", e.getStatusCode(), is(405)); + } + } + + @Test + @Issue("SECURITY-2062") + public void doOwnersSubmit_requiresManageOwnershipPermission() throws Exception { + WebClient wc = r.createWebClient(); + + // Try with readonly user - should fail + wc.login("readonly-user", "readonly-user"); + try { + WebRequest req = new WebRequest( + wc.createCrumbedUrl(project.getUrl() + "ownership/ownersSubmit"), + HttpMethod.POST); + req.setAdditionalHeader("Content-Type", "application/x-www-form-urlencoded"); + req.setRequestBody("owners=" + createOwnershipJSON("readonly-user")); + wc.getPage(req); + fail("User with only READ permission should not be able to change ownership"); + } catch (FailingHttpStatusCodeException e) { + // Expected: should return 403 Forbidden + assertThat("User without MANAGE_ITEMS_OWNERSHIP should be rejected", + e.getStatusCode(), is(403)); + } + + // Verify ownership was not changed + assertThat(getPrimaryOwner(project), is(equalTo("admin"))); + } + + @Test + @Issue("SECURITY-2062") + public void doOwnersSubmit_allowsPOSTWithProperPermissions() throws Exception { + WebClient wc = r.createWebClient(); + wc.login("admin", "admin"); + + // POST request with proper permissions should work + // Use direct POST request like other tests, with proper form data + // Stapler expects form data with JSON object for "owners" field + JSONObject ownersJson = new JSONObject(); + ownersJson.put("primaryOwner", "new-owner"); + JSONObject formData = new JSONObject(); + formData.put("owners", ownersJson); + + WebRequest req = new WebRequest( + wc.createCrumbedUrl(project.getUrl() + "ownership/ownersSubmit"), + HttpMethod.POST); + req.setAdditionalHeader("Content-Type", "application/x-www-form-urlencoded"); + req.setRequestBody("json=" + formData.toString()); + wc.getPage(req); + + // Verify ownership was changed + assertThat(getPrimaryOwner(project), is(equalTo("new-owner"))); + } + + @Test + @Issue("SECURITY-2062") + public void doProjectSpecificSecuritySubmit_requiresPOST() throws Exception { + WebClient wc = r.createWebClient(); + wc.login("admin", "admin"); + + // Try GET request - should fail + try { + WebRequest req = new WebRequest( + wc.createCrumbedUrl(project.getUrl() + "ownership/projectSpecificSecuritySubmit"), + HttpMethod.GET); + wc.getPage(req); + fail("GET request should be rejected for doProjectSpecificSecuritySubmit"); + } catch (FailingHttpStatusCodeException e) { + // Expected: should return 405 Method Not Allowed or similar + assertThat("GET request should be rejected", e.getStatusCode(), is(405)); + } + } + + @Test + @Issue("SECURITY-2062") + public void doProjectSpecificSecuritySubmit_requiresManageOwnershipPermission() throws Exception { + WebClient wc = r.createWebClient(); + + // Try with readonly user - should fail + wc.login("readonly-user", "readonly-user"); + try { + WebRequest req = new WebRequest( + wc.createCrumbedUrl(project.getUrl() + "ownership/projectSpecificSecuritySubmit"), + HttpMethod.POST); + req.setAdditionalHeader("Content-Type", "application/x-www-form-urlencoded"); + req.setRequestBody(""); // Empty form + wc.getPage(req); + fail("User with only READ permission should not be able to modify project-specific security"); + } catch (FailingHttpStatusCodeException e) { + // Expected: should return 403 Forbidden + assertThat("User without MANAGE_ITEMS_OWNERSHIP should be rejected", + e.getStatusCode(), is(403)); + } + } + + @Test + @Issue("SECURITY-2062") + public void doRestoreDefaultSpecificSecuritySubmit_requiresPOST() throws Exception { + WebClient wc = r.createWebClient(); + wc.login("admin", "admin"); + + // Try GET request - should fail + try { + WebRequest req = new WebRequest( + wc.createCrumbedUrl(project.getUrl() + "ownership/restoreDefaultSpecificSecuritySubmit"), + HttpMethod.GET); + wc.getPage(req); + fail("GET request should be rejected for doRestoreDefaultSpecificSecuritySubmit"); + } catch (FailingHttpStatusCodeException e) { + // Expected: should return 405 Method Not Allowed or similar + assertThat("GET request should be rejected", e.getStatusCode(), is(405)); + } + } + + @Test + @Issue("SECURITY-2062") + public void doRestoreDefaultSpecificSecuritySubmit_requiresManageOwnershipPermission() throws Exception { + WebClient wc = r.createWebClient(); + + // Try with readonly user - should fail + wc.login("readonly-user", "readonly-user"); + try { + WebRequest req = new WebRequest( + wc.createCrumbedUrl(project.getUrl() + "ownership/restoreDefaultSpecificSecuritySubmit"), + HttpMethod.POST); + req.setAdditionalHeader("Content-Type", "application/x-www-form-urlencoded"); + req.setRequestBody(""); // Empty form + wc.getPage(req); + fail("User with only READ permission should not be able to restore default security"); + } catch (FailingHttpStatusCodeException e) { + // Expected: should return 403 Forbidden + assertThat("User without MANAGE_ITEMS_OWNERSHIP should be rejected", + e.getStatusCode(), is(403)); + } + } + + @Test + @Issue("SECURITY-2062") + public void configureUser_cannotModifyOwnership() throws Exception { + WebClient wc = r.createWebClient(); + + // User with CONFIGURE but not MANAGE_ITEMS_OWNERSHIP should not be able to modify ownership + wc.login("configure-user", "configure-user"); + try { + WebRequest req = new WebRequest( + wc.createCrumbedUrl(project.getUrl() + "ownership/ownersSubmit"), + HttpMethod.POST); + req.setAdditionalHeader("Content-Type", "application/x-www-form-urlencoded"); + req.setRequestBody("owners=" + createOwnershipJSON("configure-user")); + wc.getPage(req); + fail("User with CONFIGURE but without MANAGE_ITEMS_OWNERSHIP should not be able to change ownership"); + } catch (FailingHttpStatusCodeException e) { + // Expected: should return 403 Forbidden + assertThat("User without MANAGE_ITEMS_OWNERSHIP should be rejected", + e.getStatusCode(), is(403)); + } + + // Verify ownership was not changed + assertThat(getPrimaryOwner(project), is(equalTo("admin"))); + } + + private String getPrimaryOwner(FreeStyleProject project) { + JobOwnerJobProperty prop = JobOwnerHelper.getOwnerProperty(project); + if (prop != null && prop.getOwnership() != null) { + return prop.getOwnership().getPrimaryOwnerId(); + } + return null; + } + + private String createOwnershipJSON(String ownerId) { + JSONObject json = new JSONObject(); + json.put("primaryOwner", ownerId); + return json.toString(); + } +} + diff --git a/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobPropertyTest.java b/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobPropertyTest.java new file mode 100644 index 00000000..e978957d --- /dev/null +++ b/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/jobs/JobOwnerJobPropertyTest.java @@ -0,0 +1,151 @@ +/* + * The MIT License + * + * Copyright 2018 CloudBees, Inc. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package com.synopsys.arc.jenkins.plugins.ownership.jobs; + +import org.htmlunit.FailingHttpStatusCodeException; +import org.htmlunit.HttpMethod; +import org.htmlunit.WebRequest; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import hudson.cli.CLICommandInvoker; +import hudson.cli.UpdateJobCommand; +import hudson.model.FreeStyleProject; +import hudson.model.Item; +import hudson.model.Job; +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.nio.charset.StandardCharsets; +import jenkins.model.Jenkins; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.jvnet.hudson.test.Issue; +import org.jvnet.hudson.test.JenkinsRule; +import org.jvnet.hudson.test.JenkinsRule.WebClient; +import org.jvnet.hudson.test.MockAuthorizationStrategy; + +import static hudson.cli.CLICommandInvoker.Matcher.failedWith; +import static hudson.cli.CLICommandInvoker.Matcher.succeededSilently; +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.is; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.fail; + +public class JobOwnerJobPropertyTest { + + @Rule + public JenkinsRule r = new JenkinsRule(); + + @Before + public void setupSecurity() { + r.jenkins.setSecurityRealm(r.createDummySecurityRealm()); + MockAuthorizationStrategy mas = new MockAuthorizationStrategy(); + mas.grant(Jenkins.ADMINISTER) // Implies MANAGE_ITEMS_OWNERSHIP. + .everywhere() + .to("admin"); + mas.grant(Item.CONFIGURE, Item.READ, Jenkins.READ) + .everywhere() + .to("non-admin"); + r.jenkins.setAuthorizationStrategy(mas); + } + + @Test + @Issue("SECURITY-498") + public void changeOwnerViaPost() throws Exception { + FreeStyleProject p = r.createFreeStyleProject(); + p.getProperty(JobOwnerJobProperty.class).setOwnershipDescription(new OwnershipDescription(true, "admin", null)); + + WebClient wc = r.createWebClient(); + wc.login("non-admin", "non-admin"); + WebRequest req = new WebRequest(wc.createCrumbedUrl(String.format("%sconfig.xml", p.getUrl())), HttpMethod.POST); + req.setAdditionalHeader("Content-Type", "application/xml"); + req.setRequestBody(getJobXml("admin")); + wc.getPage(req); + assertThat("Users should be able to configure jobs when ownership is unchanged", + getPrimaryOwner(p), is(equalTo("admin"))); + + try { + wc.login("non-admin", "non-admin"); + req.setRequestBody(getJobXml("non-admin")); + wc.getPage(req); + fail("Users should not be able to configure job ownership without Manger Ownership/Jobs permissions"); + } catch (FailingHttpStatusCodeException e) { + assertThat(getPrimaryOwner(p), is(equalTo("admin"))); + } + + wc.login("admin", "admin"); + req.setRequestBody(getJobXml("non-admin")); + wc.getPage(req); + assertThat("Users with Manage Ownership/Jobs permissions should be able to change ownership", + getPrimaryOwner(p), is(equalTo("non-admin"))); + } + + @Test + @Issue("SECURITY-498") + public void changeOwnerViaCLI() throws Exception { + FreeStyleProject p = r.createFreeStyleProject(); + p.getProperty(JobOwnerJobProperty.class).setOwnershipDescription(new OwnershipDescription(true, "admin", null)); + + CLICommandInvoker command = new CLICommandInvoker(r, new UpdateJobCommand()) + .asUser("non-admin") + .withArgs(p.getFullName()) + .withStdin(getJobXmlAsStream("admin")); + assertThat("Users without Overall/Administer permissions should not be able to configure jobs via CLI", + command.invoke(), failedWith(1)); + assertThat(getPrimaryOwner(p), is(equalTo("admin"))); + + command.asUser("admin") + .withArgs(p.getFullName()) + .withStdin(getJobXmlAsStream("non-admin")); + assertThat("Users with Overall/Administer permissions should be able to configure jobs via CLI", + command.invoke(), succeededSilently()); + assertThat(getPrimaryOwner(p), is(equalTo("non-admin"))); + } + + private String getPrimaryOwner(Job job) { + return job.getProperty(JobOwnerJobProperty.class).getOwnership().getPrimaryOwnerId(); + } + + private String getJobXml(String ownerSid) { + return String.format(JOB_XML_TEMPLATE, ownerSid); + } + + private InputStream getJobXmlAsStream(String ownerSid) { + return new ByteArrayInputStream(getJobXml(ownerSid).getBytes(StandardCharsets.UTF_8)); + } + + private static final String JOB_XML_TEMPLATE = + "" + + "" + + "" + + " " + + " " + + " true" + + " %s" + + " " + + " " + + " " + + "" + + ""; +} diff --git a/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnerNodePropertyTest.java b/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnerNodePropertyTest.java new file mode 100644 index 00000000..51f40f9f --- /dev/null +++ b/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/nodes/OwnerNodePropertyTest.java @@ -0,0 +1,168 @@ +/* + * The MIT License + * + * Copyright 2018 CloudBees, Inc. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package com.synopsys.arc.jenkins.plugins.ownership.nodes; + +import org.htmlunit.FailingHttpStatusCodeException; +import org.htmlunit.HttpMethod; +import org.htmlunit.WebRequest; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import hudson.cli.CLICommandInvoker; +import hudson.cli.UpdateNodeCommand; +import hudson.model.Computer; +import hudson.model.Node; +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.nio.charset.StandardCharsets; +import jenkins.model.Jenkins; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.jvnet.hudson.test.Issue; +import org.jvnet.hudson.test.JenkinsRule; +import org.jvnet.hudson.test.MockAuthorizationStrategy; + +import static hudson.cli.CLICommandInvoker.Matcher.failedWith; +import static hudson.cli.CLICommandInvoker.Matcher.succeededSilently; +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.is; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.fail; + +public class OwnerNodePropertyTest { + + @Rule + public JenkinsRule r = new JenkinsRule(); + + @Before + public void setupSecurity() { + r.jenkins.setSecurityRealm(r.createDummySecurityRealm()); + MockAuthorizationStrategy mas = new MockAuthorizationStrategy(); + mas.grant(Jenkins.ADMINISTER) // Implies MANAGE_SLAVES_OWNERSHIP. + .everywhere() + .to("admin"); + mas.grant(Computer.CONFIGURE, Jenkins.READ) + .everywhere() + .to("non-admin"); + r.jenkins.setAuthorizationStrategy(mas); + } + + @Test + @Issue("SECURITY-498") + public void changeOwnerViaPost() throws Exception { + String nodeName; // Computer#updateByXml replaces the existing node with a new instance, so we always need to look up the current instance. + String nodeUrl; + { + Node n = r.createSlave(); + n.getNodeProperties().add(new OwnerNodeProperty(n, new OwnershipDescription(true, "admin", null))); + nodeName = n.getNodeName(); + nodeUrl = n.toComputer().getUrl(); + } + + JenkinsRule.WebClient wc = r.createWebClient(); + wc.login("non-admin", "non-admin"); + WebRequest req = new WebRequest(wc.createCrumbedUrl(String.format("%sconfig.xml", nodeUrl)), HttpMethod.POST); + req.setAdditionalHeader("Content-Type", "application/xml"); + req.setRequestBody(getNodeXml(nodeName, "admin")); + wc.getPage(req); + assertThat("Users should be able to configure jobs when ownership is unchanged", + getPrimaryOwner(nodeName), is(equalTo("admin"))); + + try { + wc.login("non-admin", "non-admin"); + req.setRequestBody(getNodeXml(nodeName, "non-admin")); + wc.getPage(req); + fail("Users should not be able to configure job ownership without Manger Ownership/Jobs permissions"); + } catch (FailingHttpStatusCodeException e) { + assertThat(getPrimaryOwner(nodeName), is(equalTo("admin"))); + } + + wc.login("admin", "admin"); + req.setRequestBody(getNodeXml(nodeName, "non-admin")); + wc.getPage(req); + assertThat("Users with Manage Ownership/Jobs permissions should be able to change ownership", + getPrimaryOwner(nodeName), is(equalTo("non-admin"))); + } + + @Test + @Issue("SECURITY-498") + public void changeOwnerViaCLI() throws Exception { + String nodeName; + { + Node n = r.createSlave(); + n.getNodeProperties().add(new OwnerNodeProperty(n, new OwnershipDescription(true, "admin", null))); + nodeName = n.getNodeName(); + } + + CLICommandInvoker command = new CLICommandInvoker(r, new UpdateNodeCommand()) + .asUser("non-admin") + .withArgs(nodeName) + .withStdin(getNodeXmlAsStream(nodeName, "admin")); + assertThat("Users without Overall/Administer permissions should not be able to configure nodes via CLI", + command.invoke(), failedWith(1)); + assertThat(getPrimaryOwner(nodeName), is(equalTo("admin"))); + + command.asUser("admin") + .withArgs(nodeName) + .withStdin(getNodeXmlAsStream(nodeName, "non-admin")); + assertThat("Users with Overall/Administer permissions should be able to configure jobs via CLI", + command.invoke(), succeededSilently()); + assertThat(getPrimaryOwner(nodeName), is(equalTo("non-admin"))); + } + + private String getPrimaryOwner(String nodeName) { + return r.jenkins.getNode(nodeName).getNodeProperties().get(OwnerNodeProperty.class).getOwnership().getPrimaryOwnerId(); + } + + private String getNodeXml(String nodeName, String ownerSid) { + return String.format(NODE_XML_TEMPLATE, nodeName, ownerSid); + } + + private InputStream getNodeXmlAsStream(String nodeName, String ownerSid) { + return new ByteArrayInputStream(getNodeXml(nodeName, ownerSid).getBytes(StandardCharsets.UTF_8)); + } + + private static final String NODE_XML_TEMPLATE = + "" + + "" + + " %s" + + " " + + " /tmp/dumbnode" + + " 1" + + " NORMAL" + + " " + + " " + + " "; + +} diff --git a/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/AbstractOwnershipRoleMacroTest.java b/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/AbstractOwnershipRoleMacroTest.java new file mode 100644 index 00000000..c8c75e30 --- /dev/null +++ b/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/security/rolestrategy/AbstractOwnershipRoleMacroTest.java @@ -0,0 +1,213 @@ +/* + * The MIT License + * + * Copyright 2024 + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package com.synopsys.arc.jenkins.plugins.ownership.security.rolestrategy; + +import com.michelin.cio.hudson.plugins.rolestrategy.PermissionEntry; +import com.synopsys.arc.jenkins.plugins.rolestrategy.Macro; +import com.synopsys.arc.jenkins.plugins.rolestrategy.RoleType; +import hudson.model.FreeStyleProject; +import hudson.model.Item; +import hudson.security.Permission; +import org.junit.Rule; +import org.junit.Test; +import org.jvnet.hudson.test.JenkinsRule; + +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.equalTo; + +/** + * Tests for {@link AbstractOwnershipRoleMacro} focusing on null and empty SID validation. + */ +public class AbstractOwnershipRoleMacroTest { + + @Rule + public final JenkinsRule j = new JenkinsRule(); + + /** + * Test that hasPermission returns false when PermissionEntry is null. + */ + @Test + public void testHasPermissionWithNullEntry() throws Exception { + OwnerRoleMacro macro = new OwnerRoleMacro(); + FreeStyleProject project = j.createFreeStyleProject("test"); + Permission permission = Item.READ; + RoleType type = RoleType.Project; + Macro macroParam = null; // Macro is not used in the null check logic + + boolean result = macro.hasPermission((PermissionEntry) null, permission, type, project, macroParam); + + assertThat("Access should be denied when PermissionEntry is null", result, equalTo(false)); + } + + /** + * Test that hasPermission returns false when PermissionEntry.getSid() returns null. + */ + @Test + public void testHasPermissionWithNullSid() throws Exception { + OwnerRoleMacro macro = new OwnerRoleMacro(); + FreeStyleProject project = j.createFreeStyleProject("test"); + Permission permission = Item.READ; + RoleType type = RoleType.Project; + Macro macroParam = null; // Macro is not used in the null check logic + + PermissionEntry entry = createTestPermissionEntry(null); + + boolean result = macro.hasPermission(entry, permission, type, project, macroParam); + + assertThat("Access should be denied when SID is null", result, equalTo(false)); + } + + /** + * Test that hasPermission returns false when PermissionEntry.getSid() returns empty string. + */ + @Test + public void testHasPermissionWithEmptySid() throws Exception { + OwnerRoleMacro macro = new OwnerRoleMacro(); + FreeStyleProject project = j.createFreeStyleProject("test"); + Permission permission = Item.READ; + RoleType type = RoleType.Project; + Macro macroParam = null; // Macro is not used in the empty check logic + + PermissionEntry entry = createTestPermissionEntry(""); + + boolean result = macro.hasPermission(entry, permission, type, project, macroParam); + + assertThat("Access should be denied when SID is empty", result, equalTo(false)); + } + + /** + * Test that hasPermission returns false when PermissionEntry.getSid() returns whitespace-only string. + */ + @Test + public void testHasPermissionWithWhitespaceSid() throws Exception { + OwnerRoleMacro macro = new OwnerRoleMacro(); + FreeStyleProject project = j.createFreeStyleProject("test"); + Permission permission = Item.READ; + RoleType type = RoleType.Project; + Macro macroParam = null; // Macro is not used in the whitespace check logic + + PermissionEntry entry = createTestPermissionEntry(" "); + + boolean result = macro.hasPermission(entry, permission, type, project, macroParam); + + assertThat("Access should be denied when SID contains only whitespace", result, equalTo(false)); + } + + /** + * Test that hasPermission(String sid, ...) returns false when sid is null. + */ + @Test + public void testHasPermissionWithNullStringSid() throws Exception { + OwnerRoleMacro macro = new OwnerRoleMacro(); + FreeStyleProject project = j.createFreeStyleProject("test"); + Permission permission = Item.READ; + RoleType type = RoleType.Project; + Macro macroParam = null; // Macro is not used in the null check logic + + boolean result = macro.hasPermission((String) null, permission, type, project, macroParam); + + assertThat("Access should be denied when SID string is null", result, equalTo(false)); + } + + /** + * Test that hasPermission(String sid, ...) returns false when sid is empty string. + */ + @Test + public void testHasPermissionWithEmptyStringSid() throws Exception { + OwnerRoleMacro macro = new OwnerRoleMacro(); + FreeStyleProject project = j.createFreeStyleProject("test"); + Permission permission = Item.READ; + RoleType type = RoleType.Project; + Macro macroParam = null; // Macro is not used in the empty check logic + + boolean result = macro.hasPermission("", permission, type, project, macroParam); + + assertThat("Access should be denied when SID string is empty", result, equalTo(false)); + } + + /** + * Test that hasPermission(String sid, ...) returns false when sid is whitespace-only string. + */ + @Test + public void testHasPermissionWithWhitespaceStringSid() throws Exception { + OwnerRoleMacro macro = new OwnerRoleMacro(); + FreeStyleProject project = j.createFreeStyleProject("test"); + Permission permission = Item.READ; + RoleType type = RoleType.Project; + Macro macroParam = null; // Macro is not used in the whitespace check logic + + boolean result = macro.hasPermission(" ", permission, type, project, macroParam); + + assertThat("Access should be denied when SID string contains only whitespace", result, equalTo(false)); + } + + /** + * Test that hasPermission works correctly with valid SID (even if user doesn't exist). + * This test verifies that null/empty checks don't interfere with normal operation. + */ + @Test + public void testHasPermissionWithValidSid() throws Exception { + OwnerRoleMacro macro = new OwnerRoleMacro(); + FreeStyleProject project = j.createFreeStyleProject("test"); + Permission permission = Item.READ; + RoleType type = RoleType.Project; + Macro macroParam = null; // Macro is not used in the validation logic + + PermissionEntry entry = createTestPermissionEntry("validUser"); + + // Should not throw exception and should process normally + // (may return false if user doesn't exist, but that's expected behavior) + boolean result = macro.hasPermission(entry, permission, type, project, macroParam); + + // Just verify it doesn't crash and returns a boolean + // The actual permission check depends on ownership setup, which is tested elsewhere + assertThat("Method should return a boolean value", result, equalTo(result)); + } + + /** + * Creates a test PermissionEntry using reflection to handle the required constructor parameters. + * Uses the same approach as OwnershipBasedSecurityTestHelper for consistency. + */ + private static PermissionEntry createTestPermissionEntry(String sid) { + try { + // PermissionEntry requires (AuthorizationType, String) constructor + // We'll use reflection to create it with default AuthorizationType + Class authTypeClass = Class.forName("com.michelin.cio.hudson.plugins.rolestrategy.AuthorizationType"); + Object authType = authTypeClass.getEnumConstants()[0]; // Use first enum value as default + + // Use getDeclaredConstructor and setAccessible, similar to OwnershipBasedSecurityTestHelper + java.lang.reflect.Constructor constructor = + PermissionEntry.class.getDeclaredConstructor(authTypeClass, String.class); + try { + constructor.setAccessible(true); + return constructor.newInstance(authType, sid); + } finally { + constructor.setAccessible(false); + } + } catch (Exception e) { + throw new AssertionError("Failed to create test PermissionEntry", e); + } + } +} + diff --git a/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/util/mail/MailFormatterTest.java b/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/util/mail/MailFormatterTest.java index f4159aa1..d86c4f30 100644 --- a/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/util/mail/MailFormatterTest.java +++ b/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/util/mail/MailFormatterTest.java @@ -34,7 +34,7 @@ /** * Tests for {@link MailFormatter}. - * @author Oleg Nenashev + * @author Oleg Nenashev */ public class MailFormatterTest { diff --git a/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/wrappers/OwnershipBuildWrapperTest.java b/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/wrappers/OwnershipBuildWrapperTest.java index bc620b41..6eadf7db 100644 --- a/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/wrappers/OwnershipBuildWrapperTest.java +++ b/src/test/java/com/synopsys/arc/jenkins/plugins/ownership/wrappers/OwnershipBuildWrapperTest.java @@ -24,6 +24,7 @@ package com.synopsys.arc.jenkins.plugins.ownership.wrappers; +import com.cloudbees.hudson.plugins.folder.Folder; import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin; import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPluginConfiguration; @@ -33,29 +34,33 @@ import hudson.EnvVars; import hudson.FilePath; import hudson.Launcher; -import hudson.model.AbstractBuild; -import hudson.model.BuildListener; import hudson.model.FreeStyleBuild; import hudson.model.FreeStyleProject; +import hudson.model.Run; import hudson.model.Slave; import hudson.model.TaskListener; import hudson.model.User; import hudson.scm.NullSCM; +import hudson.scm.SCMRevisionState; import hudson.tasks.Shell; import java.io.File; import java.io.IOException; +import java.util.Collections; import java.util.concurrent.Future; -import static junit.framework.Assert.*; +import org.jenkinsci.plugins.ownership.model.folders.FolderOwnershipHelper; +import org.jenkinsci.plugins.ownership.test.util.OwnershipPluginConfigurer; import org.jenkinsci.plugins.ownership.util.environment.EnvSetupOptions; import org.jenkinsci.plugins.ownership.util.mail.MailOptions; +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertTrue; import org.junit.Rule; import org.junit.Test; -import org.jvnet.hudson.test.Bug; +import org.jvnet.hudson.test.Issue; import org.jvnet.hudson.test.JenkinsRule; /** * Tests for {@link OwnershipBuildWrapper}. - * @author Oleg Nenashev + * @author Oleg Nenashev */ public class OwnershipBuildWrapperTest { @@ -78,16 +83,17 @@ public void initJenkinsInstance() throws Exception { projectOwner.setFullName("Test Project Owner"); // Configure ownership plugin - r.jenkins.getPlugin(OwnershipPlugin.class).configure( - true, null, null, new OwnershipPluginConfiguration(new AssignCreatorPolicy())); + OwnershipPluginConfigurer.forJenkinsRule(r) + .withItemOwnershipPolicy(new AssignCreatorPolicy()) + .configure(); // Create node with ownership node = r.createOnlineSlave(); - NodeOwnerHelper.setOwnership(node, new OwnershipDescription(true, NODE_OWNER_ID)); + NodeOwnerHelper.setOwnership(node, new OwnershipDescription(true, NODE_OWNER_ID, Collections.emptyList())); // Create project project = r.createFreeStyleProject(); - JobOwnerHelper.setOwnership(project, new OwnershipDescription(true, PROJECT_OWNER_ID)); + JobOwnerHelper.setOwnership(project, new OwnershipDescription(true, PROJECT_OWNER_ID, Collections.emptyList())); project.getBuildersList().add(new Shell("env")); } @@ -98,7 +104,7 @@ public void initJenkinsInstance() throws Exception { testVarsPresense(false); } - @Bug(23926) + @Issue("JENKINS-23926") public @Test void testVarsPresenseOnSCMFailure() throws Exception { initJenkinsInstance(); final OwnershipBuildWrapper wrapper = new OwnershipBuildWrapper(true, true); @@ -107,17 +113,52 @@ public void initJenkinsInstance() throws Exception { testVarsPresense(true); } - @Bug(23947) + @Issue("JENKINS-23947") public @Test void testVarsPresenseOnGlobalOptions() throws Exception { initJenkinsInstance(); - final OwnershipPluginConfiguration pluginConf = new OwnershipPluginConfiguration( - new AssignCreatorPolicy(),MailOptions.DEFAULT, - new EnvSetupOptions(true, true)); - r.jenkins.getPlugin(OwnershipPlugin.class).configure(true, null, null, pluginConf); + OwnershipPluginConfigurer.forJenkinsRule(r) + .withItemOwnershipPolicy(new AssignCreatorPolicy()) + .withMailOptions(MailOptions.DEFAULT) + .withGlobalEnvSetupOptions(new EnvSetupOptions(true, true)) + .configure(); testVarsPresense(true); } - private void testVarsPresense(boolean failSCM) throws Exception { + @Issue("JENKINS-27715") + public @Test void testCoOwnersVarsInjection() throws Exception { + initJenkinsInstance(); + OwnershipPluginConfigurer.forJenkinsRule(r) + .withItemOwnershipPolicy(new AssignCreatorPolicy()) + .withMailOptions(MailOptions.DEFAULT) + .withGlobalEnvSetupOptions(new EnvSetupOptions(true, true)) + .configure(); + + FreeStyleBuild build = testVarsPresense(false); + r.assertLogContains("NODE_COOWNERS="+NODE_OWNER_ID, build); + r.assertLogContains("JOB_COOWNERS="+PROJECT_OWNER_ID, build); + } + + @Test + @Issue("JENKINS-28881") + public void shouldInjectInheritedOwnershipInfo() throws Exception { + initJenkinsInstance(); + OwnershipPluginConfigurer.forJenkinsRule(r) + .withGlobalEnvSetupOptions(new EnvSetupOptions(true, true)) + .configure(); + + // Init folder with a nested job + Folder folder = r.jenkins.createProject(Folder.class, "folder"); + FolderOwnershipHelper.setOwnership(folder, new OwnershipDescription(true, PROJECT_OWNER_ID, Collections.emptyList())); + FreeStyleProject prj = folder.createProject(FreeStyleProject.class, "projectInsideFolder"); + prj.getBuildersList().add(new Shell("env")); + + // Run test. We expect Ownership info to be inherited for the project + FreeStyleBuild build = testVarsPresense(false); + r.assertLogContains("NODE_COOWNERS="+NODE_OWNER_ID, build); + r.assertLogContains("JOB_COOWNERS="+PROJECT_OWNER_ID, build); + } + + private FreeStyleBuild testVarsPresense(boolean failSCM) throws Exception { project.setAssignedNode(node); if (failSCM) { project.setScm(new AlwaysFailNullSCM()); @@ -135,14 +176,15 @@ private void testVarsPresense(boolean failSCM) throws Exception { r.assertLogContains("JOB_OWNER="+PROJECT_OWNER_ID, build); } assertTrue(env.containsKey("NODE_OWNER")); - assertTrue(env.containsKey("JOB_OWNER")); + assertTrue(env.containsKey("JOB_OWNER")); + return build; } private static class AlwaysFailNullSCM extends NullSCM { @Override - public boolean checkout(AbstractBuild build, Launcher launcher, FilePath remoteDir, BuildListener listener, File changeLogFile) throws IOException, InterruptedException { + public void checkout(Run build, Launcher launcher, FilePath workspace, TaskListener listener, File changelogFile, SCMRevisionState baseline) throws IOException, InterruptedException { throw new IOException("Checkout failed (as designed)"); - } + } } } diff --git a/src/test/java/org/jenkinsci/plugins/ownership/folders/FolderOwnershipPropertyTest.java b/src/test/java/org/jenkinsci/plugins/ownership/folders/FolderOwnershipPropertyTest.java new file mode 100644 index 00000000..9c049c57 --- /dev/null +++ b/src/test/java/org/jenkinsci/plugins/ownership/folders/FolderOwnershipPropertyTest.java @@ -0,0 +1,196 @@ +/* + * The MIT License + * + * Copyright 2018 CloudBees, Inc., Oleg Nenashev + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ + +package org.jenkinsci.plugins.ownership.folders; + +import com.cloudbees.hudson.plugins.folder.Folder; +import org.htmlunit.FailingHttpStatusCodeException; +import org.htmlunit.HttpMethod; +import org.htmlunit.WebRequest; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import com.synopsys.arc.jenkins.plugins.ownership.util.AbstractOwnershipHelper; +import hudson.cli.CLICommandInvoker; +import hudson.cli.UpdateJobCommand; +import hudson.model.Item; +import jenkins.model.Jenkins; +import org.jenkinsci.plugins.ownership.model.OwnershipHelperLocator; +import org.jenkinsci.plugins.ownership.model.folders.FolderOwnershipHelper; +import org.jenkinsci.plugins.ownership.model.folders.FolderOwnershipProperty; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.jvnet.hudson.test.For; +import org.jvnet.hudson.test.Issue; +import org.jvnet.hudson.test.JenkinsRule; +import org.jvnet.hudson.test.JenkinsRule.WebClient; +import org.jvnet.hudson.test.MockAuthorizationStrategy; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.nio.charset.StandardCharsets; + +import static hudson.cli.CLICommandInvoker.Matcher.succeededSilently; +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.is; +import static org.hamcrest.Matchers.notNullValue; +import static org.junit.Assert.assertThat; + +// TODO: DRY, merge with JobOwnerJobHelper once helper#setOwnership() is a non-static method +@For(FolderOwnershipProperty.class) +public class FolderOwnershipPropertyTest { + + @Rule + public JenkinsRule r = new JenkinsRule(); + + private Folder p; + private AbstractOwnershipHelper ownershipHelper; + + @Before + public void setupSecurity() { + r.jenkins.setSecurityRealm(r.createDummySecurityRealm()); + MockAuthorizationStrategy mas = new MockAuthorizationStrategy(); + mas.grant(Jenkins.ADMINISTER) // Implies MANAGE_ITEMS_OWNERSHIP. + .everywhere() + .to("admin"); + mas.grant(Item.CONFIGURE, Item.READ, Jenkins.READ) + .everywhere() + .to("non-admin"); + r.jenkins.setAuthorizationStrategy(mas); + } + + @Before + public void initFolder() throws Exception { + // Initialize plugin before using it + org.jenkinsci.plugins.ownership.test.util.OwnershipPluginConfigurer.forJenkinsRule(r).configure(); + + // Unique project name + p = r.createProject(Folder.class, "test" + r.jenkins.getItems().size()); + ownershipHelper = OwnershipHelperLocator.locate(p); + if (ownershipHelper == null) { + throw new AssertionError("Cannot locate ownership helper for " + p + " of type " + p.getClass()); + } + } + + @Test + @Issue("JENKINS-49744") + public void changeOwnerViaPost() throws Exception { + FolderOwnershipHelper.setOwnership(p, + new OwnershipDescription(true, "admin", null)); + + WebClient wc = r.createWebClient(); + wc.login("non-admin", "non-admin"); + WebRequest req = new WebRequest(wc.createCrumbedUrl(String.format("%sconfig.xml", p.getUrl())), HttpMethod.POST); + req.setAdditionalHeader("Content-Type", "application/xml"); + req.setRequestBody(getItemXml("admin")); + wc.getPage(req); + // Get folder fresh from Jenkins to ensure we have the latest state + p = r.jenkins.getItemByFullName(p.getFullName(), Folder.class); + // Use direct property access like JobOwnerJobPropertyTest does + FolderOwnershipProperty prop1 = FolderOwnershipHelper.getOwnerProperty(p); + assertThat("Property should exist", prop1, notNullValue()); + assertThat("Ownership should be enabled", prop1.getOwnership().isOwnershipEnabled(), is(true)); + assertThat("Users should be able to configure Folder when ownership is unchanged", + prop1.getOwnership().getPrimaryOwnerId(), is(equalTo("admin"))); + + try { + wc.login("non-admin", "non-admin"); + req.setRequestBody(getItemXml("non-admin")); + wc.getPage(req); + } catch (FailingHttpStatusCodeException e) { + // fine + } + // Get folder fresh from Jenkins to ensure we have the latest state + p = r.jenkins.getItemByFullName(p.getFullName(), Folder.class); + // Use direct property access like JobOwnerJobPropertyTest does + FolderOwnershipProperty prop2 = FolderOwnershipHelper.getOwnerProperty(p); + assertThat("Property should exist", prop2, notNullValue()); + assertThat("Ownership should be enabled", prop2.getOwnership().isOwnershipEnabled(), is(true)); + assertThat(prop2.getOwnership().getPrimaryOwnerId(), is(equalTo("admin"))); + + wc.login("admin", "admin"); + req.setRequestBody(getItemXml("non-admin")); + wc.getPage(req); + // Get folder fresh from Jenkins to ensure we have the latest state + p = r.jenkins.getItemByFullName(p.getFullName(), Folder.class); + // Use direct property access like JobOwnerJobPropertyTest does + FolderOwnershipProperty prop3 = FolderOwnershipHelper.getOwnerProperty(p); + assertThat("Property should exist", prop3, notNullValue()); + assertThat("Ownership should be enabled", prop3.getOwnership().isOwnershipEnabled(), is(true)); + assertThat("Users with Manage Ownership/Jobs permissions should be able to change ownership", + prop3.getOwnership().getPrimaryOwnerId(), is(equalTo("non-admin"))); + } + + @Test + @Issue("JENKINS-49744") + public void changeOwnerViaCLI() throws Exception { + FolderOwnershipHelper.setOwnership(p, + new OwnershipDescription(true, "admin", null)); + + CLICommandInvoker command = new CLICommandInvoker(r, new UpdateJobCommand()) + .asUser("non-admin") + .withArgs(p.getFullName()) + .withStdin(getItemXmlAsStream("admin")); + assertThat(ownershipHelper.getOwner(p), is(equalTo("admin"))); + + command.asUser("admin") + .withArgs(p.getFullName()) + .withStdin(getItemXmlAsStream("non-admin")); + assertThat("Users with Overall/Administer permissions should be able to configure jobs via CLI", + command.invoke(), succeededSilently()); + assertThat(ownershipHelper.getOwner(p), is(equalTo("non-admin"))); + } + + private String getItemXml(String ownerSid) { + return String.format(FOLDER_XML_TEMPLATE, ownerSid); + } + + private InputStream getItemXmlAsStream(String ownerSid) { + return new ByteArrayInputStream(getItemXml(ownerSid).getBytes(StandardCharsets.UTF_8)); + } + + private static final String FOLDER_XML_TEMPLATE = + "" + + "" + + " " + + " " + + " " + + " true" + + " %s" + + " " + + " " + + " " + + " " + + " \n" + + " \n" + + " \n" + + " All\n" + + " false\n" + + " false\n" + + " \n" + + " \n" + + " \n" + + " " + + ""; + +} diff --git a/src/test/java/org/jenkinsci/plugins/ownership/integrations/securityinspector/PermissionReportAssert.java b/src/test/java/org/jenkinsci/plugins/ownership/integrations/securityinspector/PermissionReportAssert.java new file mode 100644 index 00000000..7ea1629e --- /dev/null +++ b/src/test/java/org/jenkinsci/plugins/ownership/integrations/securityinspector/PermissionReportAssert.java @@ -0,0 +1,89 @@ +/* + * The MIT License + * + * Copyright 2017 Ksenia Nenasheva . + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.integrations.securityinspector; + +import hudson.security.Permission; +import java.util.Set; +import javax.annotation.Nonnull; +import static org.hamcrest.MatcherAssert.assertThat; +import org.hamcrest.Matchers; +import org.jenkinsci.plugins.securityinspector.model.PermissionReport; +import org.junit.Assert; + +/** + * Basic asserts for {@link PermissionReport} + * + * @author Ksenia Nenasheva + */ +public class PermissionReportAssert { + + public static void assertHasPermissions( + @Nonnull PermissionReport report, @Nonnull TRow row, + @Nonnull Permission ... permissions) { + for (Permission permission : permissions) { + assertPermissionValue(report, row, permission, true); + } + } + + public static void assertHasNotPermissions( + @Nonnull PermissionReport report, @Nonnull TRow row, + @Nonnull Permission ... permissions) { + for (Permission permission : permissions) { + assertPermissionValue(report, row, permission, false); + } + } + + public static void assertPermissionValue( + @Nonnull PermissionReport report, @Nonnull TRow row, + @Nonnull Permission permission, @Nonnull TEntryReport expectedValue) { + + final TEntryReport entryReport = report.getEntry(row, permission); + assertThat("Wrong value for " + report.getRowTitle(row) + "=" + row + " and permission=" + permission.getId(), + entryReport, Matchers.equalTo(expectedValue)); + + } + + public static void assertHasRow( + @Nonnull PermissionReport report, @Nonnull TRow row) { + + final Set rows = report.getRows(); + for (TRow r : rows) { + if (r.equals(row)) { + return; + } + } + Assert.fail("Row " + row + "hasn't been added in this report"); + } + + public static void assertHasNotRow( + @Nonnull PermissionReport report, @Nonnull TRow row) { + + final Set rows = report.getRows(); + for (TRow r : rows) { + if (r.equals(row)) { + Assert.fail("Row " + row + "has been added in this report"); + } + } + } +} diff --git a/src/test/java/org/jenkinsci/plugins/ownership/integrations/securityinspector/PermissionsForOwnerReportBuilderTest.java b/src/test/java/org/jenkinsci/plugins/ownership/integrations/securityinspector/PermissionsForOwnerReportBuilderTest.java new file mode 100644 index 00000000..cfa6df32 --- /dev/null +++ b/src/test/java/org/jenkinsci/plugins/ownership/integrations/securityinspector/PermissionsForOwnerReportBuilderTest.java @@ -0,0 +1,312 @@ +/* + * The MIT License + * + * Copyright 2017 Ksenia Nenasheva . + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.integrations.securityinspector; + +import com.cloudbees.hudson.plugins.folder.Folder; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerHelper; +import hudson.model.Computer; +import hudson.model.FreeStyleProject; +import hudson.model.Item; +import hudson.model.JobProperty; +import hudson.model.TopLevelItem; +import hudson.model.User; +import hudson.security.AuthorizationMatrixProperty; +import hudson.security.Permission; +import hudson.security.ProjectMatrixAuthorizationStrategy; +import java.util.Arrays; +import java.util.Collections; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; +import jenkins.model.Jenkins; +import static org.hamcrest.MatcherAssert.assertThat; +import org.jenkinsci.plugins.ownership.model.folders.FolderOwnershipHelper; +import static org.junit.Assert.assertNotNull; +import org.junit.Rule; +import org.junit.Test; +import org.jvnet.hudson.test.JenkinsRule; + +/** + * + * @author Ksenia Nenasheva + */ +public class PermissionsForOwnerReportBuilderTest extends PermissionsForOwnerReportBuilder { + + @Rule + public final JenkinsRule j = new JenkinsRule(); + + protected void initializeDefaultMatrixAuthSecurity() throws Exception { + // Initialize plugin before using it + org.jenkinsci.plugins.ownership.test.util.OwnershipPluginConfigurer.forJenkinsRule(j).configure(); + + j.jenkins.setSecurityRealm(j.createDummySecurityRealm()); + + // Create users + User.get("admin"); + User.get("user1"); + User.get("user2"); + User user = User.get("user3"); + j.jenkins.save(); + user.save(); + + // Create items (jobs & folder) + FreeStyleProject project1 = j.createFreeStyleProject("project1"); + FreeStyleProject project2 = j.createFreeStyleProject("project2"); + final Folder f = j.createProject(Folder.class, "folder"); + FreeStyleProject projectInFolder = f.createProject(FreeStyleProject.class, "projectInFolder"); + + // Initialize global security + final ProjectMatrixAuthorizationStrategy strategy = new ProjectMatrixAuthorizationStrategy(); + strategy.add(Jenkins.ADMINISTER, "admin"); + strategy.add(Jenkins.READ, "user1"); + strategy.add(Jenkins.READ, "user2"); + strategy.add(Jenkins.READ, "user3"); + strategy.add(Item.READ, "user1"); + strategy.add(Item.READ, "user2"); + strategy.add(Item.READ, "user3"); + strategy.add(Computer.BUILD, "user1"); + strategy.add(Computer.CONFIGURE, "user1"); + strategy.add(Computer.CONNECT, "user2"); + strategy.add(Computer.CREATE, "user2"); + j.jenkins.setAuthorizationStrategy(strategy); + + JobOwnerHelper.Instance.setOwnership(project1, new OwnershipDescription(true, "user1", Arrays.asList("admin"))); + JobOwnerHelper.Instance.setOwnership(project2, new OwnershipDescription(true, "user1", Arrays.asList("user2", "admin"))); + JobOwnerHelper.Instance.setOwnership(projectInFolder, new OwnershipDescription(true, "user2", Arrays.asList("admin"))); + FolderOwnershipHelper.getInstance().setOwnership(f, new OwnershipDescription(true, "user2", Arrays.asList("admin", "user1"))); + + j.jenkins.save(); + + // Setup local security for project 1 + { + final Set user1 = Collections.singleton("user1"); + final Map> permissions = new HashMap<>(); + permissions.put(Item.BUILD, user1); + permissions.put(Item.CONFIGURE, user1); + final JobProperty prop = new AuthorizationMatrixProperty(permissions); + project1.addProperty(prop); + } + + // Setup local security for project 2 + { + final Set user2 = Collections.singleton("user2"); + final Map> permissions = new HashMap<>(); + permissions.put(Item.BUILD, user2); + permissions.put(Item.DELETE, user2); + final JobProperty prop = new AuthorizationMatrixProperty(permissions); + project2.addProperty(prop); + } + + // Setup local security for projectInFolder + { + final Set user3 = Collections.singleton("user3"); + final Map> permissions = new HashMap<>(); + permissions.put(Item.BUILD, user3); + permissions.put(Item.CANCEL, user3); + permissions.put(Item.CONFIGURE, user3); + permissions.put(Item.CREATE, user3); + permissions.put(Item.DELETE, user3); + final JobProperty prop = new AuthorizationMatrixProperty(permissions); + projectInFolder.addProperty(prop); + } + } + + @Test + public void shouldReportAdminProperly() throws Exception { + + initializeDefaultMatrixAuthSecurity(); + User usr = j.jenkins.getUser("admin"); + final PermissionsForOwnerReportBuilder.ReportImpl report = + new PermissionsForOwnerReportBuilder.ReportImpl(usr); + assertNotNull(report); + + final OwnerFilter filter = new OwnerFilter(); + final Set items4Report =new HashSet<>(filter.doFilter(usr)); + assertNotNull(items4Report); + report.generateReport(items4Report); + + // Items: + TopLevelItem project1 = j.jenkins.getItem("project1"); + TopLevelItem project2 = j.jenkins.getItem("project2"); + TopLevelItem folder = j.jenkins.getItem("folder"); + TopLevelItem projectInFolder = (TopLevelItem) j.jenkins.getItemByFullName("folder/projectInFolder", TopLevelItem.class); + + PermissionReportAssert.assertHasRow(report, project1); + PermissionReportAssert.assertHasRow(report, project2); + PermissionReportAssert.assertHasRow(report, folder); + PermissionReportAssert.assertHasRow(report, projectInFolder); + + PermissionReportAssert.assertHasPermissions(report, project1, + Item.BUILD, Item.CANCEL, Item.CONFIGURE, Item.CREATE, Item.DELETE, + Item.DISCOVER, Item.READ, Item.WORKSPACE); + + PermissionReportAssert.assertHasPermissions(report, project2, + Item.BUILD, Item.CANCEL, Item.CONFIGURE, Item.CREATE, Item.DELETE, + Item.DISCOVER, Item.READ, Item.WORKSPACE); + + PermissionReportAssert.assertHasPermissions(report, folder, + Item.BUILD, Item.CANCEL, Item.CONFIGURE, Item.CREATE, Item.DELETE, + Item.DISCOVER, Item.READ, Item.WORKSPACE); + + PermissionReportAssert.assertHasPermissions(report, projectInFolder, + Item.BUILD, Item.CANCEL, Item.CONFIGURE, Item.CREATE, Item.DELETE, + Item.DISCOVER, Item.READ, Item.WORKSPACE); + } + + @Test + public void shouldReportUser1Properly() throws Exception { + + initializeDefaultMatrixAuthSecurity(); + + User usr = User.get("user1"); + final PermissionsForOwnerReportBuilder.ReportImpl report = + new PermissionsForOwnerReportBuilder.ReportImpl(usr); + assertNotNull(report); + + final OwnerFilter filter = new OwnerFilter(); + final Set items4Report =new HashSet<>(filter.doFilter(usr)); + assertNotNull(items4Report); + report.generateReport(items4Report); + + // Items: + TopLevelItem project1 = j.jenkins.getItem("project1"); + TopLevelItem project2 = j.jenkins.getItem("project2"); + TopLevelItem folder = j.jenkins.getItem("folder"); + TopLevelItem projectInFolder = (TopLevelItem) j.jenkins.getItemByFullName("folder/projectInFolder", TopLevelItem.class); + + PermissionReportAssert.assertHasRow(report, project1); + PermissionReportAssert.assertHasRow(report, project2); + PermissionReportAssert.assertHasRow(report, j.jenkins.getItem("folder")); + PermissionReportAssert.assertHasNotRow(report, projectInFolder); + + PermissionReportAssert.assertHasPermissions(report, project1, + Item.READ, Item.CONFIGURE, Item.BUILD, Item.DISCOVER); + PermissionReportAssert.assertHasNotPermissions(report, project1, + Item.CREATE, Item.DELETE, Item.CANCEL, Item.WORKSPACE); + + PermissionReportAssert.assertHasPermissions(report, project2, + Item.READ, Item.DISCOVER); + PermissionReportAssert.assertHasNotPermissions(report, project2, + Item.CONFIGURE, Item.CREATE, Item.DELETE, Item.BUILD, Item.CANCEL, Item.WORKSPACE); + + PermissionReportAssert.assertHasPermissions(report, folder, + Item.READ, Item.DISCOVER); + PermissionReportAssert.assertHasNotPermissions(report, folder, + Item.CONFIGURE, Item.CREATE, Item.DELETE, Item.BUILD, Item.CANCEL, Item.WORKSPACE); + } + + @Test + public void shouldReportUser2Properly() throws Exception { + + initializeDefaultMatrixAuthSecurity(); + User usr = User.get("user2"); + final PermissionsForOwnerReportBuilder.ReportImpl report = + new PermissionsForOwnerReportBuilder.ReportImpl(usr); + assertNotNull(report); + + final OwnerFilter filter = new OwnerFilter(); + final Set items4Report =new HashSet<>(filter.doFilter(usr)); + assertNotNull(items4Report); + report.generateReport(items4Report); + + // Items: + TopLevelItem project1 = j.jenkins.getItem("project1"); + TopLevelItem project2 = j.jenkins.getItem("project2"); + TopLevelItem folder = j.jenkins.getItem("folder"); + TopLevelItem projectInFolder = (TopLevelItem) j.jenkins.getItemByFullName("folder/projectInFolder", TopLevelItem.class); + + PermissionReportAssert.assertHasNotRow(report, project1); + PermissionReportAssert.assertHasRow(report, project2); + PermissionReportAssert.assertHasRow(report, folder); + PermissionReportAssert.assertHasRow(report, projectInFolder); + + PermissionReportAssert.assertHasPermissions(report, project2, + Item.READ, Item.DELETE, Item.BUILD, Item.DISCOVER); + PermissionReportAssert.assertHasNotPermissions(report, project2, + Item.CREATE, Item.CONFIGURE, Item.CANCEL, Item.WORKSPACE); + + PermissionReportAssert.assertHasPermissions(report, folder, + Item.READ, Item.DISCOVER); + PermissionReportAssert.assertHasNotPermissions(report, folder, + Item.CONFIGURE, Item.CREATE, Item.DELETE, Item.BUILD, Item.CANCEL, Item.WORKSPACE); + + PermissionReportAssert.assertHasPermissions(report, projectInFolder, + Item.READ, Item.DISCOVER); + PermissionReportAssert.assertHasNotPermissions(report, projectInFolder, + Item.CONFIGURE, Item.CREATE, Item.DELETE, Item.BUILD, Item.CANCEL, Item.WORKSPACE); + } + + @Test + public void shouldReportUser3Properly() throws Exception { + + initializeDefaultMatrixAuthSecurity(); + User usr = User.get("user3"); + final PermissionsForOwnerReportBuilder.ReportImpl report = + new PermissionsForOwnerReportBuilder.ReportImpl(usr); + assertNotNull(report); + + final OwnerFilter filter = new OwnerFilter(); + final Set items4Report =new HashSet<>(filter.doFilter(usr)); + assertNotNull(items4Report); + report.generateReport(items4Report); + + // Items: + TopLevelItem project1 = j.jenkins.getItem("project1"); + TopLevelItem project2 = j.jenkins.getItem("project2"); + TopLevelItem folder = j.jenkins.getItem("folder"); + TopLevelItem projectInFolder = (TopLevelItem) j.jenkins.getItemByFullName("folder/projectInFolder", TopLevelItem.class); + + PermissionReportAssert.assertHasNotRow(report, project1); + PermissionReportAssert.assertHasNotRow(report, project2); + PermissionReportAssert.assertHasNotRow(report, folder); + PermissionReportAssert.assertHasNotRow(report, projectInFolder); + } + + @Test + public void shouldDownloadReport4User1() throws Exception { + + initializeDefaultMatrixAuthSecurity(); + + User usr = User.get("user1"); + final PermissionsForOwnerReportBuilder.ReportImpl report = + new PermissionsForOwnerReportBuilder.ReportImpl(usr); + assertNotNull(report); + + final OwnerFilter filter = new OwnerFilter(); + final Set items4Report =new HashSet<>(filter.doFilter(usr)); + assertNotNull(items4Report); + report.generateReport(items4Report); + + assertThat("Report target name must be equal to 'user1'", report.getReportTargetName().equals("user1")); + + String reportInCSV = report.getReportInCSV(); + assertNotNull(reportInCSV); + + for (TopLevelItem item : items4Report) { + assertThat("CSV Report must had row " + item, reportInCSV.contains(item.getFullDisplayName())); + } + } +} diff --git a/src/test/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipHelperTest.java b/src/test/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipHelperTest.java new file mode 100644 index 00000000..6a0a6b08 --- /dev/null +++ b/src/test/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipHelperTest.java @@ -0,0 +1,50 @@ +/* + * The MIT License + * + * Copyright (c) 2016 Oleg Nenashev. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.model.folders; + +import com.cloudbees.hudson.plugins.folder.Folder; +import org.jenkinsci.plugins.ownership.model.OwnershipHelperLocator; +import org.junit.Rule; +import org.junit.Test; +import org.jvnet.hudson.test.JenkinsRule; + +import static org.junit.Assert.assertEquals; + +/** + * Tests of {@link FolderOwnershipHelper}. + * @author Oleg Nenashev + */ +public class FolderOwnershipHelperTest { + + @Rule + public JenkinsRule j = new JenkinsRule(); + + @Test + public void locatorShouldReturnRightHelperForFolder() throws Exception { + Folder folder = j.jenkins.createProject(Folder.class, "myFolder"); + + assertEquals("OwnershipHelperLocator should return the FolderOwnershipHelper instance", + OwnershipHelperLocator.locate(folder), FolderOwnershipHelper.getInstance()); + } +} diff --git a/src/test/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipTest.java b/src/test/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipTest.java new file mode 100644 index 00000000..48c1adae --- /dev/null +++ b/src/test/java/org/jenkinsci/plugins/ownership/model/folders/FolderOwnershipTest.java @@ -0,0 +1,317 @@ +/* + * The MIT License + * + * Copyright (c) 2015 Oleg Nenashev. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.model.folders; + +import com.cloudbees.hudson.plugins.folder.AbstractFolder; +import com.cloudbees.hudson.plugins.folder.Folder; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import com.synopsys.arc.jenkins.plugins.ownership.extensions.item_ownership_policy.AssignCreatorPolicy; +import com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerHelper; +import hudson.model.FreeStyleProject; +import hudson.model.User; +import hudson.remoting.Callable; +import hudson.security.ACL; +import org.apache.commons.io.IOUtils; +import org.jenkinsci.plugins.ownership.config.InheritanceOptions; +import org.jenkinsci.plugins.ownership.config.PreserveOwnershipPolicy; +import org.jenkinsci.plugins.ownership.model.OwnershipInfo; +import org.jenkinsci.plugins.ownership.test.util.OwnershipPluginConfigurer; +import org.jenkinsci.remoting.RoleChecker; +import org.junit.Rule; +import org.junit.Test; +import org.jvnet.hudson.test.Issue; +import org.jvnet.hudson.test.JenkinsRule; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; +import java.util.Arrays; + +import static org.hamcrest.Matchers.*; +import static org.junit.Assert.assertThat; + +/** + * Stores tests of {@link AbstractFolder} ownership. + * @author Oleg Nenashev + */ +public class FolderOwnershipTest { + + @Rule + public JenkinsRule j = new JenkinsRule(); + + public FolderOwnershipHelper ownershipHelper = FolderOwnershipHelper.getInstance(); + + @Test + public void ownershipInfoShouldBeEmptyByDefault() throws Exception { + Folder folder = j.jenkins.createProject(Folder.class, "myFolder"); + assertThat("Property should be injected by default", + FolderOwnershipHelper.getOwnerProperty(folder), notNullValue()); + assertThat("Property should be disabled by default", + FolderOwnershipHelper.getOwnerProperty(folder).getOwnership().isOwnershipEnabled(), equalTo(false)); + + assertThat("Folder ownership helper should return the \"disabled\" description", + ownershipHelper.getOwnershipDescription(folder), + equalTo(OwnershipDescription.DISABLED_DESCR)); + } + + @Test + public void ownershipInfoShouldSurviveRoundtrip() throws Exception { + Folder folder = j.jenkins.createProject(Folder.class, "myFolder"); + + // Set ownership via API + OwnershipDescription original = new OwnershipDescription(true, "ownerId", + Arrays.asList("coowner1, coowner2")); + FolderOwnershipHelper.setOwnership(folder, original); + + assertThat("Folder ownership helper should return the configured value", + ownershipHelper.getOwnershipDescription(folder), + equalTo(original)); + + // Reload folder from disk and check the state + folder.doReload(); + assertThat("Folder ownership helper should return the configured value after the reload", + ownershipHelper.getOwnershipDescription(j.jenkins.getItemByFullName("myFolder", Folder.class)), + equalTo(original)); + } + + @Test + @Issue("JENKINS-32359") + public void ownershipFromLoadedFolderShouldSurviveRoundtrip() throws Exception { + Folder folder = j.jenkins.createProject(Folder.class, "myFolder"); + + // Drop the Ownership property injected by ItemListener. + // We emulate the folder loaded from the instance with folders. + // After that we save and reload the config in order to drop PersistedListOwner according to JENKINS-32359 + folder.getProperties().remove(FolderOwnershipProperty.class); + folder.save(); + folder.doReload(); + + // Set ownership via API + // It should invoke save via the persisted list if JENKINS-32359 does not block it + OwnershipDescription original = new OwnershipDescription(true, "ownerId", + Arrays.asList("coowner1, coowner2")); + FolderOwnershipHelper.setOwnership(folder, original); + assertThat("Folder ownership helper should return the configured value", + ownershipHelper.getOwnershipDescription(folder), + equalTo(original)); + + // Reload folder from disk and check the state + folder.doReload(); + assertThat("Folder ownership helper should return the configured value after the reload", + ownershipHelper.getOwnershipDescription(j.jenkins.getItemByFullName("myFolder", Folder.class)), + equalTo(original)); + } + + @Test + public void shouldSupportAssignCreatorPolicy() throws Exception { + + // Init security + j.jenkins.setSecurityRealm(j.createDummySecurityRealm()); + User myUser = User.get("testUser"); + + // Configure the policy + OwnershipPluginConfigurer.forJenkinsRule(j) + .withItemOwnershipPolicy(new AssignCreatorPolicy()) + .configure(); + + // Create Item from the user account + ACL.impersonate(myUser.impersonate(), new Callable() { + @Override + public Void call() throws Exception { + j.jenkins.createProject(Folder.class, "myFolder"); + return null; + } + + @Override + public void checkRoles(RoleChecker checker) throws SecurityException { + // do nothing + } + }); + + // Retrieve item and verify it's status + Folder folder = j.jenkins.getItemByFullName("myFolder", Folder.class); + assertThat("Cannot locate folder 'myFolder'", folder, notNullValue()); + FolderOwnershipProperty ownerProperty = FolderOwnershipHelper.getOwnerProperty(folder); + assertThat("Property should be injected by AssignCreatorPolicy", ownerProperty, notNullValue()); + assertThat("Ownership should be enabled according to AssignCreatorPolicy", + ownerProperty.getOwnership().isOwnershipEnabled(), equalTo(true)); + assertThat("testUser should be automatically assigned as a Folder owner", + ownerProperty.getOwnership().getPrimaryOwnerId(), equalTo("testUser")); + + // Reload configs in order to verify the persistence + j.jenkins.reload(); + Folder folderReloaded = j.jenkins.getItemByFullName("myFolder", Folder.class); + FolderOwnershipProperty ownerPropertyReloaded = FolderOwnershipHelper.getOwnerProperty(folderReloaded); + assertThat("testUser should be retained after the restart", + ownerPropertyReloaded.getOwnership().getPrimaryOwnerId(), equalTo("testUser")); + } + + @Test + public void ownershipShouldBeInheritedFromFolderByDefault() throws Exception { + // Initialize plugin before using it + OwnershipPluginConfigurer.forJenkinsRule(j).configure(); + + Folder folder = j.jenkins.createProject(Folder.class, "myFolder"); + FreeStyleProject project = folder.createProject(FreeStyleProject.class, "projectInFolder"); + + // Set ownership via API + OwnershipDescription original = new OwnershipDescription(true, "ownerId", + Arrays.asList("coowner1, coowner2")); + FolderOwnershipHelper.setOwnership(folder, original); + + assertThat("Folder ownership helper should return the inherited value", + JobOwnerHelper.Instance.getOwnershipDescription(project), + equalTo(original)); + + + // Reload folder from disk and check the state + j.jenkins.reload(); + assertThat("Folder ownership helper should return the inherited value after the reload", + JobOwnerHelper.Instance.getOwnershipDescription( + j.jenkins.getItemByFullName("myFolder/projectInFolder", FreeStyleProject.class)), + equalTo(original)); + } + + @Test + public void ownershipShouldBeInheritedFromTopLevelFolderByDefault() throws Exception { + // Initialize plugin before using it + OwnershipPluginConfigurer.forJenkinsRule(j).configure(); + + Folder folder1 = j.jenkins.createProject(Folder.class, "folder1"); + Folder folder2 = folder1.createProject(Folder.class, "folder2"); + FreeStyleProject project = folder2.createProject(FreeStyleProject.class, "projectInFolder"); + + // Set ownership via API + OwnershipDescription original = new OwnershipDescription(true, "ownerId", + Arrays.asList("coowner1, coowner2")); + FolderOwnershipHelper.setOwnership(folder1, original); + + assertThat("Folder ownership helper should return the inherited value", + JobOwnerHelper.Instance.getOwnershipDescription(project), + equalTo(original)); + + + // Reload folder from disk and check the state + j.jenkins.reload(); + OwnershipInfo ownershipInfo = JobOwnerHelper.Instance.getOwnershipInfo( + j.jenkins.getItemByFullName("folder1/folder2/projectInFolder", FreeStyleProject.class)); + assertThat("Folder ownership helper should return the inherited value after the reload", + ownershipInfo.getDescription(), equalTo(original)); + assertThat("OwnershipInfo should return the right reference", + (Object)ownershipInfo.getSource().getItem(), equalTo((Object)j.jenkins.getItemByFullName("folder1"))); + } + + @Test + public void ownershipShouldNotBeInheritedFromTopLevelFolderIfDisabled() throws Exception { + // Initialize plugin before using it + OwnershipPluginConfigurer.forJenkinsRule(j).configure(); + + Folder folder1 = j.jenkins.createProject(Folder.class, "folder1"); + Folder folder2 = folder1.createProject(Folder.class, "folder2"); + FreeStyleProject project = folder2.createProject(FreeStyleProject.class, "projectInFolder"); + + // Set ownership via API + OwnershipDescription original = new OwnershipDescription(true, "ownerId", Arrays.asList("coowner1, coowner2")); + FolderOwnershipHelper.setOwnership(folder1, original); + assertThat("Folder ownership helper should return the inherited value", + JobOwnerHelper.Instance.getOwnershipDescription(project), + equalTo(original)); + + // Disable the inheritance + OwnershipPluginConfigurer.forJenkinsRule(j) + .withInheritanceOptions(new InheritanceOptions(true)) + .configure(); + + // Ensure that Ownership is disabled for both nested job and folder + OwnershipInfo projectOwnershipInfo = JobOwnerHelper.Instance.getOwnershipInfo( + j.jenkins.getItemByFullName("folder1/folder2/projectInFolder", FreeStyleProject.class)); + OwnershipInfo folderOwnershipInfo = FolderOwnershipHelper.getInstance().getOwnershipInfo( + j.jenkins.getItemByFullName("folder1/folder2", Folder.class)); + assertThat("Folder should not inherit the ownership info when inheritance is disabled", + folderOwnershipInfo.getDescription(), equalTo(OwnershipDescription.DISABLED_DESCR)); + assertThat("Project should not inherit the ownerhip info when inheritance is disabled", + projectOwnershipInfo.getDescription(), equalTo(OwnershipDescription.DISABLED_DESCR)); + } + + private static final String FOLDER_CONFIG_XML = "\n"+ + "\n"+ + " \n"+ + " \n"+ + " \n"+ + " \n"+ + " \n"+ + " true\n"+ + " the.owner\n"+ + " \n"+ + " \n"+ + " \n"+ + " \n"+ + " \n"+ + " \n"+ + " \n"+ + " \n"+ + " \n"+ + " \n"+ + " \n"+ + " \n"+ + " All\n"+ + " false\n"+ + " false\n"+ + " \n"+ + " \n"+ + " \n"+ + " \n"+ + " \n"+ + " \n"+ + " \n"+ + " false\n"+ + " \n"+ + " \n"+ + " \n"+ + ""; + + @Test + public void folderShouldSupportPreserveOwnershipPolicy() throws Exception { + InputStream folderConfigIS = null; + try { + // Configure the policy + OwnershipPluginConfigurer.forJenkinsRule(j) + .withItemOwnershipPolicy(new PreserveOwnershipPolicy()) + .configure(); + + folderConfigIS = new ByteArrayInputStream(FOLDER_CONFIG_XML.getBytes()); + j.jenkins.createProjectFromXML("job-dsl-generated-folder", folderConfigIS); + + Folder folder = j.jenkins.getItemByFullName("job-dsl-generated-folder", Folder.class); + assertThat("Cannot locate folder 'job-dsl-generated-folder'", folder, notNullValue()); + + OwnershipInfo folderOwnershipInfo = FolderOwnershipHelper.getInstance().getOwnershipInfo(folder); + assertThat("Ownership should still be enabled according to PreserveJobOwnershipPolicy", + folderOwnershipInfo.getDescription().isOwnershipEnabled(), equalTo(true)); + assertThat("Owner should still be 'the.owner'", + folderOwnershipInfo.getDescription().getPrimaryOwnerId(), equalTo("the.owner")); + } finally { + IOUtils.closeQuietly(folderConfigIS); + } + } +} diff --git a/src/test/java/org/jenkinsci/plugins/ownership/model/jobs/JobOwnershipTest.java b/src/test/java/org/jenkinsci/plugins/ownership/model/jobs/JobOwnershipTest.java new file mode 100644 index 00000000..37e272d2 --- /dev/null +++ b/src/test/java/org/jenkinsci/plugins/ownership/model/jobs/JobOwnershipTest.java @@ -0,0 +1,109 @@ +package org.jenkinsci.plugins.ownership.model.jobs; + +import com.synopsys.arc.jenkins.plugins.ownership.extensions.item_ownership_policy.DropOwnershipPolicy; +import com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerHelper; +import com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerJobProperty; +import hudson.model.Job; +import hudson.model.User; +import org.apache.commons.io.IOUtils; +import org.jenkinsci.plugins.ownership.config.PreserveOwnershipPolicy; +import org.jenkinsci.plugins.ownership.test.util.OwnershipPluginConfigurer; +import org.junit.Rule; +import org.junit.Test; +import org.jvnet.hudson.test.JenkinsRule; + +import java.io.ByteArrayInputStream; +import java.io.InputStream; + +import static org.hamcrest.Matchers.equalTo; +import static org.hamcrest.Matchers.notNullValue; +import static org.junit.Assert.assertThat; + +/** + * @author cpuydebois + */ +public class JobOwnershipTest { + + @Rule + public JenkinsRule j = new JenkinsRule(); + + private static final String JOB_CONFIG_XML = "\n" + + "\n" + + " \n" + + " \n" + + " false\n" + + " \n" + + " \n" + + " \n" + + " true\n" + + " the.owner\n" + + " \n" + + " secondary.owner\n" + + " \n" + + " \n" + + " \n" + + " \n" + + " \n" + + " true\n" + + " false\n" + + " false\n" + + " false\n" + + " \n" + + " false\n" + + " \n" + + " \n" + + " \n" + + ""; + + @Test + public void shouldSupportDropOwnershipPolicy() throws Exception { + InputStream jobConfigIS = null; + try { + // Configure the policy + OwnershipPluginConfigurer.forJenkinsRule(j) + .withItemOwnershipPolicy(new DropOwnershipPolicy()) + .configure(); + + jobConfigIS = new ByteArrayInputStream(JOB_CONFIG_XML.getBytes()); + j.jenkins.createProjectFromXML("job-dsl-generated", jobConfigIS); + + Job job = j.jenkins.getItemByFullName("job-dsl-generated", Job.class); + assertThat("Cannot locate job 'job-dsl-generated'", job, notNullValue()); + JobOwnerJobProperty ownerProperty = JobOwnerHelper.getOwnerProperty(job); + assertThat("Property should still be herer", ownerProperty, notNullValue()); + assertThat("Ownership should be disabled according to DropOwnershipPolicy", + ownerProperty.getOwnership().isOwnershipEnabled(), equalTo(false)); + assertThat("There should be no Owner", + ownerProperty.getOwnership().getPrimaryOwnerId(), equalTo(User.getUnknown().getId())); + } finally { + IOUtils.closeQuietly(jobConfigIS); + } + + } + + @Test + public void shouldSupportPreserveJobOwnershipPolicy() throws Exception { + InputStream jobConfigIS = null; + try { + // Configure the policy + OwnershipPluginConfigurer.forJenkinsRule(j) + .withItemOwnershipPolicy(new PreserveOwnershipPolicy()) + .configure(); + + jobConfigIS = new ByteArrayInputStream(JOB_CONFIG_XML.getBytes()); + j.jenkins.createProjectFromXML("job-dsl-generated", jobConfigIS); + + Job job = j.jenkins.getItemByFullName("job-dsl-generated", Job.class); + assertThat("Cannot locate job 'job-dsl-generated'", job, notNullValue()); + JobOwnerJobProperty ownerProperty = JobOwnerHelper.getOwnerProperty(job); + assertThat("Property should be preserved by PreserveJobOwnershipPolicy", ownerProperty, notNullValue()); + assertThat("Ownership should still be enabled according to PreserveJobOwnershipPolicy", + ownerProperty.getOwnership().isOwnershipEnabled(), equalTo(true)); + assertThat("Owner should still be 'the.owner'", + ownerProperty.getOwnership().getPrimaryOwnerId(), equalTo("the.owner")); + } finally { + IOUtils.closeQuietly(jobConfigIS); + } + + } +} diff --git a/src/test/java/org/jenkinsci/plugins/ownership/model/runs/RunOwnershipActionTest.java b/src/test/java/org/jenkinsci/plugins/ownership/model/runs/RunOwnershipActionTest.java new file mode 100644 index 00000000..e899af9e --- /dev/null +++ b/src/test/java/org/jenkinsci/plugins/ownership/model/runs/RunOwnershipActionTest.java @@ -0,0 +1,166 @@ +/* + * The MIT License + * + * Copyright (c) 2015 Oleg Nenashev. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.model.runs; + +import com.cloudbees.hudson.plugins.folder.Folder; +import org.htmlunit.html.HtmlDivision; +import org.htmlunit.html.HtmlPage; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerHelper; +import hudson.model.FreeStyleBuild; +import hudson.model.FreeStyleProject; +import hudson.model.User; +import java.util.Arrays; +import java.util.Collections; +import org.jenkinsci.plugins.ownership.config.DisplayOptions; +import org.jenkinsci.plugins.ownership.test.util.OwnershipPluginConfigurer; +import org.junit.Rule; +import org.junit.Test; +import org.jvnet.hudson.test.JenkinsRule; + +import static org.hamcrest.Matchers.*; +import org.jenkinsci.plugins.ownership.model.folders.FolderOwnershipHelper; +import org.jenkinsci.plugins.ownership.model.OwnershipInfo; +import static org.junit.Assert.assertThat; +import org.jvnet.hudson.test.Issue; + +/** + * Tests for {@link RunOwnershipAction}. + * @author Oleg Nenashev + */ +public class RunOwnershipActionTest { + + @Rule + public JenkinsRule jenkinsRule = new JenkinsRule(); + + @Test + @Issue("JENKINS-28881") + public void shouldInheritOwnershipInfoFromFolders() throws Exception { + // Initialize plugin before using it + OwnershipPluginConfigurer.forJenkinsRule(jenkinsRule).configure(); + + Folder folder = jenkinsRule.jenkins.createProject(Folder.class, "folder"); + FreeStyleProject project = folder.createProject(FreeStyleProject.class, "projectInFolder"); + + // Set ownership via API + OwnershipDescription original = new OwnershipDescription(true, "ownerId", + Arrays.asList("coowner1, coowner2")); + FolderOwnershipHelper.setOwnership(folder, original); + + // Run project + FreeStyleBuild build = jenkinsRule.buildAndAssertSuccess(project); + + OwnershipInfo ownershipInfo = RunOwnershipHelper.getInstance().getOwnershipInfo(build); + assertThat("Folder ownership helper should return the inherited value after the reload", + ownershipInfo.getDescription(), equalTo(original)); + assertThat("OwnershipInfo should return the right reference", + ownershipInfo.getSource().getItem(), equalTo((Object)jenkinsRule.jenkins.getItemByFullName("folder"))); + } + + @Test + public void shouldDisplayStubSummaryBoxIfNoOwnership() throws Exception { + // Initialize plugin before using it + OwnershipPluginConfigurer.forJenkinsRule(jenkinsRule).configure(); + + FreeStyleProject project = jenkinsRule.createFreeStyleProject(); + FreeStyleBuild build = jenkinsRule.buildAndAssertSuccess(project); + + assertThat("Run Ownership Box should be enabled in configs", + RunOwnershipHelper.getInstance().isDisplayOwnershipSummaryBox(build), is(true)); + + // Check the Ownership summary box for the Run + JenkinsRule.WebClient webClient = jenkinsRule.createWebClient(); + HtmlPage res = webClient.goTo(build.getUrl()); + HtmlDivision summaryBox = res.getFirstByXPath("//div[@class='ownership-summary-box']"); + assertThat("On the page there should an ownership box", summaryBox, notNullValue()); + assertThat("Ownership box should contain no info about the owner", summaryBox.getTextContent(), + stringContainsInOrder(Arrays.asList("Ownership is not configured for this Run"))); + } + + @Test + public void shouldDisplayRunOwnershipByDefault() throws Exception { + // Initialize plugin before using it + OwnershipPluginConfigurer.forJenkinsRule(jenkinsRule).configure(); + + jenkinsRule.jenkins.setSecurityRealm(jenkinsRule.createDummySecurityRealm()); + User user = User.get("testUser"); + + FreeStyleProject project = jenkinsRule.createFreeStyleProject(); + JobOwnerHelper.setOwnership(project, new OwnershipDescription(true, user.getId(), Collections.emptyList())); + FreeStyleBuild build = jenkinsRule.buildAndAssertSuccess(project); + + assertThat("Run Ownership Box should be enabled in configs", + RunOwnershipHelper.getInstance().isDisplayOwnershipSummaryBox(build), is(true)); + + // Check the Ownership summary box for the Run + JenkinsRule.WebClient webClient = jenkinsRule.createWebClient(); + HtmlPage res = webClient.goTo(build.getUrl()); + HtmlDivision summaryBox = res.getFirstByXPath("//div[@class='ownership-summary-box']"); + assertThat("On the page there should an ownership box", summaryBox, notNullValue()); + HtmlDivision ownerInfo = summaryBox.getFirstByXPath("//div[@class='ownership-user-info']"); + assertThat("Ownership Summary Box should contain the owner info", summaryBox, notNullValue()); + assertThat("Owner info should mention user " + user, ownerInfo.getTextContent(), + stringContainsInOrder(Arrays.asList(user.getId()))); + } + + @Test + @Issue("JENKINS-28714") + public void shouldHideRunOwnershipIfRequested() throws Exception { + OwnershipPluginConfigurer.forJenkinsRule(jenkinsRule) + .withDisplayOptions(new DisplayOptions(true, false)) + .configure(); + + FreeStyleProject project = jenkinsRule.createFreeStyleProject(); + FreeStyleBuild build = jenkinsRule.buildAndAssertSuccess(project); + + assertThat("Run Ownership Box should be disabled in configs", + RunOwnershipHelper.getInstance().isDisplayOwnershipSummaryBox(build), is(false)); + + // Check the Ownership summary box for the Run + JenkinsRule.WebClient webClient = jenkinsRule.createWebClient(); + HtmlPage res = webClient.goTo(build.getUrl()); + assertThat("On the page there should not be ownership box", + res.getFirstByXPath("//div[@class='ownership-summary-box']"), nullValue()); + } + + @Test + @Issue("JENKINS-28712") + public void shouldHideBoxesForNonConfiguredOwnershipIfConfigured() throws Exception { + OwnershipPluginConfigurer.forJenkinsRule(jenkinsRule) + .withDisplayOptions(new DisplayOptions(false, true)) + .configure(); + + FreeStyleProject project = jenkinsRule.createFreeStyleProject(); + FreeStyleBuild build = jenkinsRule.buildAndAssertSuccess(project); + + assertThat("Run Ownership Box should be disabled in configs", + RunOwnershipHelper.getInstance().isDisplayOwnershipSummaryBox(build), is(false)); + + // Check the Ownership summary box for the Run + JenkinsRule.WebClient webClient = jenkinsRule.createWebClient(); + HtmlPage res = webClient.goTo(build.getUrl()); + assertThat("On the page there should not be ownership box", + res.getFirstByXPath("//div[@class='ownership-summary-box']"), nullValue()); + } +} diff --git a/src/test/java/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariableTest.java b/src/test/java/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariableTest.java new file mode 100644 index 00000000..ab1b4526 --- /dev/null +++ b/src/test/java/org/jenkinsci/plugins/ownership/model/workflow/OwnershipGlobalVariableTest.java @@ -0,0 +1,177 @@ +/* + * The MIT License + * + * Copyright (c) 2016 Oleg Nenashev. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.model.workflow; + +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerHelper; +import com.synopsys.arc.jenkins.plugins.ownership.nodes.NodeOwnerHelper; +import hudson.model.Action; +import hudson.model.Descriptor; +import hudson.model.Result; +import hudson.model.labels.LabelAtom; +import hudson.model.queue.QueueTaskFuture; +import hudson.slaves.DumbSlave; +import hudson.tasks.Mailer; +import java.util.Arrays; +import java.util.Collection; +import javax.annotation.Nonnull; +import static org.hamcrest.Matchers.*; +import org.jenkinsci.plugins.ownership.test.util.OwnershipPluginConfigurer; +import org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval; +import org.jenkinsci.plugins.scriptsecurity.scripts.languages.GroovyLanguage; +import org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition; +import org.jenkinsci.plugins.workflow.job.WorkflowJob; +import org.jenkinsci.plugins.workflow.job.WorkflowRun; +import static org.junit.Assert.assertThat; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.junit.runners.Parameterized; +import org.junit.runners.Parameterized.Parameter; +import org.junit.runners.Parameterized.Parameters; +import org.jvnet.hudson.test.JenkinsRule; + +/** + * Tests of {@link OwnershipGlobalVariable}. + * + * @author Oleg Nenashev + */ +@RunWith(value = Parameterized.class) +public class OwnershipGlobalVariableTest { + + @Rule + public JenkinsRule j = new JenkinsRule(); + + @Parameter(0) + public boolean useSandbox; + + @Parameters(name = "{index}: sandbox={0}") + public static Collection data() { + return Arrays.asList(new Object[][]{{true}, {false}}); + } + + @Before + public void setupMailOptions() throws Exception { + // Initialize Mail Suffix + Descriptor mailerDescriptor = j.jenkins.getDescriptor(Mailer.class); + assertThat(mailerDescriptor, instanceOf(Mailer.DescriptorImpl.class)); + ((Mailer.DescriptorImpl)mailerDescriptor).setDefaultSuffix("mailsuff.ix"); + } + + @Before + public void initSecurityRealm() throws Exception { + j.jenkins.setSecurityRealm(j.createDummySecurityRealm()); + } + + @Before + public void initPlugin() throws Exception { + // Initialize plugin before using it in Pipeline scripts + OwnershipPluginConfigurer.forJenkinsRule(j).configure(); + } + + @Test + public void jobOwnershipSnippet_noOwnership() throws Exception { + OwnershipDescription d = OwnershipDescription.DISABLED_DESCR; + WorkflowRun run = buildSnippetAndAssertSuccess("printJobOwnershipInfo", d); + assertThat(run.getLog(), containsString("Ownership is disabled")); + } + + @Test + public void jobOwnershipSnippet_withOwner() throws Exception { + OwnershipDescription d = new OwnershipDescription(true, "owner", + Arrays.asList("coowner1", "coowner2")); + WorkflowRun run = buildSnippetAndAssertSuccess("printJobOwnershipInfo", d); + assertThat(run.getLog(), containsString("owner")); + } + + @Test + public void nodeOwnershipSnippet_onSlave() throws Exception { + DumbSlave slave = j.createOnlineSlave(new LabelAtom("requiredLabel")); + NodeOwnerHelper.setOwnership(slave, new OwnershipDescription(true, "ownerOfJenkins", + Arrays.asList("coowner1", "coowner2"))); + OwnershipDescription d = OwnershipDescription.DISABLED_DESCR; + WorkflowRun run = buildSnippetAndAssertSuccess("printNodeOwnershipInfo", d); + assertThat(run.getLog(), containsString("ownerOfJenkins")); + } + + @Test + public void nodeOwnershipSnippet_onMaster() throws Exception { + NodeOwnerHelper.setOwnership(j.jenkins, new OwnershipDescription(true, "ownerOfJenkins", + Arrays.asList("coowner1", "coowner2"))); + OwnershipDescription d = OwnershipDescription.DISABLED_DESCR; + // Use node() without parameters - it will use master node by default + // The issue is that env.NODE_NAME might be null or empty for master, so we need to handle it + String script = "node() {\n" + + " def nodeName = env.NODE_NAME ?: 'master'\n" + + " echo \"Current NODE_NAME = ${nodeName}\"\n" + + " if (ownership.node.ownershipEnabled) {\n" + + " println \"Owner ID: ${ownership.node.primaryOwnerId}\"\n" + + " println \"Owner e-mail: ${ownership.node.primaryOwnerEmail}\"\n" + + " println \"Co-owner IDs: ${ownership.node.secondaryOwnerIds}\"\n" + + " println \"Co-owner e-mails: ${ownership.node.secondaryOwnerEmails}\"\n" + + " } else {\n" + + " println \"Ownership of ${nodeName} is disabled\"\n" + + " }\n" + + "}"; + WorkflowRun run = buildAndAssertSuccess(script, d, "printNodeOwnershipInfo"); + assertThat(run.getLog(), containsString("ownerOfJenkins")); + } + + private WorkflowRun buildSnippetAndAssertSuccess(@Nonnull String snippetName, + @Nonnull OwnershipDescription ownershipDescription) throws Exception { + return buildAndAssertSuccess(OwnershipGlobalVariable.getSampleSnippet(snippetName), + ownershipDescription, snippetName); + } + + private WorkflowRun buildAndAssertSuccess(@Nonnull String pipelineScript, + @Nonnull OwnershipDescription ownershipDescription, + @Nonnull String projectName) throws Exception { + WorkflowJob job = j.jenkins.createProject(WorkflowJob.class, projectName); + job.setDefinition(new CpsFlowDefinition(pipelineScript, useSandbox)); + JobOwnerHelper.setOwnership(job, ownershipDescription); + + // We are going to run Pipeline as System, and the script won't be automatically approved in such case. + // So we approve the script. + if (!useSandbox) { + ScriptApproval.get().preapprove(pipelineScript, GroovyLanguage.get()); + } + + return buildAndAssertSuccess(job); + } + + private WorkflowRun buildAndAssertSuccess(@Nonnull WorkflowJob job) throws Exception { + QueueTaskFuture runFuture = job.scheduleBuild2(0, new Action[0]); + assertThat("build was actually scheduled", runFuture, notNullValue()); + WorkflowRun run = runFuture.get(); + + if (run.getResult() != Result.SUCCESS) { + // Print the log to help debug the issue + System.err.println("Pipeline run " + run + " failed. Log:"); + System.err.println(run.getLog()); + } + assertThat("Pipeline run " + run + " failed", run.getResult(), equalTo(Result.SUCCESS)); + return run; + } +} diff --git a/src/test/java/org/jenkinsci/plugins/ownership/security/jobrestrictions/OwnersListJobRestrictionTest.java b/src/test/java/org/jenkinsci/plugins/ownership/security/jobrestrictions/OwnersListJobRestrictionTest.java new file mode 100644 index 00000000..874559fe --- /dev/null +++ b/src/test/java/org/jenkinsci/plugins/ownership/security/jobrestrictions/OwnersListJobRestrictionTest.java @@ -0,0 +1,222 @@ +/* + * The MIT License + * + * Copyright (c) 2016 Oleg Nenashev. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.security.jobrestrictions; + +import com.cloudbees.hudson.plugins.folder.Folder; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerHelper; +import com.synopsys.arc.jenkins.plugins.ownership.security.jobrestrictions.OwnersListJobRestriction; +import com.synopsys.arc.jenkins.plugins.ownership.util.ui.UserSelector; +import com.synopsys.arc.jenkinsci.plugins.jobrestrictions.nodes.JobRestrictionProperty; +import com.synopsys.arc.jenkinsci.plugins.jobrestrictions.restrictions.JobRestrictionBlockageCause; +import hudson.model.FreeStyleProject; +import hudson.model.Label; +import hudson.model.Queue; +import hudson.model.labels.LabelAtom; +import hudson.security.HudsonPrivateSecurityRealm; +import hudson.slaves.DumbSlave; +import jenkins.model.*; +import java.io.IOException; +import java.util.Arrays; +import java.util.Collections; +import java.util.List; +import static org.hamcrest.Matchers.*; +import org.jenkinsci.plugins.ownership.model.folders.FolderOwnershipHelper; +import org.jenkinsci.plugins.ownership.test.util.OwnershipPluginConfigurer; +import static org.junit.Assert.assertThat; +import org.junit.Before; +import org.junit.Rule; +import org.junit.Test; +import org.jvnet.hudson.test.Issue; +import org.jvnet.hudson.test.JenkinsRule; + +/** + * Tests of {@link OwnersListJobRestriction}. + * @author Oleg Nenashev + */ +public class OwnersListJobRestrictionTest { + private static final IdStrategy CASE_SENSITIVE = new IdStrategy.CaseSensitive(); + + @Rule + public final JenkinsRule j = new JenkinsRule(); + + private Label testLabel; + private DumbSlave slave; + private JobRestrictionProperty jobRestrictionProperty; + + @Before + public void setUp() throws Exception { + // Initialize plugin before using it + OwnershipPluginConfigurer.forJenkinsRule(j).configure(); + + testLabel = new LabelAtom("testLabel"); + slave = j.createOnlineSlave(testLabel); + jobRestrictionProperty = new JobRestrictionProperty( + new OwnersListJobRestriction(Arrays.asList(new UserSelector("owner")), false));; + slave.getNodeProperties().add(jobRestrictionProperty); + + applyIdStrategy(CASE_SENSITIVE); + } + + @Test + public void nodeShouldAcceptRunsFromOwner() throws Exception { + FreeStyleProject project = j.createFreeStyleProject(); + project.setAssignedLabel(testLabel); + JobOwnerHelper.setOwnership(project, + new OwnershipDescription(true, "owner", Collections.emptyList())); + + project.scheduleBuild2(0); + j.jenkins.getQueue().maintain(); + + List items = j.jenkins.getQueue().getBuildableItems(); + assertThat("1 item should be in the queue", items.size(), equalTo(1)); + Queue.BuildableItem item = items.get(0); + + assertThat("Job has not been accepted, but JobRestrictions should allow the run", + jobRestrictionProperty.canTake(item), nullValue()); + } + + @Test + public void nodeShouldDeclineRunsFromNotOwner() throws Exception { + FreeStyleProject project = j.createFreeStyleProject(); + project.setAssignedLabel(testLabel); + JobOwnerHelper.setOwnership(project, + new OwnershipDescription(true, "notOwner", Collections.emptyList())); + + project.scheduleBuild2(0); + j.jenkins.getQueue().maintain(); + + List items = j.jenkins.getQueue().getBuildableItems(); + assertThat("1 item should be in the queue", items.size(), equalTo(1)); + Queue.BuildableItem item = items.get(0); + + assertThat("Job restrictions should not allow the run, because the job has wrong owner", + jobRestrictionProperty.canTake(item), instanceOf(JobRestrictionBlockageCause.class)); + } + + @Test + @Issue("JENKINS-28881") + public void nodeShouldAcceptRunsFromInheritedOwner() throws Exception { + Folder folder = j.jenkins.createProject(Folder.class, "folder"); + FreeStyleProject project = folder.createProject(FreeStyleProject.class, "project"); + project.setAssignedLabel(testLabel); + FolderOwnershipHelper.setOwnership(folder, + new OwnershipDescription(true, "owner", Collections.emptyList())); + + project.scheduleBuild2(0); + j.jenkins.getQueue().maintain(); + + List items = j.jenkins.getQueue().getBuildableItems(); + assertThat("1 item should be in the queue", items.size(), equalTo(1)); + Queue.BuildableItem item = items.get(0); + + assertThat("Run has been prohibited, but Ownership plugin should allow it according to the inherited value", + jobRestrictionProperty.canTake(item), nullValue()); + } + + @Test + @Issue("JENKINS-28881") + public void nodeShouldDeclineRunsFromInheritedNotOwner() throws Exception { + Folder folder = j.jenkins.createProject(Folder.class, "folder"); + FreeStyleProject project = folder.createProject(FreeStyleProject.class, "project"); + project.setAssignedLabel(testLabel); + FolderOwnershipHelper.setOwnership(folder, + new OwnershipDescription(true, "notOwner", Collections.emptyList())); + + project.scheduleBuild2(0); + j.jenkins.getQueue().maintain(); + + List items = j.jenkins.getQueue().getBuildableItems(); + assertThat("1 item should be in the queue", items.size(), equalTo(1)); + Queue.BuildableItem item = items.get(0); + + assertThat("Job restrictions should not allow the run, because the job has wrong owner", + jobRestrictionProperty.canTake(item), instanceOf(JobRestrictionBlockageCause.class)); + } + + @Test + @Issue("JENKINS-20832") + public void nodeShouldAcceptRunsFromWithInsensitiveCaseOnOwner() throws Exception { + applyIdStrategy(IdStrategy.CASE_INSENSITIVE); + + Folder folder = j.jenkins.createProject(Folder.class, "folder"); + FreeStyleProject project = folder.createProject(FreeStyleProject.class, "project2"); + project.setAssignedLabel(testLabel); + FolderOwnershipHelper.setOwnership(folder, + new OwnershipDescription(true, "Owner", Collections.emptyList())); + + project.scheduleBuild2(0); + j.jenkins.getQueue().maintain(); + + List items = j.jenkins.getQueue().getBuildableItems(); + assertThat("1 item should be in the queue", items.size(), equalTo(1)); + Queue.BuildableItem item = items.get(0); + + assertThat("Run has been prohibited, but Ownership plugin should allow it according to the inherited value", + jobRestrictionProperty.canTake(item), nullValue()); + } + + @Test + @Issue("JENKINS-20832") + public void nodeShouldAcceptRunsFromWithInsensitiveCaseOnCoOwner() throws Exception { + applyIdStrategy(IdStrategy.CASE_INSENSITIVE); + + // Change to accept coowners + jobRestrictionProperty = new JobRestrictionProperty( + new OwnersListJobRestriction(Arrays.asList(new UserSelector("owner")), true)); + slave.getNodeProperties().add(jobRestrictionProperty); + + Folder folder = j.jenkins.createProject(Folder.class, "folder"); + FreeStyleProject project = folder.createProject(FreeStyleProject.class, "project3"); + project.setAssignedLabel(testLabel); + FolderOwnershipHelper.setOwnership(folder, + new OwnershipDescription(true, "owner1", Arrays.asList("owner2", "Owner"))); + + project.scheduleBuild2(0); + j.jenkins.getQueue().maintain(); + + List items = j.jenkins.getQueue().getBuildableItems(); + assertThat("1 item should be in the queue", items.size(), equalTo(1)); + Queue.BuildableItem item = items.get(0); + + assertThat("Run has been prohibited, but Ownership plugin should allow it according to the inherited value", + jobRestrictionProperty.canTake(item), nullValue()); + } + + private void applyIdStrategy(final IdStrategy idStrategy) throws IOException { + HudsonPrivateSecurityRealm realm = new HudsonPrivateSecurityRealm(false, false, null) { + @Override + public IdStrategy getUserIdStrategy() { + return idStrategy; + } + + @Override + public IdStrategy getGroupIdStrategy() { + return idStrategy; + } + }; + realm.createAccount("owner", "owner"); + j.jenkins.setSecurityRealm(realm); + } +} diff --git a/src/test/java/org/jenkinsci/plugins/ownership/security/rolestrategy/OwnershipBasedSecurityTest.java b/src/test/java/org/jenkinsci/plugins/ownership/security/rolestrategy/OwnershipBasedSecurityTest.java new file mode 100644 index 00000000..a61ec8e4 --- /dev/null +++ b/src/test/java/org/jenkinsci/plugins/ownership/security/rolestrategy/OwnershipBasedSecurityTest.java @@ -0,0 +1,151 @@ +/* + * The MIT License + * + * Copyright (c) 2016 Oleg Nenashev. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.security.rolestrategy; + +import com.cloudbees.hudson.plugins.folder.Folder; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipDescription; +import com.synopsys.arc.jenkins.plugins.ownership.jobs.JobOwnerHelper; +import hudson.model.FreeStyleProject; +import hudson.model.Item; +import hudson.model.User; +import hudson.remoting.Callable; +import hudson.security.ACL; +import hudson.security.AccessControlled; +import hudson.security.Permission; +import java.util.Arrays; +import static org.hamcrest.MatcherAssert.assertThat; +import static org.hamcrest.Matchers.equalTo; +import org.jenkinsci.plugins.ownership.model.folders.FolderOwnershipHelper; +import org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition; +import org.jenkinsci.plugins.workflow.job.WorkflowJob; +import org.jenkinsci.remoting.RoleChecker; +import org.junit.Rule; +import org.junit.Test; +import org.jvnet.hudson.test.Issue; +import org.jvnet.hudson.test.JenkinsRule; + +/** + * Checks ownership-based security. + * @author Oleg Nenashev + */ +public class OwnershipBasedSecurityTest { + + @Rule + public final JenkinsRule j = new JenkinsRule(); + + @Test + public void shouldWorkForProjects() throws Exception { + j.jenkins.setSecurityRealm(j.createDummySecurityRealm()); + OwnershipBasedSecurityTestHelper.setup(j.jenkins); + + FreeStyleProject project = j.createFreeStyleProject("project"); + JobOwnerHelper.setOwnership(project, new OwnershipDescription(true, "owner", Arrays.asList("coOwner"))); + + verifyItemPermissions(project); + } + + @Test + @Issue("JENKINS-28881") + public void shouldWorkForProjectsWithInheritedOwnership() throws Exception { + j.jenkins.setSecurityRealm(j.createDummySecurityRealm()); + OwnershipBasedSecurityTestHelper.setup(j.jenkins); + + Folder folder = j.jenkins.createProject(Folder.class, "folder"); + FreeStyleProject project = folder.createProject(FreeStyleProject.class, "project"); + FolderOwnershipHelper.setOwnership(folder, new OwnershipDescription(true, "owner", Arrays.asList("coOwner"))); + + // Verify that permissions are inherited by project + verifyItemPermissions(project); + + // Also check folder permissions + verifyItemPermissions(folder); + } + + @Test + @Issue("JENKINS-32353") + public void shouldWorkForPipelineProjectsInFolders() throws Exception { + j.jenkins.setSecurityRealm(j.createDummySecurityRealm()); + OwnershipBasedSecurityTestHelper.setup(j.jenkins); + + Folder folder = j.jenkins.createProject(Folder.class, "folder"); + WorkflowJob project = folder.createProject(WorkflowJob.class, "testWorkflowJob"); + project.setDefinition(new CpsFlowDefinition("echo 'Hello, world!'", false)); + FolderOwnershipHelper.setOwnership(folder, new OwnershipDescription(true, "owner", Arrays.asList("coOwner"))); + + // Verify that permissions are inherited by project + verifyItemPermissions(project); + + // Also check folder permissions + verifyItemPermissions(folder); + } + + private void verifyItemPermissions(Item item) { + // Admin + assertHasPermission("admin", item, Item.READ); + assertHasPermission("admin", item, Item.DELETE); + assertHasPermission("admin", item, Item.CONFIGURE); + + // Owner + assertHasPermission("owner", item, Item.READ); + assertHasPermission("owner", item, Item.DELETE); + assertHasPermission("owner", item, Item.CONFIGURE); + + // CoOwner + assertHasPermission("coOwner", item, Item.READ); + assertHasNoPermission("coOwner", item, Item.DELETE); + assertHasPermission("coOwner", item, Item.CONFIGURE); + + // User + assertHasPermission("user", item, Item.READ); + assertHasNoPermission("user", item, Item.DELETE); + assertHasNoPermission("user", item, Item.CONFIGURE); + } + + private void assertHasPermission(String userId, final AccessControlled item, final Permission p) { + assertThat("User '" + userId + "' has no " + p.getId() + " permission for " + item + ", but it should according to security settings", + hasPermission(userId, item, p), equalTo(true)); + } + + private void assertHasNoPermission(String userId, final AccessControlled item, final Permission p) { + assertThat("User '" + userId + "' has the " + p.getId() + " permission for " + item + ", but it should not according to security settings", + hasPermission(userId, item, p), equalTo(false)); + } + + private boolean hasPermission(String userId, final AccessControlled item, final Permission p) { + User user = User.get(userId); + return ACL.impersonate(user.impersonate(), new Callable() { + private static final long serialVersionUID = 1L; + + @Override + public Boolean call() throws IllegalStateException { + return item.hasPermission(p); + } + + @Override + public void checkRoles(RoleChecker checker) throws SecurityException { + // Do nothing + } + }); + } +} diff --git a/src/test/java/org/jenkinsci/plugins/ownership/security/rolestrategy/OwnershipBasedSecurityTestHelper.java b/src/test/java/org/jenkinsci/plugins/ownership/security/rolestrategy/OwnershipBasedSecurityTestHelper.java new file mode 100644 index 00000000..cd9177a2 --- /dev/null +++ b/src/test/java/org/jenkinsci/plugins/ownership/security/rolestrategy/OwnershipBasedSecurityTestHelper.java @@ -0,0 +1,204 @@ +/* + * The MIT License + * + * Copyright (c) 2016 Oleg Nenashev. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.security.rolestrategy; + +import com.michelin.cio.hudson.plugins.rolestrategy.AuthorizationType; +import com.michelin.cio.hudson.plugins.rolestrategy.PermissionEntry; +import com.michelin.cio.hudson.plugins.rolestrategy.Role; +import com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy; +import com.michelin.cio.hudson.plugins.rolestrategy.RoleMap; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin; +import com.synopsys.arc.jenkins.plugins.rolestrategy.RoleType; +import hudson.model.Computer; +import hudson.model.Item; +import hudson.model.Run; +import hudson.security.Permission; +import java.io.IOException; +import java.lang.reflect.Constructor; +import java.util.HashMap; +import java.util.HashSet; +import java.util.Map; +import java.util.Set; +import java.util.SortedMap; +import java.util.TreeMap; +import java.util.TreeSet; +import javax.annotation.Nonnull; +import jenkins.model.Jenkins; + +/** + * Provides functions for Ownership-based security setup. + * @author Oleg Nenashev + */ +public class OwnershipBasedSecurityTestHelper { + + public static void setup(@Nonnull Jenkins jenkins) throws AssertionError, IOException { + + Map grantedRoles = new HashMap(); + grantedRoles.put(RoleType.Project.getStringType(), getProjectRoleMap()); + grantedRoles.put(RoleType.Slave.getStringType(), getComputerRoleMap()); + grantedRoles.put(RoleType.Global.getStringType(), getGlobalAdminAndAnonymousRoles()); + + RoleBasedAuthorizationStrategy strategy = new RoleBasedAuthorizationStrategy(grantedRoles); + jenkins.setAuthorizationStrategy(strategy); + jenkins.save(); + } + + private static RoleMap getGlobalAdminAndAnonymousRoles() { + Set adminPermissions = new HashSet(); + adminPermissions.add(Jenkins.ADMINISTER); + Role adminRole = createRole("administrator", ".*", adminPermissions); + + Set anonymousPermissions = new HashSet(); + anonymousPermissions.add(Jenkins.READ); + anonymousPermissions.add(Item.READ); + anonymousPermissions.add(Item.DISCOVER); + Role anonymousRole = createRole("anonymous", ".*", anonymousPermissions); + + final SortedMap> grantedRoles = new TreeMap>(); + grantedRoles.put(adminRole, singleSid("admin")); + grantedRoles.put(anonymousRole, singleSid("anonymous")); + + return createRoleMap(grantedRoles); + } + + private static RoleMap getProjectRoleMap() { + Set ownerPermissions = new HashSet(); + ownerPermissions.add(OwnershipPlugin.MANAGE_ITEMS_OWNERSHIP); + ownerPermissions.addAll(Item.PERMISSIONS.getPermissions()); + ownerPermissions.addAll(Run.PERMISSIONS.getPermissions()); + Role ownerRole = createRole("@OwnerNoSid", ".*", ownerPermissions); + + Set coownerPermissions = new HashSet(); + coownerPermissions.addAll(Item.PERMISSIONS.getPermissions()); + coownerPermissions.addAll(Run.PERMISSIONS.getPermissions()); + coownerPermissions.remove(Item.DELETE); + coownerPermissions.remove(Run.DELETE); + Role coOwnerRole = createRole("@CoOwnerNoSid", ".*", coownerPermissions); + + return createRoleMapForSid("authenticated", ownerRole, coOwnerRole); + } + + private static RoleMap getComputerRoleMap() { + Set ownerPermissions = new HashSet(); + ownerPermissions.add(OwnershipPlugin.MANAGE_SLAVES_OWNERSHIP); + ownerPermissions.addAll(Computer.PERMISSIONS.getPermissions()); + Role ownerRole = createRole("@OwnerNoSid", ".*", ownerPermissions); + + Set coownerPermissions = new HashSet(); + coownerPermissions.addAll(Computer.PERMISSIONS.getPermissions()); + coownerPermissions.remove(Computer.DELETE); + coownerPermissions.remove(Computer.CONFIGURE); + Role coOwnerRole = createRole("@CoOwnerNoSid", ".*", coownerPermissions); + + return createRoleMapForSid("authenticated", ownerRole, coOwnerRole); + } + + private static Role createRole(String name, String pattern, Permission ... permissions) { + Set permSet = new HashSet(); + for (Permission p : permissions) { + permSet.add(p); + } + return createRole(name, pattern, permSet); + } + + private static RoleMap createRoleMapForSid(String sid, Role ... roles) { + final SortedMap> grantedRoles = new TreeMap>(); + for (Role role : roles) { + grantedRoles.put(role, singleSid(sid)); + } + return createRoleMap(grantedRoles); + } + + private static Set singleSid(String sid) { + if (sid == null) { + throw new IllegalArgumentException("SID cannot be null"); + } + final Set sids = new TreeSet(); + // Special SIDs like "authenticated" and "anonymous" should use EITHER type + // Regular user/group SIDs use user() or group() + if ("authenticated".equals(sid) || "anonymous".equals(sid)) { + sids.add(new PermissionEntry(AuthorizationType.EITHER, sid)); + } else { + // For regular users, use user() method + sids.add(PermissionEntry.user(sid)); + } + return sids; + } + + // TODO: Methods below should be burned with fire when RoleStrategy gets better API + private static Role createRole(String name, String pattern, Set permissions) { + try { + Constructor constructor = locateConstructor(Role.class, String.class, String.class, Set.class); + try { + constructor.setAccessible(true); + return constructor.newInstance(name, pattern, permissions); + } finally { + constructor.setAccessible(false); + } + } catch (Exception ex) { + throw new AssertionError("Cannot create role", ex); + } + } + + @Nonnull + @SuppressWarnings("unchecked") + private static Constructor locateConstructor(Class itemClass, Class ... parameters) { + Constructor[] constructors = itemClass.getDeclaredConstructors(); + for (Constructor c : constructors) { + Class[] parameterTypes = c.getParameterTypes(); + if (parameterTypes.length != parameters.length) { + continue; + } + + boolean matches = true; + for (int i = 0; i < parameters.length; ++i) { + if (!parameterTypes[i].isAssignableFrom(parameters[i])) { + matches = false; + break; + } + } + + if (matches) { + return (Constructor)c; + } + } + + throw new IllegalStateException("Cannot locate a constructor for " + itemClass); + } + + private static RoleMap createRoleMap(SortedMap> grantedRoles) { + try { + Constructor constructor = locateConstructor(RoleMap.class, SortedMap.class); + try { + constructor.setAccessible(true); + return constructor.newInstance(grantedRoles); + } finally { + constructor.setAccessible(false); + } + } catch (Exception ex) { + throw new AssertionError("Cannot create role map", ex); + } + } + +} diff --git a/src/test/java/org/jenkinsci/plugins/ownership/test/util/OwnershipPluginConfigurer.java b/src/test/java/org/jenkinsci/plugins/ownership/test/util/OwnershipPluginConfigurer.java new file mode 100644 index 00000000..b0f51b10 --- /dev/null +++ b/src/test/java/org/jenkinsci/plugins/ownership/test/util/OwnershipPluginConfigurer.java @@ -0,0 +1,126 @@ +/* + * The MIT License + * + * Copyright (c) 2015 Oleg Nenashev. + * + * Permission is hereby granted, free of charge, to any person obtaining a copy + * of this software and associated documentation files (the "Software"), to deal + * in the Software without restriction, including without limitation the rights + * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell + * copies of the Software, and to permit persons to whom the Software is + * furnished to do so, subject to the following conditions: + * + * The above copyright notice and this permission notice shall be included in + * all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR + * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, + * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE + * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER + * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, + * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN + * THE SOFTWARE. + */ +package org.jenkinsci.plugins.ownership.test.util; + +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin; +import com.synopsys.arc.jenkins.plugins.ownership.OwnershipPluginConfiguration; +import com.synopsys.arc.jenkins.plugins.ownership.extensions.ItemOwnershipPolicy; +import com.synopsys.arc.jenkins.plugins.ownership.extensions.item_ownership_policy.DropOwnershipPolicy; +import com.synopsys.arc.jenkins.plugins.ownership.security.itemspecific.ItemSpecificSecurity; +import java.io.IOException; +import javax.annotation.Nonnull; +import jenkins.model.Jenkins; +import org.jenkinsci.plugins.ownership.config.DisplayOptions; +import org.jenkinsci.plugins.ownership.config.InheritanceOptions; +import org.jenkinsci.plugins.ownership.util.environment.EnvSetupOptions; +import org.jenkinsci.plugins.ownership.util.mail.MailOptions; +import org.jvnet.hudson.test.JenkinsRule; +/** + * Manages configuration of {@link OwnershipPlugin}. + * @author Oleg Nenashev + */ +public class OwnershipPluginConfigurer { + + private final Jenkins jenkins; + + // Parameters. All items are nullable + private boolean requiresConfigurePermissions; + private String mailResolverClassName; + private ItemSpecificSecurity defaultJobsSecurity; + private ItemOwnershipPolicy itemOwnershipPolicy; + private MailOptions mailOptions; + private DisplayOptions displayOptions; + private EnvSetupOptions globalEnvSetupOptions; + private InheritanceOptions inheritanceOptions; + + private OwnershipPluginConfigurer(Jenkins jenkins) { + this.jenkins = jenkins; + // Default policy in the plugin + this.itemOwnershipPolicy = new DropOwnershipPolicy(); + } + + public static OwnershipPluginConfigurer forJenkinsRule(JenkinsRule rule) { + return forInstance(rule.jenkins); + } + + public static OwnershipPluginConfigurer forInstance(Jenkins jenkins) { + return new OwnershipPluginConfigurer(jenkins); + } + + public OwnershipPluginConfigurer requireConfigurePermissions(boolean requiresConfigurePermissions) { + this.requiresConfigurePermissions = requiresConfigurePermissions; + return this; + } + + public OwnershipPluginConfigurer withMailResolverClassName(String mailResolverClassName) { + this.mailResolverClassName = mailResolverClassName; + return this; + } + + public OwnershipPluginConfigurer withDefaultJobsSecurity(ItemSpecificSecurity defaultJobsSecurity) { + this.defaultJobsSecurity = defaultJobsSecurity; + return this; + } + + public OwnershipPluginConfigurer withItemOwnershipPolicy(@Nonnull ItemOwnershipPolicy itemOwnershipPolicy) { + this.itemOwnershipPolicy = itemOwnershipPolicy; + return this; + } + + public OwnershipPluginConfigurer withDisplayOptions(DisplayOptions displayOptions) { + this.displayOptions = displayOptions; + return this; + } + + public OwnershipPluginConfigurer withMailOptions(MailOptions mailOptions) { + this.mailOptions = mailOptions; + return this; + } + + public OwnershipPluginConfigurer withGlobalEnvSetupOptions(EnvSetupOptions globalEnvSetupOptions) { + this.globalEnvSetupOptions = globalEnvSetupOptions; + return this; + } + + public OwnershipPluginConfigurer withInheritanceOptions(InheritanceOptions inheritanceOptions) { + this.inheritanceOptions = inheritanceOptions; + return this; + } + + public void configure() throws IOException { + OwnershipPluginConfiguration conf = new OwnershipPluginConfiguration + (itemOwnershipPolicy, mailOptions, globalEnvSetupOptions, displayOptions, inheritanceOptions); + + // Get plugin - if it's null, that's a test setup problem and should fail immediately + OwnershipPlugin plugin = jenkins.getPlugin(OwnershipPlugin.class); + if (plugin == null) { + throw new IllegalStateException( + "OwnershipPlugin is not loaded! This indicates a test setup problem. " + + "The plugin should be automatically loaded by JenkinsRule. " + + "Make sure the test is using JenkinsRule correctly and the plugin is in the test classpath."); + } + + plugin.configure(requiresConfigurePermissions, mailResolverClassName, defaultJobsSecurity, conf); + } +}