### Eclipse Workspace Patch 1.0
#P hudson-core
Index: src/main/java/hudson/model/Item.java
===================================================================
--- src/main/java/hudson/model/Item.java (revision 17217)
+++ src/main/java/hudson/model/Item.java (working copy)
@@ -190,6 +190,7 @@
public static final Permission CREATE = new Permission(PERMISSIONS,"Create", Permission.CREATE);
public static final Permission DELETE = new Permission(PERMISSIONS,"Delete", Permission.DELETE);
public static final Permission CONFIGURE = new Permission(PERMISSIONS,"Configure", Permission.CONFIGURE);
+ public static final Permission READ = new Permission(PERMISSIONS,"Read", Permission.READ);
public static final Permission BUILD = new Permission(PERMISSIONS, "Build", Messages._AbstractProject_BuildPermission_Description(), Permission.UPDATE);
public static final Permission WORKSPACE = new Permission(PERMISSIONS, "Workspace", Messages._AbstractProject_WorkspacePermission_Description(), Permission.READ);
}
Index: src/main/resources/lib/hudson/queue.jelly
===================================================================
--- src/main/resources/lib/hudson/queue.jelly (revision 17217)
+++ src/main/resources/lib/hudson/queue.jelly (working copy)
@@ -58,10 +58,17 @@
+
+
${item.task.fullDisplayName}
(${%appears to be stuck})
+
+
+ ${%Unknown Task}
+
+
|
Index: src/main/resources/lib/hudson/project/upstream-downstream.jelly
===================================================================
--- src/main/resources/lib/hudson/project/upstream-downstream.jelly (revision 17217)
+++ src/main/resources/lib/hudson/project/upstream-downstream.jelly (working copy)
@@ -42,10 +42,12 @@
${%Upstream Projects}
@@ -54,10 +56,12 @@
${%Downstream Projects}
Index: src/main/java/hudson/WebAppMain.java
===================================================================
--- src/main/java/hudson/WebAppMain.java (revision 17217)
+++ src/main/java/hudson/WebAppMain.java (working copy)
@@ -27,6 +27,7 @@
import com.thoughtworks.xstream.core.JVM;
import hudson.model.Hudson;
import hudson.model.User;
+import hudson.security.ACL;
import hudson.triggers.SafeTimerTask;
import hudson.triggers.Trigger;
import hudson.util.HudsonIsLoading;
@@ -43,6 +44,7 @@
import org.jvnet.localizer.LocaleProvider;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest;
+import org.acegisecurity.context.SecurityContextHolder;
import org.kohsuke.stapler.jelly.JellyFacet;
import org.apache.tools.ant.types.FileSet;
@@ -198,7 +200,10 @@
// can be served quickly
Trigger.timer.schedule(new SafeTimerTask() {
public void doRun() {
+ //this thread is initializing hudson. it should have full permission
+ SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);
User.getUnknown().getBuilds();
+ SecurityContextHolder.clearContext();
}
}, 1000*10);
} catch (Error e) {
Index: src/main/java/hudson/triggers/Trigger.java
===================================================================
--- src/main/java/hudson/triggers/Trigger.java (revision 17217)
+++ src/main/java/hudson/triggers/Trigger.java (working copy)
@@ -42,6 +42,7 @@
import hudson.model.TopLevelItemDescriptor;
import hudson.scheduler.CronTab;
import hudson.scheduler.CronTabList;
+import hudson.security.ACL;
import hudson.util.DoubleLaunchChecker;
import java.io.InvalidObjectException;
@@ -58,6 +59,8 @@
import java.util.logging.Level;
import java.util.logging.Logger;
+import org.acegisecurity.context.SecurityContextHolder;
+
/**
* Triggers a {@link Build}.
*
@@ -170,6 +173,9 @@
}
public void doRun() {
+ //this is background system work. it should have full permission
+ SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);
+
while(new Date().getTime()-cal.getTimeInMillis()>1000) {
LOGGER.fine("cron checking "+cal.getTime().toLocaleString());
@@ -183,6 +189,7 @@
cal.add(Calendar.MINUTE,1);
}
+ SecurityContextHolder.clearContext();
}
}
Index: src/main/resources/lib/hudson/executors.jelly
===================================================================
--- src/main/resources/lib/hudson/executors.jelly (revision 17217)
+++ src/main/resources/lib/hudson/executors.jelly (working copy)
@@ -95,8 +95,17 @@
-
-
+
|
Index: src/main/java/hudson/model/Hudson.java
===================================================================
--- src/main/java/hudson/model/Hudson.java (revision 17217)
+++ src/main/java/hudson/model/Hudson.java (working copy)
@@ -470,6 +470,9 @@
private transient final LogRecorderManager log = new LogRecorderManager();
public Hudson(File root, ServletContext context) throws IOException {
+ //as hudson is starting, grant this process full controll
+ SecurityContextHolder.getContext().setAuthentication(ACL.SYSTEM);
+
this.root = root;
this.servletContext = context;
computeVersion(context);
@@ -998,7 +1001,18 @@
*/
@Exported(name="jobs")
public List getItems() {
- return new ArrayList(items.values());
+ List viewableItems = new ArrayList();
+ for (TopLevelItem item : items.values()) {
+ if (item instanceof AccessControlled) {
+ if (((AccessControlled)item).hasPermission(Item.READ))
+ viewableItems.add(item);
+ }
+ else {
+ viewableItems.add(item);
+ }
+ }
+
+ return viewableItems;
}
/**
@@ -1017,7 +1031,7 @@
*/
public List getItems(Class type) {
List r = new ArrayList();
- for (TopLevelItem i : items.values())
+ for (TopLevelItem i : getItems())
if (type.isInstance(i))
r.add(type.cast(i));
return r;
@@ -1036,8 +1050,15 @@
while(!q.isEmpty()) {
ItemGroup> parent = q.pop();
for (Item i : parent.getItems()) {
- if(type.isInstance(i))
- r.add(type.cast(i));
+ if(type.isInstance(i)) {
+ if (i instanceof AccessControlled) {
+ if (((AccessControlled)i).hasPermission(Item.READ))
+ r.add(type.cast(i));
+ }
+ else {
+ r.add(type.cast(i));
+ }
+ }
if(i instanceof ItemGroup)
q.push((ItemGroup)i);
}
@@ -1646,7 +1667,13 @@
* Note that the look up is case-insensitive.
*/
public TopLevelItem getItem(String name) {
- return items.get(name);
+ TopLevelItem item = items.get(name);
+ if (item instanceof AccessControlled) {
+ if (!((AccessControlled) item).hasPermission(Item.READ)) {
+ return null;
+ }
+ }
+ return item;
}
public File getRootDirFor(TopLevelItem child) {
| |