Skip to content

Commit

Permalink
JEP-224 - Add a Overall/SystemRead permission enabler controlled by…
Browse files Browse the repository at this point in the history 
… the `jenkins.security.SystemReadPermission` system property for Jenkins 2.222+ + Add a Beta `hudson.plugins.extendedread.SystemReadPermission#SYSTEM_READ` permission entity for plugin developers who want to use the permission without updating the Jenkins core dependency (#7)

* Add system read permission enabler

* Fix spotbugs

* getInstance to get

* Make as beta

* Update src/main/java/hudson/plugins/extendedread/SystemReadPermission.java

Co-Authored-By: Oleg Nenashev <[email protected]>

Co-authored-by: Oleg Nenashev <[email protected]>
  • Loading branch information
@timja @oleg-nenashev
timja and oleg-nenashev authored Feb 24, 2020
1 parent ee774ba commit 2964999
Show file tree
Hide file tree
Showing 2 changed files with 51 additions and 0 deletions.
32 changes: 32 additions & 0 deletions src/main/java/hudson/plugins/extendedread/SystemReadPermission.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,32 @@
package hudson.plugins.extendedread;

import hudson.security.Permission;
import hudson.util.ReflectionUtils;
import java.lang.reflect.InvocationTargetException;
import java.util.logging.Level;
import java.util.logging.Logger;
import jenkins.model.Jenkins;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.Beta;

import static jenkins.model.Jenkins.ADMINISTER;

@Restricted(Beta.class)
public class SystemReadPermission {

private static final Logger LOGGER = Logger.getLogger(SystemReadPermission.class.getName());

public static final Permission SYSTEM_READ;

static {
Permission systemRead;
try { // System Read is available starting from Jenkins 2.222 (https://jenkins.io/changelog/#v2.222). See JEP-224 for more info
systemRead = (Permission) ReflectionUtils.getPublicProperty(Jenkins.get(), "SYSTEM_READ");
} catch (IllegalArgumentException | InvocationTargetException | NoSuchMethodException | IllegalAccessException e) {
LOGGER.log(Level.FINE, "Couldn't find system read permission, falling back to ADMINISTER", e);
systemRead = ADMINISTER;
}

SYSTEM_READ = systemRead;
}
}
19 changes: 19 additions & 0 deletions src/main/java/hudson/plugins/extendedread/SystemReadPermissionEnabler.java
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
package hudson.plugins.extendedread;

import hudson.Extension;
import hudson.init.InitMilestone;
import hudson.init.Initializer;
import org.kohsuke.accmod.Restricted;
import org.kohsuke.accmod.restrictions.NoExternalUse;

@Extension
@Restricted(NoExternalUse.class)
public class SystemReadPermissionEnabler {

@Initializer(after = InitMilestone.PLUGINS_STARTED)
public static void enableSystemReadPermission() {
if (System.getProperty("jenkins.security.SystemReadPermission") == null) {
SystemReadPermission.SYSTEM_READ.setEnabled(true);
}
}
}

0 comments on commit 2964999

Please sign in to comment.