From e336af3a193935c05b1537aa3373be0007839a3b Mon Sep 17 00:00:00 2001 From: Brice Figureau Date: Tue, 13 Mar 2018 18:11:18 +0100 Subject: [PATCH] JENKINS-50122 Authorization should work with basic Workflow jobs Not all Jenkins pipeline job have the BranchJob property. In that case the authorization wouldn't work. This patch makes it work for such job. --- .../plugins/GithubAuthorizationStrategy.java | 2 +- ...ithubRequireOrganizationMembershipACL.java | 6 ++++- ...bRequireOrganizationMembershipACLTest.java | 27 ++++++++++++++++++- 3 files changed, 32 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/GithubAuthorizationStrategy.java b/src/main/java/org/jenkinsci/plugins/GithubAuthorizationStrategy.java index 6882911f..af3c63ca 100644 --- a/src/main/java/org/jenkinsci/plugins/GithubAuthorizationStrategy.java +++ b/src/main/java/org/jenkinsci/plugins/GithubAuthorizationStrategy.java @@ -102,7 +102,7 @@ public ACL getACL(@Nonnull AbstractItem item) { @Nonnull public ACL getACL(@Nonnull Job job) { - if(job instanceof WorkflowJob && job.getProperty(BranchJobProperty.class) != null || job instanceof AbstractProject) { + if(job instanceof WorkflowJob || job instanceof AbstractProject) { GithubRequireOrganizationMembershipACL githubACL = (GithubRequireOrganizationMembershipACL) getRootACL(); return githubACL.cloneForProject(job); } else { diff --git a/src/main/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACL.java b/src/main/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACL.java index ba1fbb06..aface13a 100644 --- a/src/main/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACL.java +++ b/src/main/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACL.java @@ -283,7 +283,11 @@ private String getRepositoryName() { Describable scm = null; if (this.item instanceof WorkflowJob) { WorkflowJob project = (WorkflowJob) item; - scm = project.getProperty(BranchJobProperty.class).getBranch().getScm(); + if (project.getProperty(BranchJobProperty.class) != null) { + scm = project.getProperty(BranchJobProperty.class).getBranch().getScm(); + } else { + scm = project.getTypicalSCM(); + } } else if (this.item instanceof MultiBranchProject) { MultiBranchProject project = (MultiBranchProject) item; scm = (SCMSource) project.getSCMSources().get(0); diff --git a/src/test/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACLTest.java b/src/test/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACLTest.java index dd1d5d0c..37d40a09 100644 --- a/src/test/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACLTest.java +++ b/src/test/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACLTest.java @@ -243,7 +243,7 @@ private Project mockProject(String url) { PowerMockito.when(userRemoteConfig.getUrl()).thenReturn(url); return project; } - private WorkflowJob mockWorkflowJob(String url) { + private WorkflowJob mockWorkflowBranchJob(String url) { WorkflowJob project = PowerMockito.mock(WorkflowJob.class); GitSCM gitSCM = PowerMockito.mock(GitSCM.class); Branch branch = PowerMockito.mock(Branch.class); @@ -257,6 +257,17 @@ private WorkflowJob mockWorkflowJob(String url) { PowerMockito.when(userRemoteConfig.getUrl()).thenReturn(url); return project; } + private WorkflowJob mockWorkflowJob(String url) { + WorkflowJob project = PowerMockito.mock(WorkflowJob.class); + GitSCM gitSCM = PowerMockito.mock(GitSCM.class); + Branch branch = PowerMockito.mock(Branch.class); + UserRemoteConfig userRemoteConfig = PowerMockito.mock(UserRemoteConfig.class); + List userRemoteConfigs = Arrays.asList(userRemoteConfig); + PowerMockito.when(project.getTypicalSCM()).thenReturn(gitSCM); + PowerMockito.when(gitSCM.getUserRemoteConfigs()).thenReturn(userRemoteConfigs); + PowerMockito.when(userRemoteConfig.getUrl()).thenReturn(url); + return project; + } private MultiBranchProject mockMultiBranchProject(String url) { WorkflowMultiBranchProject multiBranchProject = PowerMockito.mock(WorkflowMultiBranchProject.class); @@ -276,7 +287,9 @@ public void testCanReadAndBuildOneOfMyRepositories() throws IOException { String repoUrl = "https://github.com/me/a-repo.git"; Project mockProject = mockProject(repoUrl); MultiBranchProject mockMultiBranchProject = mockMultiBranchProject(repoUrl); + WorkflowJob mockWorkflowBranchJob = mockWorkflowBranchJob(repoUrl); WorkflowJob mockWorkflowJob = mockWorkflowJob(repoUrl); + GithubRequireOrganizationMembershipACL workflowJobBranchAcl = aclForWorkflowJob(mockWorkflowBranchJob); GithubRequireOrganizationMembershipACL workflowJobAcl = aclForWorkflowJob(mockWorkflowJob); GithubRequireOrganizationMembershipACL multiBranchProjectAcl = aclForMultiBranchProject(mockMultiBranchProject); GithubRequireOrganizationMembershipACL projectAcl = aclForProject(mockProject); @@ -284,6 +297,8 @@ public void testCanReadAndBuildOneOfMyRepositories() throws IOException { assertTrue(projectAcl.hasPermission(authenticationToken, Item.READ)); assertTrue(projectAcl.hasPermission(authenticationToken, Item.BUILD)); + assertTrue(workflowJobBranchAcl.hasPermission(authenticationToken, Item.READ)); + assertTrue(workflowJobBranchAcl.hasPermission(authenticationToken, Item.BUILD)); assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.READ)); assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.BUILD)); assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.READ)); @@ -305,7 +320,9 @@ public void testCanReadAndBuildOrgRepositoryICollaborateOn() throws IOException String repoUrl = "https://github.com/some-org/a-private-repo.git"; Project mockProject = mockProject(repoUrl); MultiBranchProject mockMultiBranchProject = mockMultiBranchProject(repoUrl); + WorkflowJob mockWorkflowBranchJob = mockWorkflowBranchJob(repoUrl); WorkflowJob mockWorkflowJob = mockWorkflowJob(repoUrl); + GithubRequireOrganizationMembershipACL workflowJobBranchAcl = aclForWorkflowJob(mockWorkflowBranchJob); GithubRequireOrganizationMembershipACL workflowJobAcl = aclForWorkflowJob(mockWorkflowJob); GithubRequireOrganizationMembershipACL multiBranchProjectAcl = aclForMultiBranchProject(mockMultiBranchProject); GithubRequireOrganizationMembershipACL projectAcl = aclForProject(mockProject); @@ -336,7 +353,9 @@ public void testCanReadAndBuildOtherOrgPrivateRepositoryICollaborateOn() throws String repoUrl = "https://github.com/org-i-dont-belong-to/a-private-repo-i-collaborate-on.git"; Project mockProject = mockProject(repoUrl); MultiBranchProject mockMultiBranchProject = mockMultiBranchProject(repoUrl); + WorkflowJob mockWorkflowBranchJob = mockWorkflowBranchJob(repoUrl); WorkflowJob mockWorkflowJob = mockWorkflowJob(repoUrl); + GithubRequireOrganizationMembershipACL workflowJobBranchAcl = aclForWorkflowJob(mockWorkflowBranchJob); GithubRequireOrganizationMembershipACL workflowJobAcl = aclForWorkflowJob(mockWorkflowJob); GithubRequireOrganizationMembershipACL multiBranchProjectAcl = aclForMultiBranchProject(mockMultiBranchProject); GithubRequireOrganizationMembershipACL projectAcl = aclForProject(mockProject); @@ -347,6 +366,8 @@ public void testCanReadAndBuildOtherOrgPrivateRepositoryICollaborateOn() throws assertTrue(projectAcl.hasPermission(authenticationToken, Item.BUILD)); assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.READ)); assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.BUILD)); + assertTrue(workflowJobBranchAcl.hasPermission(authenticationToken, Item.READ)); + assertTrue(workflowJobBranchAcl.hasPermission(authenticationToken, Item.BUILD)); assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.READ)); assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.BUILD)); } @@ -359,7 +380,9 @@ public void testCanNotReadOrBuildRepositoryIDoNotCollaborateOn() throws IOExcept String repoUrl = "https://github.com/some-org/another-private-repo.git"; Project mockProject = mockProject(repoUrl); MultiBranchProject mockMultiBranchProject = mockMultiBranchProject(repoUrl); + WorkflowJob mockWorkflowBranchJob = mockWorkflowBranchJob(repoUrl); WorkflowJob mockWorkflowJob = mockWorkflowJob(repoUrl); + GithubRequireOrganizationMembershipACL workflowJobBranchAcl = aclForWorkflowJob(mockWorkflowBranchJob); GithubRequireOrganizationMembershipACL workflowJobAcl = aclForWorkflowJob(mockWorkflowJob); GithubRequireOrganizationMembershipACL multiBranchProjectAcl = aclForMultiBranchProject(mockMultiBranchProject); GithubRequireOrganizationMembershipACL projectAcl = aclForProject(mockProject); @@ -370,6 +393,8 @@ public void testCanNotReadOrBuildRepositoryIDoNotCollaborateOn() throws IOExcept assertFalse(projectAcl.hasPermission(authenticationToken, Item.BUILD)); assertFalse(multiBranchProjectAcl.hasPermission(authenticationToken, Item.READ)); assertFalse(multiBranchProjectAcl.hasPermission(authenticationToken, Item.BUILD)); + assertFalse(workflowJobBranchAcl.hasPermission(authenticationToken, Item.READ)); + assertFalse(workflowJobBranchAcl.hasPermission(authenticationToken, Item.BUILD)); assertFalse(workflowJobAcl.hasPermission(authenticationToken, Item.READ)); assertFalse(workflowJobAcl.hasPermission(authenticationToken, Item.BUILD)); }