Skip to content

Commit 89e4c67

Browse files
kfarnungkfarnung
committed
[JENKINS-54031] GitHub OAuth plugin fails with Jenkins 2.146
While testing out jenkinsci#101 it seems like there are a lot of changes to land quickly and safely. This patch aims to make a surgical fix without any cleanup or logic flow changes.
1 parent 715be7a commit 89e4c67

File tree

3 files changed

+27
-2
lines changed

3 files changed

+27
-2
lines changed

src/main/java/org/jenkinsci/plugins/GithubAuthenticationToken.java

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -390,7 +390,10 @@ public boolean hasRepositoryPermission(String repositoryName, Permission permiss
390390
return true;
391391
}
392392
// WRITE or READ can Read/Build/View Workspace
393-
if (permission.equals(Item.READ) || permission.equals(Item.BUILD) || permission.equals(Item.WORKSPACE)) {
393+
if (permission.equals(Item.DISCOVER) ||
394+
permission.equals(Item.READ) ||
395+
permission.equals(Item.BUILD) ||
396+
permission.equals(Item.WORKSPACE)) {
394397
return repository.hasPullAccess() || repository.hasPushAccess();
395398
}
396399
// WRITE can cancel builds or view config

src/main/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACL.java

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -241,6 +241,7 @@ private boolean testBuildPermission(Permission permission) {
241241
private boolean checkReadPermission(Permission permission) {
242242
if (permission.getId().equals("hudson.model.Hudson.Read")
243243
|| permission.getId().equals("hudson.model.Item.Workspace")
244+
|| permission.getId().equals("hudson.model.Item.Discover")
244245
|| permission.getId().equals("hudson.model.Item.Read")) {
245246
return true;
246247
} else {
@@ -257,7 +258,8 @@ public boolean hasRepositoryPermission(GithubAuthenticationToken authenticationT
257258

258259
if (repositoryName == null) {
259260
if (authenticatedUserCreateJobPermission) {
260-
if (permission.equals(Item.READ) ||
261+
if (permission.equals(Item.DISCOVER) ||
262+
permission.equals(Item.READ) ||
261263
permission.equals(Item.CONFIGURE) ||
262264
permission.equals(Item.DELETE) ||
263265
permission.equals(Item.EXTENDED_READ) ||

src/test/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACLTest.java

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -282,10 +282,13 @@ public void testCanReadAndBuildOneOfMyRepositories() throws IOException {
282282
GithubRequireOrganizationMembershipACL projectAcl = aclForProject(mockProject);
283283
GithubAuthenticationToken authenticationToken = new GithubAuthenticationToken("accessToken", "https://api.github.com");
284284

285+
assertTrue(projectAcl.hasPermission(authenticationToken, Item.DISCOVER));
285286
assertTrue(projectAcl.hasPermission(authenticationToken, Item.READ));
286287
assertTrue(projectAcl.hasPermission(authenticationToken, Item.BUILD));
288+
assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.DISCOVER));
287289
assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.READ));
288290
assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.BUILD));
291+
assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.DISCOVER));
289292
assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.READ));
290293
assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.BUILD));
291294
}
@@ -312,10 +315,13 @@ public void testCanReadAndBuildOrgRepositoryICollaborateOn() throws IOException
312315

313316
GithubAuthenticationToken authenticationToken = new GithubAuthenticationToken("accessToken", "https://api.github.com");
314317

318+
assertTrue(projectAcl.hasPermission(authenticationToken, Item.DISCOVER));
315319
assertTrue(projectAcl.hasPermission(authenticationToken, Item.READ));
316320
assertTrue(projectAcl.hasPermission(authenticationToken, Item.BUILD));
321+
assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.DISCOVER));
317322
assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.READ));
318323
assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.BUILD));
324+
assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.DISCOVER));
319325
assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.READ));
320326
assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.BUILD));
321327
}
@@ -343,10 +349,13 @@ public void testCanReadAndBuildOtherOrgPrivateRepositoryICollaborateOn() throws
343349

344350
GithubAuthenticationToken authenticationToken = new GithubAuthenticationToken("accessToken", "https://api.github.com");
345351

352+
assertTrue(projectAcl.hasPermission(authenticationToken, Item.DISCOVER));
346353
assertTrue(projectAcl.hasPermission(authenticationToken, Item.READ));
347354
assertTrue(projectAcl.hasPermission(authenticationToken, Item.BUILD));
355+
assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.DISCOVER));
348356
assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.READ));
349357
assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.BUILD));
358+
assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.DISCOVER));
350359
assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.READ));
351360
assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.BUILD));
352361
}
@@ -366,10 +375,13 @@ public void testCanNotReadOrBuildRepositoryIDoNotCollaborateOn() throws IOExcept
366375

367376
GithubAuthenticationToken authenticationToken = new GithubAuthenticationToken("accessToken", "https://api.github.com");
368377

378+
assertFalse(projectAcl.hasPermission(authenticationToken, Item.DISCOVER));
369379
assertFalse(projectAcl.hasPermission(authenticationToken, Item.READ));
370380
assertFalse(projectAcl.hasPermission(authenticationToken, Item.BUILD));
381+
assertFalse(multiBranchProjectAcl.hasPermission(authenticationToken, Item.DISCOVER));
371382
assertFalse(multiBranchProjectAcl.hasPermission(authenticationToken, Item.READ));
372383
assertFalse(multiBranchProjectAcl.hasPermission(authenticationToken, Item.BUILD));
384+
assertFalse(workflowJobAcl.hasPermission(authenticationToken, Item.DISCOVER));
373385
assertFalse(workflowJobAcl.hasPermission(authenticationToken, Item.READ));
374386
assertFalse(workflowJobAcl.hasPermission(authenticationToken, Item.BUILD));
375387
}
@@ -384,6 +396,7 @@ public void testNotGrantedBuildWhenNotUsingGitSCM() throws IOException {
384396

385397
GithubAuthenticationToken authenticationToken = new GithubAuthenticationToken("accessToken", "https://api.github.com");
386398

399+
assertFalse(acl.hasPermission(authenticationToken, Item.DISCOVER));
387400
assertFalse(acl.hasPermission(authenticationToken, Item.READ));
388401
}
389402

@@ -395,6 +408,7 @@ public void testNotGrantedBuildWhenRepositoryIsEmpty() throws IOException {
395408

396409
GithubAuthenticationToken authenticationToken = new GithubAuthenticationToken("accessToken", "https://api.github.com");
397410

411+
assertFalse(acl.hasPermission(authenticationToken, Item.DISCOVER));
398412
assertFalse(acl.hasPermission(authenticationToken, Item.READ));
399413
}
400414

@@ -412,6 +426,7 @@ public void testNotGrantedReadWhenRepositoryUrlIsEmpty() throws IOException {
412426

413427
GithubAuthenticationToken authenticationToken = new GithubAuthenticationToken("accessToken", "https://api.github.com");
414428

429+
assertFalse(acl.hasPermission(authenticationToken, Item.DISCOVER));
415430
assertFalse(acl.hasPermission(authenticationToken, Item.READ));
416431
}
417432

@@ -439,6 +454,7 @@ public void testWithoutUseRepositoryPermissionsSetCanReadDueToAuthenticatedUserR
439454

440455
GithubAuthenticationToken authenticationToken = new GithubAuthenticationToken("accessToken", "https://api.github.com");
441456

457+
assertTrue(acl.hasPermission(authenticationToken, Item.DISCOVER));
442458
assertTrue(acl.hasPermission(authenticationToken, Item.READ));
443459
}
444460

@@ -452,6 +468,7 @@ public void testWithoutUseRepositoryPermissionsSetCannotReadWithoutToAuthenticat
452468

453469
GithubAuthenticationToken authenticationToken = new GithubAuthenticationToken("accessToken", "https://api.github.com");
454470

471+
assertFalse(acl.hasPermission(authenticationToken, Item.DISCOVER));
455472
assertFalse(acl.hasPermission(authenticationToken, Item.READ));
456473
}
457474

@@ -490,6 +507,7 @@ public void testCanReadConfigureDeleteAProjectWithAuthenticatedUserReadPermissio
490507
GithubRequireOrganizationMembershipACL acl = globalAcl.cloneForProject(mockProject);
491508
GithubAuthenticationToken authenticationToken = new GithubAuthenticationToken("accessToken", "https://api.github.com");
492509

510+
assertTrue(acl.hasPermission(authenticationToken, Item.DISCOVER));
493511
assertTrue(acl.hasPermission(authenticationToken, Item.READ));
494512
assertTrue(acl.hasPermission(authenticationToken, Item.CONFIGURE));
495513
assertTrue(acl.hasPermission(authenticationToken, Item.DELETE));
@@ -508,6 +526,7 @@ public void testCannotReadConfigureDeleteAProjectWithoutToAuthenticatedUserReadP
508526
GithubRequireOrganizationMembershipACL acl = globalAcl.cloneForProject(mockProject);
509527
GithubAuthenticationToken authenticationToken = new GithubAuthenticationToken("accessToken", "https://api.github.com");
510528

529+
assertFalse(acl.hasPermission(authenticationToken, Item.DISCOVER));
511530
assertFalse(acl.hasPermission(authenticationToken, Item.READ));
512531
assertFalse(acl.hasPermission(authenticationToken, Item.CONFIGURE));
513532
assertFalse(acl.hasPermission(authenticationToken, Item.DELETE));
@@ -526,6 +545,7 @@ public void testCannotReadRepositoryWithInvalidRepoUrl() throws IOException {
526545

527546
GithubAuthenticationToken authenticationToken = new GithubAuthenticationToken("accessToken", "https://api.github.com");
528547

548+
assertFalse(acl.hasPermission(authenticationToken, Item.DISCOVER));
529549
assertFalse(acl.hasPermission(authenticationToken, Item.READ));
530550
}
531551

0 commit comments

Comments
 (0)