Skip to content

Commit

Permalink
Merge pull request #378 from amuniz/JENKINS-73163
Browse files Browse the repository at this point in the history
[JENKINS-73163] Allow users with Overall/Manage permission to configure GitHub Servers
  • Loading branch information
KostyaSha authored May 13, 2024
2 parents 5aa9d5c + 3f74022 commit c6481b4
Show file tree
Hide file tree
Showing 4 changed files with 8 additions and 5 deletions.
1 change: 1 addition & 0 deletions pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,7 @@
<jenkins.version>2.414.3</jenkins.version>
<release.skipTests>false</release.skipTests>
<tagNameFormat>v@{project.version}</tagNameFormat>
<useBeta>true</useBeta> <!-- For Jenkins.MANAGE permission -->
</properties>

<repositories>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -348,7 +348,7 @@ public String getDisplayName() {
@SuppressWarnings("unused")
public ListBoxModel doFillCredentialsIdItems(@QueryParameter String apiUrl,
@QueryParameter String credentialsId) {
if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) {
if (!Jenkins.getInstance().hasPermission(Jenkins.MANAGE)) {

Check warning on line 351 in src/main/java/org/jenkinsci/plugins/github/config/GitHubServerConfig.java

View check run for this annotation

ci.jenkins.io / Code Coverage

Not covered line

Line 351 is not covered by tests
return new StandardListBoxModel().includeCurrentValue(credentialsId);
}
return new StandardListBoxModel()
Expand All @@ -367,7 +367,7 @@ public ListBoxModel doFillCredentialsIdItems(@QueryParameter String apiUrl,
public FormValidation doVerifyCredentials(
@QueryParameter String apiUrl,
@QueryParameter String credentialsId) throws IOException {
Jenkins.getActiveInstance().checkPermission(Jenkins.ADMINISTER);
Jenkins.getActiveInstance().checkPermission(Jenkins.MANAGE);

GitHubServerConfig config = new GitHubServerConfig(credentialsId);
config.setApiUrl(apiUrl);
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -62,7 +62,7 @@ public String getDisplayName() {

@SuppressWarnings("unused")
public ListBoxModel doFillCredentialsIdItems(@QueryParameter String credentialsId) {
if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) {
if (!Jenkins.getInstance().hasPermission(Jenkins.MANAGE)) {

Check warning on line 65 in src/main/java/org/jenkinsci/plugins/github/config/HookSecretConfig.java

View check run for this annotation

ci.jenkins.io / Code Coverage

Partially covered line

Line 65 is only partially covered, one branch is missing
return new StandardListBoxModel().includeCurrentValue(credentialsId);
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -107,7 +107,9 @@ public void shouldNotAllow_CredentialsLeakage_usingVerifyCredentials() throws Ex
j.jenkins.setSecurityRealm(j.createDummySecurityRealm());

GlobalMatrixAuthorizationStrategy strategy = new GlobalMatrixAuthorizationStrategy();
strategy.add(Jenkins.ADMINISTER, "admin");
Jenkins.MANAGE.setEnabled(true);
strategy.add(Jenkins.MANAGE, "admin");
strategy.add(Jenkins.READ, "admin");
strategy.add(Jenkins.READ, "user");
j.jenkins.setAuthorizationStrategy(strategy);

Expand All @@ -121,7 +123,7 @@ public void shouldNotAllow_CredentialsLeakage_usingVerifyCredentials() throws Ex

assertThat(attackerServlet.secretCreds, isEmptyOrNullString());
}
{ // only admin can verify the credentials
{ // only admin (with Manage permission) can verify the credentials
JenkinsRule.WebClient wc = j.createWebClient();
wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
wc.login("admin");
Expand Down

0 comments on commit c6481b4

Please sign in to comment.