/*package*/ synchronized void add(Permission p) { if (!permissions.add(p)) { throw new IllegalStateException("attempt to register a second Permission for " + p.getId()); } }
@Override public int hashCode() { return getId().hashCode(); }
/** * Reports the details of the access failure. * This method is similar to {@link #reportAsHeaders(HttpServletResponse)} for the intention * but instead of using HTTP headers, this version is meant to go inside the payload. */ public void report(PrintWriter w) { w.println("You are authenticated as: "+authentication.getName()); w.println("Groups that you are in:"); for (GrantedAuthority auth : authentication.getAuthorities()) { w.println(" "+auth.getAuthority()); } w.println("Permission you need to have (but didn't): "+permission.getId()); for (Permission p=permission.impliedBy; p!=null; p=p.impliedBy) { w.println(" ... which is implied by: "+p.getId()); } } }
/** * Reports the details of the access failure in HTTP headers to assist diagnosis. */ public void reportAsHeaders(HttpServletResponse rsp) { rsp.addHeader("X-You-Are-Authenticated-As",authentication.getName()); if (REPORT_GROUP_HEADERS) { for (GrantedAuthority auth : authentication.getAuthorities()) { rsp.addHeader("X-You-Are-In-Group",auth.getAuthority()); } } else { rsp.addHeader("X-You-Are-In-Group-Disabled", "JENKINS-39402: use -Dhudson.security.AccessDeniedException2.REPORT_GROUP_HEADERS=true or use /whoAmI to diagnose"); } rsp.addHeader("X-Required-Permission", permission.getId()); for (Permission p=permission.impliedBy; p!=null; p=p.impliedBy) { rsp.addHeader("X-Permission-Implied-By", p.getId()); } }
@Override public Object encode(Object value, MappedField optionalExtraInfo) { if (value == null) return null; return ((Permission) value).getId(); }
private boolean hasPermissionInField(String sid, @Nonnull Permission p) { if (sid.equals(grantedUser)) { if (grantedPermissions != null && grantedPermissions.contains(p.getId())) { return true; } } return false; }
public void setPermissions(String username, Permission... permissions) { this.grantedUser = username; if (grantedPermissions == null) { grantedPermissions = new HashSet<String>(); } else { grantedPermissions.clear(); } for (Permission p : permissions) { grantedPermissions.add(p.getId()); } }
boolean matches(String path, String name, Permission permission) { return regexp.matcher(path).matches() && sids.contains(name) && // TODO consider IdStrategy permissions.contains(permission.getId()); }
public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) { AuthorizationMatrixProperty amp = (AuthorizationMatrixProperty) source; for (Entry<Permission, Set<String>> e : amp.grantedPermissions .entrySet()) { String p = e.getKey().getId(); for (String sid : e.getValue()) { writer.startNode("permission"); writer.setValue(p + ':' + sid); writer.endNode(); } } }
public void marshal(Object source, HierarchicalStreamWriter writer, MarshallingContext context) { AuthorizationMatrixProperty amp = (AuthorizationMatrixProperty) source; for (Entry<Permission, Set<String>> e : amp.grantedPermissions .entrySet()) { String p = e.getKey().getId(); for (String sid : e.getValue()) { writer.startNode("permission"); writer.setValue(p + ':' + sid); writer.endNode(); } } }
public PermissionDTO convert(final hudson.security.Permission source) { assert source != null; log.trace("Converting: {}", source); PermissionDTO target = new PermissionDTO(); target.setId(source.getId()); if (source.impliedBy != null) { target.setImpliedBy(convert(source.impliedBy)); } return target; } }
// first add new permission as "owner" Permission newPermission= new Permission(); newPermission.setValue(newOwnerEmail); newPermission.setType("user"); newPermission.setRole("owner"); Insert insert = service.permissions().insert(fileId, newPermission); newPermission = insert.execute(); // then transfer ownsership newPermission.setValue(newOwnerEmail); Update update = drive.permissions().update(fileId, newPermission.getId(), newPermission); update.setTransferOwnership(true); update.execute();