/** * @return never null. */ public AuthorizationStrategy getAuthorizationStrategy() { return getSecurityManager().getAuthorizationStrategy(); }
public boolean isTeamManagementEnabled() { HudsonSecurityManager hudsonSecurityManager = HudsonSecurityEntitiesHolder.getHudsonSecurityManager(); if (hudsonSecurityManager != null) { AuthorizationStrategy authorizationStrategy = hudsonSecurityManager.getAuthorizationStrategy(); if (authorizationStrategy instanceof TeamBasedAuthorizationStrategy) { return true; } } return false; }
@Override public boolean isApplicable(Class<? extends Job> jobType) { // only applicable when ProjectMatrixAuthorizationStrategy is in charge return HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getAuthorizationStrategy() instanceof ProjectMatrixAuthorizationStrategy; }
/** * Returns the {@link ACL} for this object. */ public ACL getACL() { return HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getAuthorizationStrategy().getACL(this); }
/** * Returns the {@link ACL} for this object. */ public ACL getACL() { return HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getAuthorizationStrategy().getACL(this); }
public ACL getACL() { final ACL base = HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getAuthorizationStrategy().getACL(this); // always allow a non-anonymous user full control of himself. return new ACL() { public boolean hasPermission(Authentication a, Permission permission) { return (a.getName().equals(id) && !(a instanceof AnonymousAuthenticationToken)) || base.hasPermission(a, permission); } }; }
/** * Returns the {@link ACL} for this object. We need to override the * identical method in AbstractItem because we won't call getACL(Job) * otherwise (single dispatch) */ @Override public ACL getACL() { return HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getAuthorizationStrategy().getACL(this); }
public ACL getACL() { return HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getAuthorizationStrategy().getACL(this); }
public ACL getACL() { return HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getAuthorizationStrategy().getACL(this); }
@Override public ACL getACL() { return HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getAuthorizationStrategy().getACL(this); }
/** * Servlet container can tie a {@link ServletRequest} to the request * handling thread, so we need to capture all the information upfront to * allow {@link Authentication} to be passed to other threads, like update * center does. See HUDSON-5382. * @param request */ public ContainerAuthentication(HttpServletRequest request) { this.principal = request.getUserPrincipal(); if (principal == null) { throw new IllegalStateException(); // for anonymous users, we just don't call SecurityContextHolder.getContext().setAuthentication. } // Servlet API doesn't provide a way to list up all roles the current user // has, so we need to ask AuthorizationStrategy what roles it is going to check against. for (String g : HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getAuthorizationStrategy().getGroups()) { if (request.isUserInRole(g)) { authorities.add(new GrantedAuthorityImpl(g)); } } authorities.add(SecurityRealm.AUTHENTICATED_AUTHORITY); }
/** * Grants project permissions to the user. * * @param user user */ protected void grantProjectMatrixPermissions(User user) { if (HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getAuthorizationStrategy() instanceof ProjectMatrixAuthorizationStrategy) { Map<Permission, Set<String>> grantedPermissions = new HashMap<Permission, Set<String>>(); Set<String> users = Sets.newHashSet(user.getId()); grantedPermissions.put(Item.BUILD, users); grantedPermissions.put(Item.CONFIGURE, users); grantedPermissions.put(Item.DELETE, users); grantedPermissions.put(Item.READ, users); grantedPermissions.put(Item.WORKSPACE, users); grantedPermissions.put(Run.DELETE, users); grantedPermissions.put(Run.UPDATE, users); AuthorizationMatrixProperty amp = new AuthorizationMatrixProperty(grantedPermissions); amp.setOwner(this); properties.add(amp); } }
@Override public ACL getACL() { AuthorizationStrategy authorizationStrategy = HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getAuthorizationStrategy(); if (authorizationStrategy instanceof TeamBasedAuthorizationStrategy) { TeamBasedAuthorizationStrategy teamBasedAuthorizationStrategy = (TeamBasedAuthorizationStrategy) authorizationStrategy; return teamBasedAuthorizationStrategy.getACL(this); } // Team will not be used if Team Based Authorization Strategy is not used return new ACL() { @Override public boolean hasPermission(Authentication a, Permission permission) { return false; } }; }
@Override public ACL getACL() { AuthorizationStrategy authorizationStrategy = HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getAuthorizationStrategy(); if (authorizationStrategy instanceof TeamBasedAuthorizationStrategy) { TeamBasedAuthorizationStrategy teamBasedAuthorizationStrategy = (TeamBasedAuthorizationStrategy) authorizationStrategy; return teamBasedAuthorizationStrategy.getACL(this); } // Team will not be used if Team Based Authorization Strategy is not used return new ACL() { @Override public boolean hasPermission(Authentication a, Permission permission) { return false; } }; }
/** * Try to make this user a super-user */ private void tryToMakeAdmin(User u) { AuthorizationStrategy as = HudsonSecurityEntitiesHolder.getHudsonSecurityManager().getAuthorizationStrategy(); if (as instanceof GlobalMatrixAuthorizationStrategy) { GlobalMatrixAuthorizationStrategy ma = (GlobalMatrixAuthorizationStrategy) as; ma.add(Hudson.ADMINISTER, u.getId()); } }