Add support for credentials properties in authorization matrix

- Re-organize permissions alphabetically
- Add job-status and job-move permissions

Change-Id: I8712a367122f6fadcaf62d4b4f144beab981bed8
Co-Authored-By: Thanh Ha <thanh.ha@linuxfoundation.org>
Co-Authored-By: Max Kovgan <kovganm@gmail.com>
Signed-off-by: Thanh Ha <thanh.ha@linuxfoundation.org>
This commit is contained in:
Arnold Bechtoldt 2015-07-08 14:46:13 +02:00 committed by Thanh Ha
parent 71449dbed9
commit 43b776225b
No known key found for this signature in database
GPG Key ID: B0CB27E00DA095AA
3 changed files with 70 additions and 16 deletions

View File

@ -304,38 +304,55 @@ def authorization(parser, xml_parent, data):
the list of rights to grant. the list of rights to grant.
:<name> rights: :<name> rights:
* **job-delete** * **credentials-create**
* **job-configure** * **credentials-delete**
* **job-read** * **credentials-manage-domains**
* **job-extended-read** * **credentials-update**
* **job-discover** * **credentials-view**
* **job-build** * **job-build**
* **job-workspace**
* **job-cancel** * **job-cancel**
* **job-configure**
* **job-delete**
* **job-discover**
* **job-extended-read**
* **job-move**
* **job-read**
* **job-status**
* **job-workspace**
* **ownership-jobs**
* **run-delete** * **run-delete**
* **run-update** * **run-update**
* **scm-tag** * **scm-tag**
Example: Example:
.. literalinclude:: .. literalinclude:: /../../tests/properties/fixtures/authorization.yaml
/../../tests/properties/fixtures/authorization_matrix.yaml
:language: yaml :language: yaml
""" """
credentials = 'com.cloudbees.plugins.credentials.CredentialsProvider.'
ownership = 'com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin.'
mapping = { mapping = {
'job-delete': 'hudson.model.Item.Delete', 'credentials-create': ''.join((credentials, 'Create')),
'job-configure': 'hudson.model.Item.Configure', 'credentials-delete': ''.join((credentials, 'Delete')),
'job-read': 'hudson.model.Item.Read', 'credentials-manage-domains': ''.join((credentials, 'ManageDomains')),
'job-extended-read': 'hudson.model.Item.ExtendedRead', 'credentials-update': ''.join((credentials, 'Update')),
'job-discover': 'hudson.model.Item.Discover', 'credentials-view': ''.join((credentials, 'View')),
'job-build': 'hudson.model.Item.Build', 'job-build': 'hudson.model.Item.Build',
'job-workspace': 'hudson.model.Item.Workspace',
'job-cancel': 'hudson.model.Item.Cancel', 'job-cancel': 'hudson.model.Item.Cancel',
'job-configure': 'hudson.model.Item.Configure',
'job-delete': 'hudson.model.Item.Delete',
'job-discover': 'hudson.model.Item.Discover',
'job-extended-read': 'hudson.model.Item.ExtendedRead',
'job-move': 'hudson.model.Item.Move',
'job-read': 'hudson.model.Item.Read',
'job-status': 'hudson.model.Item.ViewStatus',
'job-workspace': 'hudson.model.Item.Workspace',
'ownership-jobs': ''.join((ownership, 'Jobs')),
'run-delete': 'hudson.model.Run.Delete', 'run-delete': 'hudson.model.Run.Delete',
'run-update': 'hudson.model.Run.Update', 'run-update': 'hudson.model.Run.Update',
'scm-tag': 'hudson.scm.SCM.Tag' 'scm-tag': 'hudson.scm.SCM.Tag',
} }
if data: if data:

View File

@ -2,6 +2,24 @@
<project> <project>
<properties> <properties>
<hudson.security.AuthorizationMatrixProperty> <hudson.security.AuthorizationMatrixProperty>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Create:admin</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Delete:admin</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:admin</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.Update:admin</permission>
<permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:admin</permission>
<permission>hudson.model.Item.Build:admin</permission>
<permission>hudson.model.Item.Cancel:admin</permission>
<permission>hudson.model.Item.Configure:admin</permission>
<permission>hudson.model.Item.Delete:admin</permission>
<permission>hudson.model.Item.Discover:admin</permission>
<permission>hudson.model.Item.Move:admin</permission>
<permission>hudson.model.Item.Read:admin</permission>
<permission>hudson.model.Item.ViewStatus:admin</permission>
<permission>hudson.model.Item.Workspace:admin</permission>
<permission>com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin.Jobs:admin</permission>
<permission>hudson.model.Run.Delete:admin</permission>
<permission>hudson.model.Run.Update:admin</permission>
<permission>hudson.scm.SCM.Tag:admin</permission>
<permission>hudson.model.Item.Read:anonymous</permission> <permission>hudson.model.Item.Read:anonymous</permission>
<permission>hudson.model.Item.ExtendedRead:anonymous</permission> <permission>hudson.model.Item.ExtendedRead:anonymous</permission>
</hudson.security.AuthorizationMatrixProperty> </hudson.security.AuthorizationMatrixProperty>

View File

@ -1,5 +1,24 @@
properties: properties:
- authorization: - authorization:
admin:
- credentials-create
- credentials-delete
- credentials-manage-domains
- credentials-update
- credentials-view
- job-build
- job-cancel
- job-configure
- job-delete
- job-discover
- job-move
- job-read
- job-status
- job-workspace
- ownership-jobs
- run-delete
- run-update
- scm-tag
anonymous: anonymous:
- job-read - job-read
- job-extended-read - job-extended-read