Browse Source

Fix permission problem when finding builds

Plugin runs as user "anonymous". Escalate priviledges so it can find
projects/builds also in the case that "anonymous" user does not have
read permissions for them.

Change-Id: Iccf19460bb02a450d4a82fdabaf9dbc37a3ffe97
changes/36/234036/2
Jan Hruban 3 years ago
parent
commit
46d74f029f

+ 33
- 6
src/main/java/hudson/plugins/gearman/GearmanPluginUtil.java View File

@@ -21,9 +21,14 @@ package hudson.plugins.gearman;
21 21
 import hudson.model.AbstractProject;
22 22
 import hudson.model.Computer;
23 23
 import hudson.model.Run;
24
+import hudson.security.ACL;
25
+
26
+import java.io.IOException;
24 27
 
25 28
 import jenkins.model.Jenkins;
26 29
 
30
+import org.acegisecurity.context.SecurityContextHolder;
31
+import org.acegisecurity.context.SecurityContext;
27 32
 import org.slf4j.Logger;
28 33
 import org.slf4j.LoggerFactory;
29 34
 
@@ -70,13 +75,35 @@ public class GearmanPluginUtil {
70 75
      */
71 76
     public static Run<?,?> findBuild(String jobName, int buildNumber) {
72 77
 
73
-        AbstractProject<?,?> project = Jenkins.getActiveInstance().getItemByFullName(jobName, AbstractProject.class);
74
-        if (project != null){
75
-            Run<?,?> run = project.getBuildByNumber(buildNumber);
76
-            if (run != null) {
77
-                return run;
78
+        SecurityContext oldContext = ACL.impersonate(ACL.SYSTEM);
79
+        try {
80
+            AbstractProject<?,?> project = Jenkins.getActiveInstance().getItemByFullName(jobName, AbstractProject.class);
81
+            if (project != null){
82
+                Run<?,?> run = project.getBuildByNumber(buildNumber);
83
+                if (run != null) {
84
+                    return run;
85
+                }
78 86
             }
87
+            return null;
88
+        } finally {
89
+            SecurityContextHolder.setContext(oldContext);
90
+        }
91
+    }
92
+
93
+    /**
94
+     * Sets description of the build
95
+     *
96
+     * @param build
97
+     *      Build to set the description of
98
+     * @param description
99
+     *      New build description
100
+     */
101
+    public static void setBuildDescription(Run build, String description) throws IOException {
102
+        SecurityContext oldContext = ACL.impersonate(ACL.SYSTEM);
103
+        try {
104
+            build.setDescription(description);
105
+        } finally {
106
+            SecurityContextHolder.setContext(oldContext);
79 107
         }
80
-        return null;
81 108
     }
82 109
 }

+ 4
- 12
src/main/java/hudson/plugins/gearman/SetDescriptionWorker.java View File

@@ -20,14 +20,11 @@
20 20
 package hudson.plugins.gearman;
21 21
 
22 22
 import hudson.model.Run;
23
-import hudson.security.ACL;
24 23
 
25 24
 import java.io.IOException;
26 25
 import java.io.UnsupportedEncodingException;
27 26
 import java.util.Map;
28 27
 
29
-import org.acegisecurity.context.SecurityContextHolder;
30
-import org.acegisecurity.context.SecurityContext;
31 28
 import org.gearman.client.GearmanJobResult;
32 29
 import org.gearman.client.GearmanJobResultImpl;
33 30
 import org.gearman.worker.AbstractGearmanFunction;
@@ -84,16 +81,11 @@ public class SetDescriptionWorker extends AbstractGearmanFunction {
84 81
             // find build then update its description
85 82
             Run<?,?> build = GearmanPluginUtil.findBuild(jobName, Integer.parseInt(buildNumber));
86 83
             if (build != null) {
87
-                SecurityContext oldContext = ACL.impersonate(ACL.SYSTEM);
88 84
                 try {
89
-                    try {
90
-                        build.setDescription(buildDescription);
91
-                    } catch (IOException e) {
92
-                        throw new IllegalArgumentException("Unable to set description for " +
93
-                                                           jobName + ": " + buildNumber);
94
-                    }
95
-                } finally {
96
-                    SecurityContextHolder.setContext(oldContext);
85
+                    GearmanPluginUtil.setBuildDescription(build, buildDescription);
86
+                } catch (IOException e) {
87
+                    throw new IllegalArgumentException("Unable to set description for " +
88
+                                                       jobName + ": " + buildNumber);
97 89
                 }
98 90
                 jobResultMsg = "Description for Jenkins build " +buildNumber+" was updated to " + buildDescription;
99 91
                 jobResult = true;

Loading…
Cancel
Save