Branch: refs/heads/master
Home: https://github.com/jenkinsci/role-strategy-plugin
Commit: b60076577ec7fed7ff9286966e2b56dad7a65c90
https://github.com/jenkinsci/role-strategy-plugin/commit/b60076577ec7fed7ff9286966e2b56dad7a65c90
Author: Markus Winter <m.win...@sap.com>
Date: 2022-07-28 (Thu, 28 Jul 2022)
Changed paths:
M README.md
M
src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleBasedAuthorizationStrategy.java
M src/main/java/com/michelin/cio/hudson/plugins/rolestrategy/RoleMap.java
A
src/main/java/org/jenkinsci/plugins/rolestrategy/NamingStrategyAdministrativeMonitor.java
M
src/main/java/org/jenkinsci/plugins/rolestrategy/RoleBasedProjectNamingStrategy.java
M
src/main/resources/com/michelin/cio/hudson/plugins/rolestrategy/Messages.properties
A
src/main/resources/org/jenkinsci/plugins/rolestrategy/NamingStrategyAdministrativeMonitor/description.jelly
A
src/main/resources/org/jenkinsci/plugins/rolestrategy/NamingStrategyAdministrativeMonitor/description.properties
A
src/main/resources/org/jenkinsci/plugins/rolestrategy/NamingStrategyAdministrativeMonitor/message.jelly
A
src/main/resources/org/jenkinsci/plugins/rolestrategy/NamingStrategyAdministrativeMonitor/message.properties
A
src/test/java/org/jenkinsci/plugins/rolestrategy/RoleBasedProjectNamingStrategyTest.java
A
src/test/resources/org/jenkinsci/plugins/rolestrategy/Configuration-as-Code-Macro.yml
A
src/test/resources/org/jenkinsci/plugins/rolestrategy/Configuration-as-Code-Naming.yml
Log Message:
-----------
[JENKINS-19934] fix project naming strategy (#179)
* [JENKINS-19934] WIP fix project naming strategy
The project naming strategy is currently not considering if the user
has the permission to create a job with a given name at all. I just
checks if the passed name matches any of the patterns.
Also it doesn't consider the full name, e.g. when a project is created
inside a folder.
This can lead to the situtation that a user creates a job but is then
unable to configure the job.
This change will do the following:
Prerequisites:
- Rolebased project naming strategy is enabled.
- for each role when create is enabled also configure and read should
be enabled
If a user has either globally or in any item role the create permission
then he will see the "New item" link in the side panel.
A user that has global create permissions can create jobs with any name.
For a user that has create permission on one or more item roles the
entered name is matched against the role and the users permissions.
Current limitation is that it only works reliably via the UI. When
trying to create a job via the CLI, there is no staplerrequest that can
be used to find the parent item. So job creation via cli will fall back
to the old behaviour and just check the item name itself.
In case JENKINS-68602 gets resolved requests coming in via the CLI would
also be properly checked.
This also adds an admin monitor that warns when the role based project
naming strategy is not enabled.
* fix javadoc ref
* add more tests
* fix group resolution
can't use the code path from authorities as roles that is wrong.
Add tests that verify group permissions work properly
* fix javadoc
* code cleanup
* optimize checking create permission
* update documentation
* remove unused method
* fix formatting
* exclude macro roles from naming check
* add tests
* adjust readme
--
You received this message because you are subscribed to the Google Groups
"Jenkins Commits" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to jenkinsci-commits+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-commits/jenkinsci/role-strategy-plugin/push/refs/heads/master/f21f4b-b60076%40github.com.
