[JIRA] (JENKINS-13190) Add ACLPermissionOverride Extension Point to grant additional permissions to an ACL regardless of the AuthorizationStrategy being used

Sun, 01 Apr 2012 08:12:34 -0700 

    [ 
https://issues.jenkins-ci.org/browse/JENKINS-13190?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=161076#comment-161076
 ] 

SCM/JIRA link daemon commented on JENKINS-13190:
------------------------------------------------

Code changed in jenkins
User: Michael O'Cleirigh
Path:
 core/src/main/java/hudson/security/ACL.java
 core/src/main/java/hudson/security/ACLPermissionOverride.java
http://jenkins-ci.org/commit/jenkins/7d0380f46f013effb7793622707042a452ff1c66
Log:
  [JENKINS-13190] Add ACLPermissionOverride extension point

Modifies the base ACL class to first check with ACLPermissionOverride extension 
point
implementations as to whether the permission should be granted.

If none of the ACLPermissionOverride instances approve the permission the ACL's 
permission
checking logic will be used instead.

This override provides a mechanism to grant more permissions than the ACL being 
overridden provides.



                
> Add ACLPermissionOverride Extension Point to grant additional permissions to 
> an ACL regardless of the AuthorizationStrategy being used
> --------------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: JENKINS-13190
>                 URL: https://issues.jenkins-ci.org/browse/JENKINS-13190
>             Project: Jenkins
>          Issue Type: Improvement
>          Components: core
>            Reporter: Michael O'Cleirigh
>            Priority: Minor
>              Labels: jenkins
>
> For the github-oauth-plugin people want to use the existing 
> GlobalMatrixAuthorizationStrategy and enable things like the github-webhook 
> callback.  Currently I have my own AuthorizationStrategy that supports these 
> extra callback URL's but I want to be able to transparently support them 
> without caring which specific AuthorizationStrategy is being used.  
> My solution is to add a new extension point into Jenkins that is invoked at 
> the base ACL class that checks if any ACLPermissionOverride extensions want 
> to grant the permission before the ACL checks its own authorization logic.
> For the github-oauth-plugin it means that I can add in these extra URL's 
> allow options into my SecurityRealm and then get them applied before the 
> GlobalMatrixAuthorizationStrategy's ACL logic is used.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: 
https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

Reply via email to