[ https://issues.jenkins-ci.org/browse/JENKINS-13190?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=161076#comment-161076 ]
SCM/JIRA link daemon commented on JENKINS-13190: ------------------------------------------------ Code changed in jenkins User: Michael O'Cleirigh Path: core/src/main/java/hudson/security/ACL.java core/src/main/java/hudson/security/ACLPermissionOverride.java http://jenkins-ci.org/commit/jenkins/7d0380f46f013effb7793622707042a452ff1c66 Log: [JENKINS-13190] Add ACLPermissionOverride extension point Modifies the base ACL class to first check with ACLPermissionOverride extension point implementations as to whether the permission should be granted. If none of the ACLPermissionOverride instances approve the permission the ACL's permission checking logic will be used instead. This override provides a mechanism to grant more permissions than the ACL being overridden provides. > Add ACLPermissionOverride Extension Point to grant additional permissions to > an ACL regardless of the AuthorizationStrategy being used > -------------------------------------------------------------------------------------------------------------------------------------- > > Key: JENKINS-13190 > URL: https://issues.jenkins-ci.org/browse/JENKINS-13190 > Project: Jenkins > Issue Type: Improvement > Components: core > Reporter: Michael O'Cleirigh > Priority: Minor > Labels: jenkins > > For the github-oauth-plugin people want to use the existing > GlobalMatrixAuthorizationStrategy and enable things like the github-webhook > callback. Currently I have my own AuthorizationStrategy that supports these > extra callback URL's but I want to be able to transparently support them > without caring which specific AuthorizationStrategy is being used. > My solution is to add a new extension point into Jenkins that is invoked at > the base ACL class that checks if any ACLPermissionOverride extensions want > to grant the permission before the ACL checks its own authorization logic. > For the github-oauth-plugin it means that I can add in these extra URL's > allow options into my SecurityRealm and then get them applied before the > GlobalMatrixAuthorizationStrategy's ACL logic is used. -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jenkins-ci.org/secure/ContactAdministrators!default.jspa For more information on JIRA, see: http://www.atlassian.com/software/jira