Fix permission problem when finding builds

Plugin runs as user "anonymous". Escalate priviledges so it can find
projects/builds also in the case that "anonymous" user does not have
read permissions for them.

Change-Id: Iccf19460bb02a450d4a82fdabaf9dbc37a3ffe97
This commit is contained in:
Jan Hruban 2015-10-12 22:14:59 +02:00
parent b879f56ef1
commit 46d74f029f
2 changed files with 37 additions and 18 deletions

View File

@ -21,9 +21,14 @@ package hudson.plugins.gearman;
import hudson.model.AbstractProject;
import hudson.model.Computer;
import hudson.model.Run;
import hudson.security.ACL;
import java.io.IOException;
import jenkins.model.Jenkins;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.context.SecurityContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -70,13 +75,35 @@ public class GearmanPluginUtil {
*/
public static Run<?,?> findBuild(String jobName, int buildNumber) {
AbstractProject<?,?> project = Jenkins.getActiveInstance().getItemByFullName(jobName, AbstractProject.class);
if (project != null){
Run<?,?> run = project.getBuildByNumber(buildNumber);
if (run != null) {
return run;
SecurityContext oldContext = ACL.impersonate(ACL.SYSTEM);
try {
AbstractProject<?,?> project = Jenkins.getActiveInstance().getItemByFullName(jobName, AbstractProject.class);
if (project != null){
Run<?,?> run = project.getBuildByNumber(buildNumber);
if (run != null) {
return run;
}
}
return null;
} finally {
SecurityContextHolder.setContext(oldContext);
}
}
/**
* Sets description of the build
*
* @param build
* Build to set the description of
* @param description
* New build description
*/
public static void setBuildDescription(Run build, String description) throws IOException {
SecurityContext oldContext = ACL.impersonate(ACL.SYSTEM);
try {
build.setDescription(description);
} finally {
SecurityContextHolder.setContext(oldContext);
}
return null;
}
}

View File

@ -20,14 +20,11 @@
package hudson.plugins.gearman;
import hudson.model.Run;
import hudson.security.ACL;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.Map;
import org.acegisecurity.context.SecurityContextHolder;
import org.acegisecurity.context.SecurityContext;
import org.gearman.client.GearmanJobResult;
import org.gearman.client.GearmanJobResultImpl;
import org.gearman.worker.AbstractGearmanFunction;
@ -84,16 +81,11 @@ public class SetDescriptionWorker extends AbstractGearmanFunction {
// find build then update its description
Run<?,?> build = GearmanPluginUtil.findBuild(jobName, Integer.parseInt(buildNumber));
if (build != null) {
SecurityContext oldContext = ACL.impersonate(ACL.SYSTEM);
try {
try {
build.setDescription(buildDescription);
} catch (IOException e) {
throw new IllegalArgumentException("Unable to set description for " +
jobName + ": " + buildNumber);
}
} finally {
SecurityContextHolder.setContext(oldContext);
GearmanPluginUtil.setBuildDescription(build, buildDescription);
} catch (IOException e) {
throw new IllegalArgumentException("Unable to set description for " +
jobName + ": " + buildNumber);
}
jobResultMsg = "Description for Jenkins build " +buildNumber+" was updated to " + buildDescription;
jobResult = true;