public String getIconFileName() { if (Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) return "gear2.png"; else return null; }
/** * Gets the user of the given name. * * @return the user of the given name (which may or may not be an id), if that person exists; else null * @see User#get(String,boolean) * @see User#getById(String, boolean) */ public @CheckForNull User getUser(String name) { return User.get(name, User.ALLOW_USER_CREATION_VIA_URL && hasPermission(ADMINISTER)); }
/** * Returns true if the configuration of this subsystem becomes relevant. * Unless this option is relevant, we don't let users choose this. */ public boolean isRelevant() { return jenkins.hasPermission(Jenkins.RUN_SCRIPTS) && jenkins.isUseSecurity(); } }
public boolean hasPermission(Permission permission) { return Jenkins.getInstance().hasPermission(permission); }
@Override protected FullDuplexHttpService createService(StaplerRequest req, UUID uuid) throws IOException { // do not require any permission to establish a CLI connection // the actual authentication for the connecting Channel is done by CLICommand return new FullDuplexHttpChannel(uuid, !Jenkins.get().hasPermission(Jenkins.ADMINISTER)) { @SuppressWarnings("deprecation") @Override protected void main(Channel channel) throws IOException, InterruptedException { // capture the identity given by the transport, since this can be useful for SecurityRealm.createCliAuthenticator() channel.setProperty(CLICommand.TRANSPORT_AUTHENTICATION, Jenkins.getAuthentication()); channel.setProperty(CliEntryPoint.class.getName(), new CliManagerImpl(channel)); } }; } }
/** * Checks if the current user has permission to see this pointer. * @return {@code true} if the job exists and user has {@link Item#READ} permissions * or if the current user has {@link Jenkins#ADMINISTER} permissions. * If the job exists, but the current user has no permission to discover it, * {@code false} will be returned. * If the job has been deleted and the user has no {@link Jenkins#ADMINISTER} permissions, * it also returns {@code false} in order to avoid the job existence fact exposure. */ private boolean hasPermissionToDiscoverBuild() { // We expose the data to Jenkins administrators in order to // let them manage the data for deleted jobs (also works for SYSTEM) final Jenkins instance = Jenkins.getInstance(); if (instance.hasPermission(Jenkins.ADMINISTER)) { return true; } return canDiscoverItem(name); }
@Exported(name="usage") public @Nonnull List<RangeItem> _getUsages() { List<RangeItem> r = new ArrayList<RangeItem>(); final Jenkins instance = Jenkins.getInstance(); for (Entry<String, RangeSet> e : usages.entrySet()) { final String itemName = e.getKey(); if (instance.hasPermission(Jenkins.ADMINISTER) || canDiscoverItem(itemName)) { r.add(new RangeItem(itemName, e.getValue())); } } return r; }
@Override @Restricted(NoExternalUse.class) public Object getTarget() { if (!SKIP_PERMISSION_CHECK) { if (!Jenkins.get().hasPermission(Jenkins.READ)) { return null; } } return this; }
@Override public String getColumnCaption() { // Hide this column from non-admins return Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER) ? super.getColumnCaption() : null; }
@Override public String getColumnCaption() { // Hide this column from non-admins return Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER) ? super.getColumnCaption() : null; }
@Override public String getColumnCaption() { // Hide this column from non-admins return Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER) ? super.getColumnCaption() : null; }
/** * Do we need to show the upgrade wizard prompt? */ public boolean isDue() { if (isUpToDate) return false; // only admin users should see this if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) return false; // only show when Jenkins is fully up & running WebApp wa = WebApp.getCurrent(); if (wa==null || !(wa.getApp() instanceof Jenkins)) return false; return System.currentTimeMillis() > SetupWizard.getUpdateStateFile().lastModified(); }
public static boolean usePostBack() { return get().isUseBrowser() && Jenkins.get().hasPermission(Jenkins.ADMINISTER); }
if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) { return Collections.emptyList();
/** * Runs the validation code. */ public final void process() throws IOException, ServletException { if(permission!=null) try { if(subject==null) throw new AccessDeniedException("No subject"); subject.checkPermission(permission); } catch (AccessDeniedException e) { // if the user has hudson-wide admin permission, all checks are allowed // this is to protect Hudson administrator from broken ACL/SecurityRealm implementation/configuration. if(!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) throw e; } check(); }
@Override protected int run() throws Exception { if (!Jenkins.getActiveInstance().hasPermission(Jenkins.READ)) { throw new AccessDeniedException("You must authenticate to access this Jenkins.\n" + CLI.usage()); } if (command != null) return showCommandDetails(); showAllCommands(); return 0; }
/** * Only for legacy token */ private boolean hasPermissionToSeeToken() { // Administrators can do whatever they want if (SHOW_LEGACY_TOKEN_TO_ADMINS && Jenkins.get().hasPermission(Jenkins.ADMINISTER)) { return true; } User current = User.current(); if (current == null) { // Anonymous return false; } // SYSTEM user is always eligible to see tokens if (Jenkins.getAuthentication() == ACL.SYSTEM) { return true; } return User.idStrategy().equals(user.getId(), current.getId()); }
/** * This version is so that the 'hasPermission' can degrade gracefully * if "it" is not an {@link AccessControlled} object. */ public static boolean hasPermission(Object object, Permission permission) throws IOException, ServletException { if (permission == null) return true; if (object instanceof AccessControlled) return ((AccessControlled)object).hasPermission(permission); else { List<Ancestor> ancs = Stapler.getCurrentRequest().getAncestors(); for(Ancestor anc : Iterators.reverse(ancs)) { Object o = anc.getObject(); if (o instanceof AccessControlled) { return ((AccessControlled)o).hasPermission(permission); } } return Jenkins.getInstance().hasPermission(permission); } }
@Restricted(NoExternalUse.class) public boolean hasCurrentUserRightToGenerateNewToken(User propertyOwner){ if (ADMIN_CAN_GENERATE_NEW_TOKENS && Jenkins.get().hasPermission(Jenkins.ADMINISTER)) { return true; } User currentUser = User.current(); if (currentUser == null) { // Anonymous return false; } if (Jenkins.getAuthentication() == ACL.SYSTEM) { // SYSTEM user is always eligible to see tokens return true; } return User.idStrategy().equals(propertyOwner.getId(), currentUser.getId()); }
@Override public SearchIndexBuilder makeSearchIndex() { SearchIndexBuilder builder = super.makeSearchIndex(); if (hasPermission(ADMINISTER)) { builder.add("configure", "config", "configure") .add("manage")