diff --git a/.gitignore b/.gitignore index 3cc01e48..1fc73806 100644 --- a/.gitignore +++ b/.gitignore @@ -8,3 +8,4 @@ target .settings bin .DS_Store +.vscode/ diff --git a/src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabHookCreator.java b/src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabHookCreator.java index b69aa144..80a28569 100644 --- a/src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabHookCreator.java +++ b/src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabHookCreator.java @@ -37,7 +37,7 @@ public static void register(SCMNavigatorOwner owner, GitLabSCMNavigator navigato if (!server.isManageSystemHooks()) { return; } - credentials = server.getCredentials(); + credentials = server.getCredentials(owner); if (credentials == null) { LOGGER.log(Level.WARNING, "No System credentials added, cannot create system hook"); } @@ -71,7 +71,7 @@ public static void register(GitLabSCMSource source, if (!server.isManageWebHooks()) { break; } - credentials = server.getCredentials(); + credentials = server.getCredentials(source.getOwner()); if (credentials == null) { LOGGER.log(Level.WARNING, "No System credentials added, cannot create web hook"); } @@ -108,7 +108,7 @@ public static void register(GitLabSCMSource source, if (!server.isManageSystemHooks()) { return; } - credentials = server.getCredentials(); + credentials = server.getCredentials(source.getOwner()); if (credentials == null) { LOGGER.log(Level.WARNING, "No System credentials added, cannot create system hook"); } diff --git a/src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabSCMFileSystem.java b/src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabSCMFileSystem.java index 28c32508..ac0dc906 100644 --- a/src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabSCMFileSystem.java +++ b/src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabSCMFileSystem.java @@ -97,7 +97,7 @@ public SCMFileSystem build(@NonNull SCMSource source, @NonNull SCMHead head, @CheckForNull SCMRevision rev) throws IOException, InterruptedException { GitLabSCMSource gitlabScmSource = (GitLabSCMSource) source; - GitLabApi gitLabApi = apiBuilder(gitlabScmSource.getServerName()); + GitLabApi gitLabApi = apiBuilder(source.getOwner(), gitlabScmSource.getServerName()); String projectPath = gitlabScmSource.getProjectPath(); return build(head, rev, gitLabApi, projectPath); } diff --git a/src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabSCMNavigator.java b/src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabSCMNavigator.java index 96132c17..0624d3bb 100644 --- a/src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabSCMNavigator.java +++ b/src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabSCMNavigator.java @@ -189,9 +189,9 @@ public void setTraits(@CheckForNull SCMTrait[] traits) { } } - private GitLabOwner getGitlabOwner() { + private GitLabOwner getGitlabOwner(SCMNavigatorOwner owner) { if (gitlabOwner == null) { - getGitlabOwner(apiBuilder(serverName)); + getGitlabOwner(apiBuilder(owner, serverName)); } return gitlabOwner; } @@ -229,7 +229,7 @@ public void visitSources(@NonNull final SCMSourceObserver observer) GitLabSCMNavigatorContext context = new GitLabSCMNavigatorContext() .withTraits(traits); try (GitLabSCMNavigatorRequest request = context.newRequest(this, observer)) { - GitLabApi gitLabApi = apiBuilder(serverName); + GitLabApi gitLabApi = apiBuilder(observer.getContext(), serverName); getGitlabOwner(gitLabApi); List projects; if (gitlabOwner instanceof GitLabUser) { @@ -260,7 +260,7 @@ public void visitSources(@NonNull final SCMSourceObserver observer) count++; String projectPathWithNamespace = p.getPathWithNamespace(); String projectOwner = getProjectOwnerFromNamespace(projectPathWithNamespace); - String projectName = getProjectName(request.withProjectNamingStrategy(), p); + String projectName = getProjectName(gitLabApi, request.withProjectNamingStrategy(), p); getNavigatorProjects().add(projectPathWithNamespace); if (StringUtils.isEmpty(p.getDefaultBranch())) { observer.getListener().getLogger() @@ -319,7 +319,7 @@ public void visitSources(@NonNull final SCMSourceObserver observer) } @NonNull - private String getProjectName(int projectNamingStrategy, Project project) throws URISyntaxException { + private String getProjectName(GitLabApi gitLabApi, int projectNamingStrategy, Project project) throws URISyntaxException { String fullPath = project.getPathWithNamespace(); String projectName; switch (projectNamingStrategy) { @@ -331,7 +331,7 @@ private String getProjectName(int projectNamingStrategy, Project project) throws case 2: // Project name projectName = project.getNameWithNamespace() - .replace(String.format("%s / ", getGitlabOwner().getFullName()), ""); + .replace(String.format("%s / ", getGitlabOwner(gitLabApi).getFullName()), ""); break; case 3: // Contextual project path @@ -365,7 +365,7 @@ private PersonalAccessToken getWebHookCredentials(SCMSourceOwner owner) { if (!server.isManageWebHooks()) { break; } - credentials = server.getCredentials(); + credentials = server.getCredentials(owner); if (credentials == null) { LOGGER.log(Level.WARNING, "No System credentials added, cannot create web hook"); } @@ -387,7 +387,7 @@ private PersonalAccessToken getWebHookCredentials(SCMSourceOwner owner) { protected List retrieveActions(@NonNull SCMNavigatorOwner owner, SCMNavigatorEvent event, @NonNull TaskListener listener) throws IOException, InterruptedException { - getGitlabOwner(); + getGitlabOwner(owner); String fullName = gitlabOwner.getFullName(); String webUrl = gitlabOwner.getWebUrl(); String avatarUrl = gitlabOwner.getAvatarUrl(); @@ -443,14 +443,15 @@ public static class DescriptorImpl extends SCMNavigatorDescriptor implements Ico @Inject private GitLabSCMSource.DescriptorImpl delegate; - public static FormValidation doCheckProjectOwner(@QueryParameter String projectOwner, + public static FormValidation doCheckProjectOwner(@AncestorInPath SCMSourceOwner context, + @QueryParameter String projectOwner, @QueryParameter String serverName) { if (projectOwner.equals("")) { return FormValidation.ok(); } GitLabApi gitLabApi = null; try { - gitLabApi = apiBuilder(serverName); + gitLabApi = apiBuilder(context, serverName); GitLabOwner gitLabOwner = GitLabOwner.fetchOwner(gitLabApi, projectOwner); return FormValidation.ok(projectOwner + " is a valid " + gitLabOwner.getWord()); } catch (IllegalStateException e) { diff --git a/src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabSCMSource.java b/src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabSCMSource.java index 3b79b8f9..aebfb71b 100644 --- a/src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabSCMSource.java +++ b/src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabSCMSource.java @@ -193,7 +193,7 @@ public String getRemote() { protected Project getGitlabProject() { if (gitlabProject == null) { - getGitlabProject(apiBuilder(serverName)); + getGitlabProject(apiBuilder(this.getOwner(), serverName)); } return gitlabProject; } @@ -216,7 +216,7 @@ protected Project getGitlabProject(GitLabApi gitLabApi) { public HashMap getMembers() { HashMap members = new HashMap<>(); try { - GitLabApi gitLabApi = apiBuilder(serverName); + GitLabApi gitLabApi = apiBuilder(this.getOwner(), serverName); for (Member m : gitLabApi.getProjectApi().getAllMembers(projectPath)) { members.put(m.getUsername(), m.getAccessLevel()); } @@ -251,7 +251,7 @@ public void setTraits(List traits) { protected SCMRevision retrieve(@NonNull SCMHead head, @NonNull TaskListener listener) throws IOException, InterruptedException { try { - GitLabApi gitLabApi = apiBuilder(serverName); + GitLabApi gitLabApi = apiBuilder(this.getOwner(), serverName); getGitlabProject(gitLabApi); if (head instanceof BranchSCMHead) { listener.getLogger().format("Querying the current revision of branch %s...%n", head.getName()); @@ -304,7 +304,7 @@ protected void retrieve(SCMSourceCriteria criteria, @NonNull SCMHeadObserver obs SCMHeadEvent event, @NonNull TaskListener listener) throws IOException, InterruptedException { try { - GitLabApi gitLabApi = apiBuilder(serverName); + GitLabApi gitLabApi = apiBuilder(this.getOwner(), serverName); getGitlabProject(gitLabApi); setProjectId(gitlabProject.getId()); sshRemote = gitlabProject.getSshUrlToRepo(); @@ -675,7 +675,7 @@ protected SCMProbe createProbe(@NonNull final SCMHead head, SCMRevision revision if (builder == null) { throw new AssertionError(); } - GitLabApi gitLabApi = apiBuilder(serverName); + GitLabApi gitLabApi = apiBuilder(this.getOwner(), serverName); getGitlabProject(gitLabApi); final SCMFileSystem fs = builder.build(head, revision, gitLabApi, projectPath); return new SCMProbe() { @@ -807,7 +807,7 @@ context, StandardUsernameCredentials.class, fromUri(getServerUrlFromName(serverN return result; } - public long getProjectId(@QueryParameter String projectPath, @QueryParameter String serverName) { + public long getProjectId(@AncestorInPath SCMSourceOwner context, @QueryParameter String projectPath, @QueryParameter String serverName) { List gitLabServers = GitLabServers.get().getServers(); if (gitLabServers.size() == 0) { return -1; @@ -815,9 +815,9 @@ public long getProjectId(@QueryParameter String projectPath, @QueryParameter Str try { GitLabApi gitLabApi; if (StringUtils.isBlank(serverName)) { - gitLabApi = apiBuilder(gitLabServers.get(0).getName()); + gitLabApi = apiBuilder(context, gitLabServers.get(0).getName()); } else { - gitLabApi = apiBuilder(serverName); + gitLabApi = apiBuilder(context, serverName); } if (StringUtils.isNotBlank(projectPath)) { return gitLabApi.getProjectApi().getProject(projectPath).getId(); @@ -838,9 +838,9 @@ public ListBoxModel doFillProjectPathItems(@AncestorInPath SCMSourceOwner contex try { GitLabApi gitLabApi; if (serverName.equals("")) { - gitLabApi = apiBuilder(gitLabServers.get(0).getName()); + gitLabApi = apiBuilder(context, gitLabServers.get(0).getName()); } else { - gitLabApi = apiBuilder(serverName); + gitLabApi = apiBuilder(context, serverName); } if (projectOwner.equals("")) { diff --git a/src/main/java/io/jenkins/plugins/gitlabbranchsource/helpers/GitLabHelper.java b/src/main/java/io/jenkins/plugins/gitlabbranchsource/helpers/GitLabHelper.java index f3e0fb46..a346d945 100644 --- a/src/main/java/io/jenkins/plugins/gitlabbranchsource/helpers/GitLabHelper.java +++ b/src/main/java/io/jenkins/plugins/gitlabbranchsource/helpers/GitLabHelper.java @@ -4,6 +4,7 @@ import com.damnhandy.uri.template.UriTemplateBuilder; import com.damnhandy.uri.template.impl.Operator; import hudson.ProxyConfiguration; +import hudson.security.AccessControlled; import io.jenkins.plugins.gitlabserverconfig.credentials.PersonalAccessToken; import io.jenkins.plugins.gitlabserverconfig.servers.GitLabServer; import io.jenkins.plugins.gitlabserverconfig.servers.GitLabServers; @@ -19,10 +20,10 @@ public class GitLabHelper { - public static GitLabApi apiBuilder(String serverName) { + public static GitLabApi apiBuilder(AccessControlled context, String serverName) { GitLabServer server = GitLabServers.get().findServer(serverName); if (server != null) { - PersonalAccessToken credentials = server.getCredentials(); + PersonalAccessToken credentials = server.getCredentials(context); String serverUrl = server.getServerUrl(); if (credentials != null) { return new GitLabApi(serverUrl, credentials.getToken().getPlainText(), null, getProxyConfig(serverUrl)); diff --git a/src/main/java/io/jenkins/plugins/gitlabbranchsource/helpers/GitLabPipelineStatusNotifier.java b/src/main/java/io/jenkins/plugins/gitlabbranchsource/helpers/GitLabPipelineStatusNotifier.java index f7737406..e2825b95 100644 --- a/src/main/java/io/jenkins/plugins/gitlabbranchsource/helpers/GitLabPipelineStatusNotifier.java +++ b/src/main/java/io/jenkins/plugins/gitlabbranchsource/helpers/GitLabPipelineStatusNotifier.java @@ -174,7 +174,7 @@ private static void logComment(Run build, TaskListener listener) { String suffix = " - [Details](" + url + ")"; SCMRevision revision = SCMRevisionAction.getRevision(source, build); try { - GitLabApi gitLabApi = GitLabHelper.apiBuilder(source.getServerName()); + GitLabApi gitLabApi = GitLabHelper.apiBuilder(build.getParent(), source.getServerName()); String sudoUsername = sourceContext.getSudoUser(); if (!sudoUsername.isEmpty()) { gitLabApi.sudo(sudoUsername); @@ -319,7 +319,7 @@ private static void sendNotifications(Run build, TaskListener listener) { } } try { - GitLabApi gitLabApi = GitLabHelper.apiBuilder(source.getServerName()); + GitLabApi gitLabApi = GitLabHelper.apiBuilder(build.getParent(), source.getServerName()); LOGGER.log(Level.FINE, String.format("Notifiying commit: %s", hash)); if (revision instanceof MergeRequestSCMRevision) { @@ -419,7 +419,7 @@ public void onEnterWaiting(final Queue.WaitingItem wi) { Constants.CommitBuildState state = Constants.CommitBuildState.PENDING; try { - GitLabApi gitLabApi = GitLabHelper.apiBuilder(source.getServerName()); + GitLabApi gitLabApi = GitLabHelper.apiBuilder(job, source.getServerName()); // check are we still the task to set pending synchronized (resolving) { if (!nonce.equals(resolving.get(job))) { diff --git a/src/main/java/io/jenkins/plugins/gitlabserverconfig/action/GitlabAction.java b/src/main/java/io/jenkins/plugins/gitlabserverconfig/action/GitlabAction.java index 9b436b74..08b7950a 100644 --- a/src/main/java/io/jenkins/plugins/gitlabserverconfig/action/GitlabAction.java +++ b/src/main/java/io/jenkins/plugins/gitlabserverconfig/action/GitlabAction.java @@ -9,6 +9,7 @@ import java.util.logging.Level; import java.util.logging.Logger; import jenkins.model.Jenkins; +import jenkins.scm.api.SCMSourceOwner; import net.sf.json.JSONArray; import net.sf.json.JSONObject; import org.apache.commons.lang.StringUtils; @@ -18,6 +19,7 @@ import org.gitlab4j.api.models.ProjectFilter; import org.kohsuke.accmod.Restricted; import org.kohsuke.accmod.restrictions.NoExternalUse; +import org.kohsuke.stapler.AncestorInPath; import org.kohsuke.stapler.HttpResponse; import org.kohsuke.stapler.QueryParameter; import org.kohsuke.stapler.interceptor.RequirePOST; @@ -48,7 +50,8 @@ public HttpResponse doServerList() { } @RequirePOST - public HttpResponse doProjectList(@QueryParameter String server, + public HttpResponse doProjectList(@AncestorInPath SCMSourceOwner context, + @QueryParameter String server, @QueryParameter String owner) { if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) { return HttpResponses.errorJSON("no permission to get Gitlab server list"); @@ -60,7 +63,7 @@ public HttpResponse doProjectList(@QueryParameter String server, JSONArray servers = new JSONArray(); - GitLabApi gitLabApi = GitLabHelper.apiBuilder(server); + GitLabApi gitLabApi = GitLabHelper.apiBuilder(context, server); try { for (Project project : gitLabApi.getProjectApi().getUserProjects(owner, new ProjectFilter().withOwned(true))) { diff --git a/src/main/java/io/jenkins/plugins/gitlabserverconfig/servers/GitLabServer.java b/src/main/java/io/jenkins/plugins/gitlabserverconfig/servers/GitLabServer.java index 10c741e1..fbd712c6 100644 --- a/src/main/java/io/jenkins/plugins/gitlabserverconfig/servers/GitLabServer.java +++ b/src/main/java/io/jenkins/plugins/gitlabserverconfig/servers/GitLabServer.java @@ -11,7 +11,10 @@ import hudson.Util; import hudson.model.AbstractDescribableImpl; import hudson.model.Descriptor; +import hudson.model.Item; +import hudson.model.ItemGroup; import hudson.security.ACL; +import hudson.security.AccessControlled; import hudson.util.FormValidation; import hudson.util.ListBoxModel; import hudson.util.Secret; @@ -230,16 +233,34 @@ public String getCredentialsId() { * * @return {@link PersonalAccessToken} */ - public PersonalAccessToken getCredentials() { + public PersonalAccessToken getCredentials(AccessControlled context) { Jenkins jenkins = Jenkins.get(); - jenkins.checkPermission(CredentialsProvider.USE_OWN); - return StringUtils.isBlank(credentialsId) ? null : CredentialsMatchers.firstOrNull( - lookupCredentials( - PersonalAccessToken.class, - jenkins, - ACL.SYSTEM, - fromUri(defaultIfBlank(serverUrl, GITLAB_SERVER_URL)).build() - ), withId(credentialsId)); + if (context == null) { + jenkins.checkPermission(CredentialsProvider.USE_OWN); + return StringUtils.isBlank(credentialsId) ? null : CredentialsMatchers.firstOrNull( lookupCredentials( + PersonalAccessToken.class, + jenkins, + ACL.SYSTEM, + fromUri(defaultIfBlank(serverUrl, GITLAB_SERVER_URL)).build() + ), withId(credentialsId)); + } else { + context.checkPermission(CredentialsProvider.USE_OWN); + if (context instanceof ItemGroup) { + return StringUtils.isBlank(credentialsId) ? null : CredentialsMatchers.firstOrNull( lookupCredentials( + PersonalAccessToken.class, + (ItemGroup) context, + ACL.SYSTEM, + fromUri(defaultIfBlank(serverUrl, GITLAB_SERVER_URL)).build() + ), withId(credentialsId)); + } else { + return StringUtils.isBlank(credentialsId) ? null : CredentialsMatchers.firstOrNull( lookupCredentials( + PersonalAccessToken.class, + (Item) context, + ACL.SYSTEM, + fromUri(defaultIfBlank(serverUrl, GITLAB_SERVER_URL)).build() + ), withId(credentialsId)); + } + } } /**