I am trying to secure a POST method that is invoked during configuration of a
view column.
I started with a permission check for View.CONFIGURE but this was too
restrictive and does not work with role based authorization strategy.
When I add an ItemGroup object as @AncestorInPath then I don’t find a
corresponding ACL method in Jenkins.
So my planned code looks like:
@POST
public ListBoxModel doFillTypeItems(@AncestorInPath final ItemGroup<?> item) {
if (item == null) {
if (Jenkins.get().hasPermission(View.CONFIGURE)) {
return createTypesModel();
}
}
if
(Jenkins.get().getAuthorizationStrategy().getACL(item).hasPermission(View.CONFIGURE))
{
return createTypesModel();
}
return new ListBoxModel();
}
But there is no getAcl method for item groups. What is the correct way to
authenticate here?
What I also tried is to use a View. This code compiles but I do not get the
view as AncestorInPath.
@POST
public ListBoxModel doFillTypeItems(@AncestorInPath final View view) {…}
--
You received this message because you are subscribed to the Google Groups
"Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/d/msgid/jenkinsci-dev/1E72C06F-71F9-4835-A778-B5AEE9AE2865%40gmail.com.
