Java tutorial
/* * The MIT License (MIT) * * Copyright (c) 2014 Andreas Alanko, Emil Nilsson, Sony Mobile Communications AB. * All rights reserved. * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. */ package com.sonymobile.jenkins.plugins.gitlab.gitlabauth.acl; import com.sonymobile.gitlab.exceptions.GitLabApiException; import com.sonymobile.gitlab.model.GitLabGroupMemberInfo; import com.sonymobile.jenkins.plugins.gitlab.gitlabauth.GitLab; import com.sonymobile.jenkins.plugins.gitlab.gitlabauth.security.GitLabUserDetails; import hudson.security.ACL; import hudson.security.Permission; import hudson.security.PermissionGroup; import org.acegisecurity.Authentication; import org.apache.commons.lang.StringUtils; import java.util.ArrayList; import java.util.Collection; import java.util.List; import java.util.SortedSet; import java.util.TreeSet; import java.util.logging.Logger; /** * Global ACL for GitLab * * @author Andreas Alanko */ public class GitLabGlobalACL extends GitLabAbstractACL { /** GitLab usernames with admin rights on Jenkins. */ private List<String> adminUsernames; /** GitLab groups with admin rights on Jenkins. */ private List<String> adminGroups; /** If we want all GitLab admins to be Jenkins admins aswell. */ private boolean useGitLabAdmins; /** Logger for this class. */ private final transient Logger LOGGER = Logger.getLogger(GitLabGlobalACL.class.getName()); /** * Creates a global ACL to use for GitLabAuthorization. * * Identities such as usernames and groups should be separated by commas. * Example: "myUsername, anotherUsername" * Example: "myGroup, anotherGroup" * * @param adminUsernames the admin usernames * @param adminGroups the admin groups * @param useGitLabAdmins if GitLab admins should also be Jenkins admins * @param grantedPermissions the granted permissions */ public GitLabGlobalACL(String adminUsernames, String adminGroups, boolean useGitLabAdmins, GitLabGrantedPermissions grantedPermissions) { super(grantedPermissions); this.useGitLabAdmins = useGitLabAdmins; this.adminUsernames = splitAdminIdentitiesIntoList(adminUsernames); this.adminGroups = splitAdminIdentitiesIntoList(adminGroups); } public GitLabGlobalACL() { super(); } @Override public Collection<PermissionGroup> getApplicablePermissionGroups() { SortedSet<PermissionGroup> permissionGroups = new TreeSet<PermissionGroup>(PermissionGroup.getAll()); permissionGroups.remove(PermissionGroup.get(Permission.class)); return permissionGroups; } /** * Splits a string of identities separated by commas and adds them to * a List. * * @param adminIdentities the string * @return a list */ private List<String> splitAdminIdentitiesIntoList(String adminIdentities) { List<String> list = new ArrayList<String>(); if (adminIdentities != null && adminIdentities.length() > 0) { adminIdentities = adminIdentities.trim(); String[] split = adminIdentities.split(","); for (int i = 0; i < split.length; i++) { split[i] = split[i].trim(); if (!split[i].isEmpty()) { list.add(split[i]); } } } return list; } /** * Checks if the given principal has permission to use the permission. * * @param auth the authentication object * @param permission the permission * @return true if the given principal has permission */ @Override public boolean hasPermission(Authentication auth, Permission permission) { if (auth == ACL.SYSTEM) { return true; } if (isLoggedIn(auth)) { GitLabUserDetails user = (GitLabUserDetails) auth.getPrincipal(); if (isPermissionSetStandard(user, permission)) { return true; } } return isPermissionSetAnon(permission); } /** * Checks if the given user has admin access on the jenkins server. * * @param user the user * @return true is the user has admin access else false */ public boolean isAdmin(GitLabUserDetails user) { try { GitLabGroupMemberInfo groupMember; for (int i = 0; i < adminGroups.size(); i++) { groupMember = GitLab.getGroupMember(user.getId(), adminGroups.get(i)); if (groupMember != null && !groupMember.isBlocked()) { return true; } } return adminUsernames.contains(user.getUsername()) || (useGitLabAdmins && GitLab.isAdmin(user.getId())); } catch (GitLabApiException e) { LOGGER.warning("Connection to the GitLab API failed."); } return false; } @Override protected void setDefaultPermissions() { getGrantedPermissions().addPermissionGroups(GitLabPermissionIdentity.JENKINS_ADMIN, getApplicablePermissionGroups()); } /** * Returns a string with GitLab usernames who has admin access in Jenkins. * * The usernames are separated by commas. * * @return a string with GitLab usernames */ public String getAdminUsernames() { return StringUtils.join(adminUsernames.iterator(), ", "); } /** * Returns a string with GitLab groups who has admin access in Jenkins. * * The groups are separated by commas. * * @return a string with GitLab groups */ public String getAdminGroups() { return StringUtils.join(adminGroups.iterator(), ", "); } /** * Checks if admins of GitLab also should be admins of Jenkins. * * @return true if GitLab admins should be admins of Jenkins, else false */ public boolean getUseGitLabAdmins() { return useGitLabAdmins; } }