diff --git a/src/main/java/hudson/plugins/promoted_builds/PromotedBuildAction.java b/src/main/java/hudson/plugins/promoted_builds/PromotedBuildAction.java index a1f4b20e..656d0d10 100644 --- a/src/main/java/hudson/plugins/promoted_builds/PromotedBuildAction.java +++ b/src/main/java/hudson/plugins/promoted_builds/PromotedBuildAction.java @@ -155,7 +155,7 @@ public boolean canPromote(String processName) { if (process != null) { manualCondition = (ManualCondition) process.getPromotionCondition(ManualCondition.class.getName()); } - return PromotionPermissionHelper.hasPermission(getProject(), manualCondition); + return PromotionPermissionHelper.hasPermission(getProject(), owner, manualCondition); } /** @@ -239,7 +239,7 @@ public HttpResponse doForcePromotion(@QueryParameter("name") String name) throws throw new IllegalStateException("This project doesn't have the promotion criterion called "+name); ManualCondition manualCondition = (ManualCondition) p.getPromotionCondition(ManualCondition.class.getName()); - PromotionPermissionHelper.checkPermission(getProject(), manualCondition); + PromotionPermissionHelper.checkPermission(getProject(), owner, manualCondition); p.promote(owner,new UserCause(),new ManualPromotionBadge()); diff --git a/src/main/java/hudson/plugins/promoted_builds/PromotionPermissionHelper.java b/src/main/java/hudson/plugins/promoted_builds/PromotionPermissionHelper.java index 9be534da..26d06839 100644 --- a/src/main/java/hudson/plugins/promoted_builds/PromotionPermissionHelper.java +++ b/src/main/java/hudson/plugins/promoted_builds/PromotionPermissionHelper.java @@ -24,6 +24,7 @@ package hudson.plugins.promoted_builds; +import hudson.model.AbstractBuild; import hudson.model.AbstractProject; import hudson.plugins.promoted_builds.conditions.ManualCondition; import hudson.security.AccessDeniedException2; @@ -40,19 +41,19 @@ @Restricted(NoExternalUse.class) public class PromotionPermissionHelper { - public static void checkPermission(@Nonnull AbstractProject target, @CheckForNull ManualCondition associatedCondition) { - if (!hasPermission(target, associatedCondition)) { + public static void checkPermission(@Nonnull AbstractProject target, @Nonnull AbstractBuild build, @CheckForNull ManualCondition associatedCondition) { + if (!hasPermission(target, build, associatedCondition)) { // TODO: Give a more accurate error message if the user has Promotion.PROMOTE but is not in the list of approvers. throw new AccessDeniedException2(Jenkins.getAuthentication(), Promotion.PROMOTE); } } - public static boolean hasPermission(@Nonnull AbstractProject target, @CheckForNull ManualCondition associatedCondition) { + public static boolean hasPermission(@Nonnull AbstractProject target, @Nonnull AbstractBuild build, @CheckForNull ManualCondition associatedCondition) { if (associatedCondition == null) { return target.hasPermission(Promotion.PROMOTE); - } else if (associatedCondition.getUsersAsSet().isEmpty()) { + } else if (associatedCondition.getUsersAsSet(build).isEmpty()) { return target.hasPermission(Promotion.PROMOTE); - } else if (associatedCondition.isInUsersList() || associatedCondition.isInGroupList()) { + } else if (associatedCondition.isInUsersList(build) || associatedCondition.isInGroupList(build)) { // Explicitly listed users do not need Promotion/Promote permissions. return true; } else { diff --git a/src/main/java/hudson/plugins/promoted_builds/Status.java b/src/main/java/hudson/plugins/promoted_builds/Status.java index e4493ff6..7f1a01d3 100644 --- a/src/main/java/hudson/plugins/promoted_builds/Status.java +++ b/src/main/java/hudson/plugins/promoted_builds/Status.java @@ -375,7 +375,7 @@ public boolean canBuild() { } ManualCondition manualCondition = (ManualCondition) process.getPromotionCondition(ManualCondition.class.getName()); - return PromotionPermissionHelper.hasPermission(target.getProject(), manualCondition); + return PromotionPermissionHelper.hasPermission(target.getProject(), target, manualCondition); } /** @@ -399,7 +399,7 @@ public void doBuild(StaplerRequest req, StaplerResponse rsp) throws IOException, ManualCondition manualCondition = (ManualCondition) process.getPromotionCondition(ManualCondition.class.getName()); // TODO: Use PromotionPermissionHelper.checkPermission instead, but consider issues with backwards compatibility. - if (!PromotionPermissionHelper.hasPermission(target.getProject(), manualCondition)) { + if (!PromotionPermissionHelper.hasPermission(target.getProject(), target, manualCondition)) { return; } diff --git a/src/main/java/hudson/plugins/promoted_builds/conditions/ManualCondition.java b/src/main/java/hudson/plugins/promoted_builds/conditions/ManualCondition.java index 6bdeab90..535811f4 100644 --- a/src/main/java/hudson/plugins/promoted_builds/conditions/ManualCondition.java +++ b/src/main/java/hudson/plugins/promoted_builds/conditions/ManualCondition.java @@ -31,6 +31,8 @@ import java.util.concurrent.Future; import java.util.concurrent.TimeUnit; import java.util.concurrent.TimeoutException; +import java.util.logging.Level; +import java.util.logging.Logger; import javax.annotation.CheckForNull; import javax.annotation.Nonnull; @@ -54,6 +56,7 @@ public class ManualCondition extends PromotionCondition { private String users; private List parameterDefinitions = new ArrayList(); + private static final Logger LOGGER = Logger.getLogger(ManualCondition.class.getName()); /** * @@ -96,17 +99,31 @@ public ParameterDefinition getParameterDefinition(String name) { } public Set getUsersAsSet() { - if (users == null || users.equals("")) + return getUsersAsSet(null); + } + + public Set getUsersAsSet(AbstractBuild build) { + if (users == null || users.equals("") || build == null) return Collections.emptySet(); Set set = new HashSet(); for (String user : users.split(",")) { user = user.trim(); - if (user.trim().length() > 0) + LOGGER.log(Level.FINER, "ManualCondition.getUsersAsSet(): user={0}", user); + if (user.startsWith("$")){ + user = user.substring(1); + if (user.startsWith("{") && user.endsWith("}")) + user = user.substring(1, user.length() -1); + LOGGER.log(Level.INFO, "ManualCondition.getUsersAsSet(): build.getBuildVariableResolver().resolve(user=${0})={1}", + new Object [] {user, build.getBuildVariableResolver().resolve(user)}); + user = build.getBuildVariableResolver().resolve(user); + } + if (user != null && user.trim().length() > 0) set.add(user); } + LOGGER.log(Level.INFO, "ManualCondition.getUsersAsSet(): return set={0}", set); return set; } @@ -129,7 +146,7 @@ public PromotionBadge isMet(PromotionProcess promotionProcess, AbstractBuild build) { - if (!PromotionPermissionHelper.hasPermission(build.getProject(), this)) { + if (!PromotionPermissionHelper.hasPermission(build.getProject(), build, this)) { return false; } @@ -150,16 +167,24 @@ public boolean canApprove(PromotionProcess promotionProcess, AbstractBuild * @since 2.24 */ public boolean isInUsersList() { + return isInUsersList(null); + } + + public boolean isInUsersList(AbstractBuild build) { // Current user must be in users list or users list is empty - Set usersSet = getUsersAsSet(); + Set usersSet = getUsersAsSet(build); return usersSet.contains(Hudson.getAuthentication().getName()); } /* * Check if user is a member of a groups as listed in the user / group field */ - public boolean isInGroupList() { - Set groups = getUsersAsSet(); + public boolean isInGroupList(AbstractBuild build) { + return isInGroupList(null); + } + + public boolean isInGroupList(AbstractBuild build) { + Set groups = getUsersAsSet(build); GrantedAuthority[] authorities = Hudson.getAuthentication().getAuthorities(); for (GrantedAuthority authority : authorities) { if (groups.contains(authority.getAuthority())) diff --git a/src/main/resources/hudson/plugins/promoted_builds/conditions/ManualCondition/index.jelly b/src/main/resources/hudson/plugins/promoted_builds/conditions/ManualCondition/index.jelly index bf15935d..fc5abc55 100644 --- a/src/main/resources/hudson/plugins/promoted_builds/conditions/ManualCondition/index.jelly +++ b/src/main/resources/hudson/plugins/promoted_builds/conditions/ManualCondition/index.jelly @@ -4,7 +4,7 @@ - +