Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
  package hudson.plugins.collabnet.auth;
  
  
  
 
Root ACL for the CollabNet Authorization. It gives a set of users Hudson admin privileges, another set read privileges, and if specified, will wrap another ACL and extend those permissions.
 
 public class CNRootACL extends ACL {
     private Collection<StringadminUsers;
     private Collection<StringadminGroups;
     private Collection<StringreadUsers;
     private Collection<StringreadGroups;
     private ACL innerACL;
 
     private static Logger log = Logger.getLogger("CNRootACL");
 
     public CNRootACL(Collection<StringadminUsers
                      Collection<StringadminGroups
                      Collection<StringreadUsers
                      Collection<StringreadGroups) {
         this(adminUsersadminGroupsreadUsersreadGroupsnull);
     }
 
     public CNRootACL(Collection<StringadminUsers
                      Collection<StringadminGroups
                      Collection<StringreadUsers
                      Collection<StringreadGroups
                      ACL innerACL) {
         this. = adminUsers;
         this. = adminGroups;
         this. = readUsers;
         this. = readGroups;
         this. = innerACL;
     }

    
If the user is included in the admins or readUsers sets, check whether the permission is granted via those. If the permission is not settled, pass to any existing innerACL.

Parameters:
a current authentication.
p permission to check
Returns:
true if the user should have the permission.
 
     @Override
     public boolean hasPermission(Authentication aPermission p) {
         if (a.equals(.)) {
             // We want the SYSTEM user to have full rights.
             // This is especially important for triggered builds.
             return true;
         }
         if (!(a instanceof CNAuthentication)) {
             // This can happen when we switch to this Auth but haven't logged
             // out yet.
             return false;
         }
         String username = (String)a.getPrincipal();
         if (!username.equals("anonymous")) {
             // allow all logged-in users to access the Hudson.READ
             if (p.equals(.)) {
                 return true;
             }
 
             CNConnection conn = CNConnection.getInstance(a);
             if (conn == null) {
                 // if the authentication is the wrong type, return true
                 .severe("Improper Authentication type used with " +
                            "CNAuthorizationStrategy!  CNAuthorization " +
                            "strategy cannot be used without " +
                            "CNAuthentication.  Please re-configure your " +
                            "Hudson instance.");
                 return false;
             }
             if (conn.isSuperUser() || 
                 this..contains(username) || 
                 conn.isMemberOfAny(this.)) {
                 // admins have every permission
                 return true;
             }
             if (this..contains(username) ||
                 conn.isMemberOfAny(this.)) {
                 for(Permission permission = ppermission!=null
                     permission=permission.impliedBy) {
                     if (permission.equals(.)) {
                         return true;
                     }
                 }
             }
         }
        // try the inner ACL, if one exists
        if (this. != null) {
            return this..hasPermission(ap);
        }
        return false;
    }
    
New to GrepCode? Check out our FAQ X