From 07a1bf028b1b1dcd2f85b8f0b17e3d902abe9d97 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonathan=20Pigr=C3=A9e?= Date: Tue, 14 May 2019 13:52:59 -1000 Subject: [PATCH 1/3] Fix rights management for workflow jobs Workflow jobs does not have the BranchJobProperty set but multibranchproject has it. The previous code filtered all workflow jobs not having this property making the plugin GitHub Authorization Settings not working for those workflow jobs (all simple pipelines). --- .../plugins/GithubAuthorizationStrategy.java | 8 ++----- ...ithubRequireOrganizationMembershipACL.java | 7 +++++-- ...bRequireOrganizationMembershipACLTest.java | 21 ++++++++----------- 3 files changed, 16 insertions(+), 20 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/GithubAuthorizationStrategy.java b/src/main/java/org/jenkinsci/plugins/GithubAuthorizationStrategy.java index 6882911f..f6949829 100644 --- a/src/main/java/org/jenkinsci/plugins/GithubAuthorizationStrategy.java +++ b/src/main/java/org/jenkinsci/plugins/GithubAuthorizationStrategy.java @@ -102,12 +102,8 @@ public ACL getACL(@Nonnull AbstractItem item) { @Nonnull public ACL getACL(@Nonnull Job job) { - if(job instanceof WorkflowJob && job.getProperty(BranchJobProperty.class) != null || job instanceof AbstractProject) { - GithubRequireOrganizationMembershipACL githubACL = (GithubRequireOrganizationMembershipACL) getRootACL(); - return githubACL.cloneForProject(job); - } else { - return getRootACL(); - } + GithubRequireOrganizationMembershipACL githubACL = (GithubRequireOrganizationMembershipACL) getRootACL(); + return githubACL.cloneForProject(job); } /** diff --git a/src/main/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACL.java b/src/main/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACL.java index 591e1667..0474af3e 100644 --- a/src/main/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACL.java +++ b/src/main/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACL.java @@ -251,9 +251,12 @@ private String getRepositoryName() { String repositoryName = null; String repoUrl = null; Describable scm = null; + if (this.item instanceof WorkflowJob) { - WorkflowJob project = (WorkflowJob) item; - scm = project.getProperty(BranchJobProperty.class).getBranch().getScm(); + WorkflowJob job = (WorkflowJob) item; + if (! job.getSCMs().isEmpty()) { + scm = job.getSCMs().iterator().next(); + } } else if (this.item instanceof MultiBranchProject) { MultiBranchProject project = (MultiBranchProject) item; scm = (SCMSource) project.getSCMSources().get(0); diff --git a/src/test/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACLTest.java b/src/test/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACLTest.java index e81c6cb7..271987e4 100644 --- a/src/test/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACLTest.java +++ b/src/test/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACLTest.java @@ -28,6 +28,7 @@ of this software and associated documentation files (the "Software"), to deal import com.google.common.collect.ImmutableMap; +import hudson.scm.SCM; import junit.framework.TestCase; import org.acegisecurity.Authentication; @@ -61,13 +62,7 @@ of this software and associated documentation files (the "Software"), to deal import org.powermock.modules.junit4.PowerMockRunner; import java.io.IOException; -import java.util.ArrayList; -import java.util.Arrays; -import java.util.Collections; -import java.util.HashSet; -import java.util.List; -import java.util.Map; -import java.util.Set; +import java.util.*; import hudson.model.Hudson; import hudson.model.Item; @@ -217,13 +212,15 @@ private Project mockProject(String url) { private WorkflowJob mockWorkflowJob(String url) { WorkflowJob project = PowerMockito.mock(WorkflowJob.class); GitSCM gitSCM = PowerMockito.mock(GitSCM.class); - Branch branch = PowerMockito.mock(Branch.class); - BranchJobProperty branchJobProperty = PowerMockito.mock(BranchJobProperty.class); + Collection scm = PowerMockito.mock(Collection.class); + Iterator it = PowerMockito.mock(Iterator.class); UserRemoteConfig userRemoteConfig = PowerMockito.mock(UserRemoteConfig.class); List userRemoteConfigs = Arrays.asList(userRemoteConfig); - PowerMockito.when(project.getProperty(BranchJobProperty.class)).thenReturn(branchJobProperty); - PowerMockito.when(branchJobProperty.getBranch()).thenReturn(branch); - PowerMockito.when(branch.getScm()).thenReturn(gitSCM); + + PowerMockito.when(project.getSCMs()).thenReturn(scm); + PowerMockito.when(scm.isEmpty()).thenReturn(false); + PowerMockito.when(scm.iterator()).thenReturn(it); + PowerMockito.when(it.next()).thenReturn(gitSCM); PowerMockito.when(gitSCM.getUserRemoteConfigs()).thenReturn(userRemoteConfigs); PowerMockito.when(userRemoteConfig.getUrl()).thenReturn(url); return project; From a0cce1b73a354e1933bc6469373251386f4cccae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonathan=20Pigr=C3=A9e?= Date: Wed, 15 May 2019 10:10:22 -1000 Subject: [PATCH 2/3] BranchJobProperty is set only on workflowjobs created by multibranch So in order to make multibranch build cancellable we also need to take those jobs into account. Those jobs don't have SCMs setup so we need to get the scm from the BranchJobProperty like it was done before. So, now we check if the BranchJobProperty is set and do the adequate commands to get the scm. Also, added tests for CANCEL permission which was never tested. --- ...ithubRequireOrganizationMembershipACL.java | 5 +- ...bRequireOrganizationMembershipACLTest.java | 204 ++++++++++++++---- 2 files changed, 172 insertions(+), 37 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACL.java b/src/main/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACL.java index 0474af3e..ffc06e61 100644 --- a/src/main/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACL.java +++ b/src/main/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACL.java @@ -254,7 +254,10 @@ private String getRepositoryName() { if (this.item instanceof WorkflowJob) { WorkflowJob job = (WorkflowJob) item; - if (! job.getSCMs().isEmpty()) { + + if(job.getProperty(BranchJobProperty.class) != null) { + scm = job.getProperty(BranchJobProperty.class).getBranch().getScm(); + } else if (! job.getSCMs().isEmpty()) { scm = job.getSCMs().iterator().next(); } } else if (this.item instanceof MultiBranchProject) { diff --git a/src/test/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACLTest.java b/src/test/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACLTest.java index 271987e4..0341bde6 100644 --- a/src/test/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACLTest.java +++ b/src/test/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACLTest.java @@ -162,16 +162,21 @@ private GHMyself mockGHMyselfAs(String username) throws IOException { GitHubBuilder builder = PowerMockito.mock(GitHubBuilder.class); PowerMockito.mockStatic(GitHub.class); PowerMockito.mockStatic(GitHubBuilder.class); + PowerMockito.when(GitHubBuilder.fromEnvironment()).thenReturn(builder); PowerMockito.when(builder.withEndpoint("https://api.github.com")).thenReturn(builder); PowerMockito.when(builder.withOAuthToken("accessToken")).thenReturn(builder); PowerMockito.when(builder.withRateLimitHandler(RateLimitHandler.FAIL)).thenReturn(builder); PowerMockito.when(builder.withConnector(Mockito.any(OkHttpConnector.class))).thenReturn(builder); PowerMockito.when(builder.build()).thenReturn(gh); + GHMyself me = PowerMockito.mock(GHMyself.class); + PowerMockito.when(gh.getMyself()).thenReturn((GHMyself) me); PowerMockito.when(me.getLogin()).thenReturn(username); + mockReposFor(me, Collections.emptyList()); + return me; } @@ -185,12 +190,14 @@ private void mockReposFor(GHPerson person, List repositories) thro private GHRepository mockRepository(String repositoryName, boolean isPublic, boolean admin, boolean push, boolean pull) throws IOException { GHRepository ghRepository = PowerMockito.mock(GHRepository.class); + PowerMockito.when(gh.getRepository(repositoryName)).thenReturn(ghRepository); PowerMockito.when(ghRepository.isPrivate()).thenReturn(!isPublic); PowerMockito.when(ghRepository.hasAdminAccess()).thenReturn(admin); PowerMockito.when(ghRepository.hasPushAccess()).thenReturn(push); PowerMockito.when(ghRepository.hasPullAccess()).thenReturn(pull); PowerMockito.when(ghRepository.getFullName()).thenReturn(repositoryName); + return ghRepository; } @@ -203,7 +210,27 @@ private Project mockProject(String url) { GitSCM gitSCM = PowerMockito.mock(GitSCM.class); UserRemoteConfig userRemoteConfig = PowerMockito.mock(UserRemoteConfig.class); List userRemoteConfigs = Arrays.asList(userRemoteConfig); + PowerMockito.when(project.getScm()).thenReturn(gitSCM); + PowerMockito.when(gitSCM.getUserRemoteConfigs()).thenReturn(userRemoteConfigs); + PowerMockito.when(userRemoteConfig.getUrl()).thenReturn(url); + + return project; + } + + private WorkflowJob mockWorkflowJobFromMultiBranch(String url) { + WorkflowJob project = PowerMockito.mock(WorkflowJob.class); + + Branch branch = PowerMockito.mock(Branch.class); + BranchJobProperty branchJobProperty = PowerMockito.mock(BranchJobProperty.class); + GitSCM gitSCM = PowerMockito.mock(GitSCM.class); + UserRemoteConfig userRemoteConfig = PowerMockito.mock(UserRemoteConfig.class); + List userRemoteConfigs = Arrays.asList(userRemoteConfig); + + PowerMockito.when(project.getProperty(BranchJobProperty.class)).thenReturn(branchJobProperty); + PowerMockito.when(branchJobProperty.getBranch()).thenReturn(branch); + PowerMockito.when(branch.getScm()).thenReturn(gitSCM); + PowerMockito.when(gitSCM.getUserRemoteConfigs()).thenReturn(userRemoteConfigs); PowerMockito.when(userRemoteConfig.getUrl()).thenReturn(url); return project; @@ -211,6 +238,7 @@ private Project mockProject(String url) { private WorkflowJob mockWorkflowJob(String url) { WorkflowJob project = PowerMockito.mock(WorkflowJob.class); + GitSCM gitSCM = PowerMockito.mock(GitSCM.class); Collection scm = PowerMockito.mock(Collection.class); Iterator it = PowerMockito.mock(Iterator.class); @@ -221,18 +249,23 @@ private WorkflowJob mockWorkflowJob(String url) { PowerMockito.when(scm.isEmpty()).thenReturn(false); PowerMockito.when(scm.iterator()).thenReturn(it); PowerMockito.when(it.next()).thenReturn(gitSCM); + PowerMockito.when(gitSCM.getUserRemoteConfigs()).thenReturn(userRemoteConfigs); PowerMockito.when(userRemoteConfig.getUrl()).thenReturn(url); + return project; } + private MultiBranchProject mockMultiBranchProject(String url) { WorkflowMultiBranchProject multiBranchProject = PowerMockito.mock(WorkflowMultiBranchProject.class); GitHubSCMSource gitHubSCM = PowerMockito.mock(GitHubSCMSource.class); ArrayList scmSources = new ArrayList(); scmSources.add(gitHubSCM); + PowerMockito.when(multiBranchProject.getSCMSources()).thenReturn(scmSources); PowerMockito.when(gitHubSCM.getRemote()).thenReturn(url); + return multiBranchProject; } @@ -244,104 +277,203 @@ protected void tearDown() throws Exception { } @Test - public void testCanReadAndBuildOneOfMyPrivateRepositories() throws IOException { + public void testCanReadAndBuildandCancelOneOfMyPrivateRepositories() throws IOException { GHMyself me = mockGHMyselfAs("Me"); GHRepository repo = mockRepository("me/a-repo", false, true, true, true); // private; admin, push, and pull rights mockReposFor(me, Arrays.asList(repo)); // hook to my listing String repoUrl = "https://github.com/me/a-repo.git"; + Project mockProject = mockProject(repoUrl); - MultiBranchProject mockMultiBranchProject = mockMultiBranchProject(repoUrl); WorkflowJob mockWorkflowJob = mockWorkflowJob(repoUrl); + WorkflowJob mockWorkflowJobFromMultiBranch = mockWorkflowJobFromMultiBranch(repoUrl); + MultiBranchProject mockMultiBranchProject = mockMultiBranchProject(repoUrl); + + GithubRequireOrganizationMembershipACL projectAcl = aclForProject(mockProject); GithubRequireOrganizationMembershipACL workflowJobAcl = aclForWorkflowJob(mockWorkflowJob); + GithubRequireOrganizationMembershipACL workflowJobFromMultiBranchAcl = aclForWorkflowJob(mockWorkflowJobFromMultiBranch); GithubRequireOrganizationMembershipACL multiBranchProjectAcl = aclForMultiBranchProject(mockMultiBranchProject); - GithubRequireOrganizationMembershipACL projectAcl = aclForProject(mockProject); + GithubAuthenticationToken authenticationToken = new GithubAuthenticationToken("accessToken", "https://api.github.com"); - assertTrue(projectAcl.hasPermission(authenticationToken, Item.READ)); - assertTrue(projectAcl.hasPermission(authenticationToken, Item.DISCOVER)); assertTrue(projectAcl.hasPermission(authenticationToken, Item.BUILD)); - assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.READ)); - assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertTrue(projectAcl.hasPermission(authenticationToken, Item.CANCEL)); + assertTrue(projectAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertTrue(projectAcl.hasPermission(authenticationToken, Item.READ)); + assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.BUILD)); - assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.READ)); - assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.CANCEL)); + assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.READ)); + + assertTrue(workflowJobFromMultiBranchAcl.hasPermission(authenticationToken, Item.BUILD)); + assertTrue(workflowJobFromMultiBranchAcl.hasPermission(authenticationToken, Item.CANCEL)); + assertTrue(workflowJobFromMultiBranchAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertTrue(workflowJobFromMultiBranchAcl.hasPermission(authenticationToken, Item.READ)); + assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.BUILD)); + assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.CANCEL)); + assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.READ)); } @Test - public void testCanReadAndBuildAPublicRepository() throws IOException { + public void testCanReadAndBuildAndNotCancelAPublicRepository() throws IOException { GHMyself me = mockGHMyselfAs("Me"); GHRepository repo = mockPublicRepository("node/node"); String repoUrl = "https://github.com/node/node.git"; + Project mockProject = mockProject(repoUrl); - MultiBranchProject mockMultiBranchProject = mockMultiBranchProject(repoUrl); WorkflowJob mockWorkflowJob = mockWorkflowJob(repoUrl); + WorkflowJob mockWorkflowJobFromMultiBranch = mockWorkflowJobFromMultiBranch(repoUrl); + MultiBranchProject mockMultiBranchProject = mockMultiBranchProject(repoUrl); + + GithubRequireOrganizationMembershipACL projectAcl = aclForProject(mockProject); GithubRequireOrganizationMembershipACL workflowJobAcl = aclForWorkflowJob(mockWorkflowJob); + GithubRequireOrganizationMembershipACL workflowJobFromMultiBranchAcl = aclForWorkflowJob(mockWorkflowJobFromMultiBranch); GithubRequireOrganizationMembershipACL multiBranchProjectAcl = aclForMultiBranchProject(mockMultiBranchProject); - GithubRequireOrganizationMembershipACL projectAcl = aclForProject(mockProject); + GithubAuthenticationToken authenticationToken = new GithubAuthenticationToken("accessToken", "https://api.github.com"); - assertTrue(projectAcl.hasPermission(authenticationToken, Item.READ)); - assertTrue(projectAcl.hasPermission(authenticationToken, Item.DISCOVER)); assertTrue(projectAcl.hasPermission(authenticationToken, Item.BUILD)); - assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.READ)); - assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertFalse(projectAcl.hasPermission(authenticationToken, Item.CANCEL)); + assertTrue(projectAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertTrue(projectAcl.hasPermission(authenticationToken, Item.READ)); + assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.BUILD)); - assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.READ)); - assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertFalse(workflowJobAcl.hasPermission(authenticationToken, Item.CANCEL)); + assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.READ)); + + assertTrue(workflowJobFromMultiBranchAcl.hasPermission(authenticationToken, Item.BUILD)); + assertFalse(workflowJobFromMultiBranchAcl.hasPermission(authenticationToken, Item.CANCEL)); + assertTrue(workflowJobFromMultiBranchAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertTrue(workflowJobFromMultiBranchAcl.hasPermission(authenticationToken, Item.READ)); + assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.BUILD)); + assertFalse(multiBranchProjectAcl.hasPermission(authenticationToken, Item.CANCEL)); + assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.READ)); } @Test - public void testCanReadAndBuildPrivateRepositoryIHavePullRightsOn() throws IOException { + public void testCanReadAndBuildAndNotCancelPrivateRepositoryIHavePullRightsOn() throws IOException { GHMyself me = mockGHMyselfAs("Me"); // private repo I have pull rights to GHRepository repo = mockRepository("some-org/a-private-repo", false, false, false, true); mockReposFor(me, Arrays.asList(repo)); String repoUrl = "https://github.com/some-org/a-private-repo.git"; + Project mockProject = mockProject(repoUrl); - MultiBranchProject mockMultiBranchProject = mockMultiBranchProject(repoUrl); WorkflowJob mockWorkflowJob = mockWorkflowJob(repoUrl); + WorkflowJob mockWorkflowJobFromMultiBranch = mockWorkflowJobFromMultiBranch(repoUrl); + MultiBranchProject mockMultiBranchProject = mockMultiBranchProject(repoUrl); + + GithubRequireOrganizationMembershipACL projectAcl = aclForProject(mockProject); GithubRequireOrganizationMembershipACL workflowJobAcl = aclForWorkflowJob(mockWorkflowJob); + GithubRequireOrganizationMembershipACL workflowJobFromMultiBranchAcl = aclForWorkflowJob(mockWorkflowJobFromMultiBranch); GithubRequireOrganizationMembershipACL multiBranchProjectAcl = aclForMultiBranchProject(mockMultiBranchProject); - GithubRequireOrganizationMembershipACL projectAcl = aclForProject(mockProject); GithubAuthenticationToken authenticationToken = new GithubAuthenticationToken("accessToken", "https://api.github.com"); - assertTrue(projectAcl.hasPermission(authenticationToken, Item.READ)); - assertTrue(projectAcl.hasPermission(authenticationToken, Item.DISCOVER)); assertTrue(projectAcl.hasPermission(authenticationToken, Item.BUILD)); - assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.READ)); - assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertFalse(projectAcl.hasPermission(authenticationToken, Item.CANCEL)); + assertTrue(projectAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertTrue(projectAcl.hasPermission(authenticationToken, Item.READ)); + assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.BUILD)); - assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.READ)); + assertFalse(workflowJobAcl.hasPermission(authenticationToken, Item.CANCEL)); + assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.READ)); + + assertTrue(workflowJobFromMultiBranchAcl.hasPermission(authenticationToken, Item.BUILD)); + assertFalse(workflowJobFromMultiBranchAcl.hasPermission(authenticationToken, Item.CANCEL)); + assertTrue(workflowJobFromMultiBranchAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertTrue(workflowJobFromMultiBranchAcl.hasPermission(authenticationToken, Item.READ)); + + assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.BUILD)); + assertFalse(multiBranchProjectAcl.hasPermission(authenticationToken, Item.CANCEL)); assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.READ)); + } + + @Test + public void testCanReadAndBuildAndCancelPrivateRepositoryIHavePushRightsOn() throws IOException { + GHMyself me = mockGHMyselfAs("Me"); + // private repo I have pull rights to + GHRepository repo = mockRepository("some-org/a-private-repo", false, false, true, true); + mockReposFor(me, Arrays.asList(repo)); + String repoUrl = "https://github.com/some-org/a-private-repo.git"; + + Project mockProject = mockProject(repoUrl); + WorkflowJob mockWorkflowJob = mockWorkflowJob(repoUrl); + WorkflowJob mockWorkflowJobFromMultiBranch = mockWorkflowJobFromMultiBranch(repoUrl); + MultiBranchProject mockMultiBranchProject = mockMultiBranchProject(repoUrl); + + GithubRequireOrganizationMembershipACL projectAcl = aclForProject(mockProject); + GithubRequireOrganizationMembershipACL workflowJobAcl = aclForWorkflowJob(mockWorkflowJob); + GithubRequireOrganizationMembershipACL workflowJobFromMultiBranchAcl = aclForWorkflowJob(mockWorkflowJobFromMultiBranch); + GithubRequireOrganizationMembershipACL multiBranchProjectAcl = aclForMultiBranchProject(mockMultiBranchProject); + + GithubAuthenticationToken authenticationToken = new GithubAuthenticationToken("accessToken", "https://api.github.com"); + + assertTrue(projectAcl.hasPermission(authenticationToken, Item.BUILD)); + assertTrue(projectAcl.hasPermission(authenticationToken, Item.CANCEL)); + assertTrue(projectAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertTrue(projectAcl.hasPermission(authenticationToken, Item.READ)); + + assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.BUILD)); + assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.CANCEL)); + assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertTrue(workflowJobAcl.hasPermission(authenticationToken, Item.READ)); + + assertTrue(workflowJobFromMultiBranchAcl.hasPermission(authenticationToken, Item.BUILD)); + assertTrue(workflowJobFromMultiBranchAcl.hasPermission(authenticationToken, Item.CANCEL)); + assertTrue(workflowJobFromMultiBranchAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertTrue(workflowJobFromMultiBranchAcl.hasPermission(authenticationToken, Item.READ)); + assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.BUILD)); + assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.CANCEL)); + assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertTrue(multiBranchProjectAcl.hasPermission(authenticationToken, Item.READ)); } @Test - public void testCanNotReadOrBuildRepositoryIDoNotCollaborateOn() throws IOException { + public void testCanNotReadOrBuildOrCancelRepositoryIDoNotCollaborateOn() throws IOException { GHMyself me = mockGHMyselfAs("Me"); String repoUrl = "https://github.com/some-org/another-private-repo.git"; + Project mockProject = mockProject(repoUrl); - MultiBranchProject mockMultiBranchProject = mockMultiBranchProject(repoUrl); WorkflowJob mockWorkflowJob = mockWorkflowJob(repoUrl); + WorkflowJob mockWorkflowJobFromMultiBranch = mockWorkflowJobFromMultiBranch(repoUrl); + MultiBranchProject mockMultiBranchProject = mockMultiBranchProject(repoUrl); + + GithubRequireOrganizationMembershipACL projectAcl = aclForProject(mockProject); GithubRequireOrganizationMembershipACL workflowJobAcl = aclForWorkflowJob(mockWorkflowJob); + GithubRequireOrganizationMembershipACL workflowJobFromMultiBranchAcl = aclForWorkflowJob(mockWorkflowJobFromMultiBranch); GithubRequireOrganizationMembershipACL multiBranchProjectAcl = aclForMultiBranchProject(mockMultiBranchProject); - GithubRequireOrganizationMembershipACL projectAcl = aclForProject(mockProject); GithubAuthenticationToken authenticationToken = new GithubAuthenticationToken("accessToken", "https://api.github.com"); - assertFalse(projectAcl.hasPermission(authenticationToken, Item.READ)); - assertFalse(projectAcl.hasPermission(authenticationToken, Item.DISCOVER)); assertFalse(projectAcl.hasPermission(authenticationToken, Item.BUILD)); - assertFalse(multiBranchProjectAcl.hasPermission(authenticationToken, Item.READ)); - assertFalse(multiBranchProjectAcl.hasPermission(authenticationToken, Item.DISCOVER)); - assertFalse(multiBranchProjectAcl.hasPermission(authenticationToken, Item.BUILD)); - assertFalse(workflowJobAcl.hasPermission(authenticationToken, Item.READ)); - assertFalse(workflowJobAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertFalse(projectAcl.hasPermission(authenticationToken, Item.CANCEL)); + assertFalse(projectAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertFalse(projectAcl.hasPermission(authenticationToken, Item.READ)); + assertFalse(workflowJobAcl.hasPermission(authenticationToken, Item.BUILD)); + assertFalse(workflowJobAcl.hasPermission(authenticationToken, Item.CANCEL)); + assertFalse(workflowJobAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertFalse(workflowJobAcl.hasPermission(authenticationToken, Item.READ)); + + assertFalse(workflowJobFromMultiBranchAcl.hasPermission(authenticationToken, Item.BUILD)); + assertFalse(workflowJobFromMultiBranchAcl.hasPermission(authenticationToken, Item.CANCEL)); + assertFalse(workflowJobFromMultiBranchAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertFalse(workflowJobFromMultiBranchAcl.hasPermission(authenticationToken, Item.READ)); + + assertFalse(multiBranchProjectAcl.hasPermission(authenticationToken, Item.BUILD)); + assertFalse(multiBranchProjectAcl.hasPermission(authenticationToken, Item.CANCEL)); + assertFalse(multiBranchProjectAcl.hasPermission(authenticationToken, Item.DISCOVER)); + assertFalse(multiBranchProjectAcl.hasPermission(authenticationToken, Item.READ)); } @Test From 2fbc2f3d0f78bd5687db68228bab864e08d9a549 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jonathan=20Pigr=C3=A9e?= Date: Wed, 21 Aug 2019 10:07:02 -1000 Subject: [PATCH 3/3] Do not use wildcard imports --- .../GithubRequireOrganizationMembershipACLTest.java | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/src/test/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACLTest.java b/src/test/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACLTest.java index 0341bde6..377b0a92 100644 --- a/src/test/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACLTest.java +++ b/src/test/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACLTest.java @@ -62,7 +62,12 @@ of this software and associated documentation files (the "Software"), to deal import org.powermock.modules.junit4.PowerMockRunner; import java.io.IOException; -import java.util.*; +import java.util.ArrayList; +import java.util.Arrays; +import java.util.Collection; +import java.util.Collections; +import java.util.Iterator; +import java.util.List; import hudson.model.Hudson; import hudson.model.Item;