Merge pull request #378 from amuniz/JENKINS-73163

KostyaSha · web-flow · commit c6481b452dd4 · 2024-05-13T14:33:59.000+03:00
[JENKINS-73163] Allow users with Overall/Manage permission to configure GitHub Servers
diff --git a/pom.xml b/pom.xml
@@ -53,6 +53,7 @@
         <jenkins.version>2.414.3</jenkins.version>
         <release.skipTests>false</release.skipTests>
         <tagNameFormat>v@{project.version}</tagNameFormat>
+        <useBeta>true</useBeta> <!-- For Jenkins.MANAGE permission -->
     </properties>
 
     <repositories>
diff --git a/src/main/java/org/jenkinsci/plugins/github/config/GitHubServerConfig.java b/src/main/java/org/jenkinsci/plugins/github/config/GitHubServerConfig.java
@@ -348,7 +348,7 @@ public String getDisplayName() {
         @SuppressWarnings("unused")
         public ListBoxModel doFillCredentialsIdItems(@QueryParameter String apiUrl,
                                                      @QueryParameter String credentialsId) {
-            if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) {
+            if (!Jenkins.getInstance().hasPermission(Jenkins.MANAGE)) {
                 return new StandardListBoxModel().includeCurrentValue(credentialsId);
             }
             return new StandardListBoxModel()
@@ -367,7 +367,7 @@ public ListBoxModel doFillCredentialsIdItems(@QueryParameter String apiUrl,
         public FormValidation doVerifyCredentials(
                 @QueryParameter String apiUrl,
                 @QueryParameter String credentialsId) throws IOException {
-            Jenkins.getActiveInstance().checkPermission(Jenkins.ADMINISTER);
+            Jenkins.getActiveInstance().checkPermission(Jenkins.MANAGE);
 
             GitHubServerConfig config = new GitHubServerConfig(credentialsId);
             config.setApiUrl(apiUrl);
diff --git a/src/main/java/org/jenkinsci/plugins/github/config/HookSecretConfig.java b/src/main/java/org/jenkinsci/plugins/github/config/HookSecretConfig.java
@@ -62,7 +62,7 @@ public String getDisplayName() {
 
         @SuppressWarnings("unused")
         public ListBoxModel doFillCredentialsIdItems(@QueryParameter String credentialsId) {
-            if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) {
+            if (!Jenkins.getInstance().hasPermission(Jenkins.MANAGE)) {
                 return new StandardListBoxModel().includeCurrentValue(credentialsId);
             }
 
diff --git a/src/test/java/org/jenkinsci/plugins/github/config/GitHubServerConfigIntegrationTest.java b/src/test/java/org/jenkinsci/plugins/github/config/GitHubServerConfigIntegrationTest.java
@@ -107,7 +107,9 @@ public void shouldNotAllow_CredentialsLeakage_usingVerifyCredentials() throws Ex
         j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
 
         GlobalMatrixAuthorizationStrategy strategy = new GlobalMatrixAuthorizationStrategy();
-        strategy.add(Jenkins.ADMINISTER, "admin");
+        Jenkins.MANAGE.setEnabled(true);
+        strategy.add(Jenkins.MANAGE, "admin");
+        strategy.add(Jenkins.READ, "admin");
         strategy.add(Jenkins.READ, "user");
         j.jenkins.setAuthorizationStrategy(strategy);
         
@@ -121,7 +123,7 @@ public void shouldNotAllow_CredentialsLeakage_usingVerifyCredentials() throws Ex
             
             assertThat(attackerServlet.secretCreds, isEmptyOrNullString());
         }
-        { // only admin can verify the credentials
+        { // only admin (with Manage permission) can verify the credentials
             JenkinsRule.WebClient wc = j.createWebClient();
             wc.getOptions().setThrowExceptionOnFailingStatusCode(false);
             wc.login("admin");

Original file line number	Diff line number	Diff line change
`@@ -62,7 +62,7 @@ public String getDisplayName() {`
`62`	`62`
`63`	`63`	`@SuppressWarnings("unused")`
`64`	`64`	`public ListBoxModel doFillCredentialsIdItems(@QueryParameter String credentialsId) {`
`65`		`- if (!Jenkins.getInstance().hasPermission(Jenkins.ADMINISTER)) {`
	`65`	`+ if (!Jenkins.getInstance().hasPermission(Jenkins.MANAGE)) {`
`66`	`66`	`return new StandardListBoxModel().includeCurrentValue(credentialsId);`
`67`	`67`	`}`
`68`	`68`