Skip to content

Commit

Permalink
[JENKINS-58902] Non-user-scoped credentials are not shown when build …
Browse files Browse the repository at this point in the history
…authentication is configured

Fix CredentialProvider to gather system credentials when users have USE_ITEM  USE_OWN permission.
  • Loading branch information
nfalco79 committed Mar 1, 2024
1 parent e7f2f06 commit 2daaf47
Showing 1 changed file with 17 additions and 4 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -560,7 +560,15 @@ public static <C extends Credentials> List<C> lookupCredentialsInItem(@NonNull C
for (CredentialsProvider provider : all()) {
if (provider.isEnabled(item) && provider.isApplicable(type)) {
try {
for (C c: provider.getCredentialsInItem(type, item, authentication, domainRequirements)) {
List<C> credentials = provider.getCredentialsInItem(type, item, authentication, domainRequirements);
// also lookup credentials as SYSTEM if granted for this item
if (authentication != ACL.SYSTEM2
&& (item.getACL().hasPermission2(authentication, CredentialsProvider.USE_ITEM)
|| item.getACL().hasPermission2(authentication, CredentialsProvider.USE_OWN))) {
credentials.addAll(provider.getCredentialsInItem(type, item, ACL.SYSTEM2, domainRequirements));
}

for (C c: credentials) {
if (!(c instanceof IdCredentials) || ids.add(((IdCredentials) c).getId())) {
// if IdCredentials, only add if we haven't added already
// if not IdCredentials, always add
Expand Down Expand Up @@ -633,9 +641,14 @@ public static <C extends IdCredentials> ListBoxModel listCredentialsInItem(@NonN
for (CredentialsProvider provider : all()) {
if (provider.isEnabled(item) && provider.isApplicable(type)) {
try {
for (ListBoxModel.Option option : provider.getCredentialIdsInItem(
type, item, authentication, domainRequirements, matcher == null ? CredentialsMatchers.always() : matcher)
) {
ListBoxModel credentialIds = provider.getCredentialIdsInItem(type, item, authentication, domainRequirements, matcher);
// also lookup credentials with scope SYSTEM when user has grants for this item
if (authentication != ACL.SYSTEM2
&& (item.getACL().hasPermission2(authentication, CredentialsProvider.USE_ITEM)
|| item.getACL().hasPermission2(authentication, CredentialsProvider.USE_OWN))) {
credentialIds.addAll(provider.getCredentialIdsInItem(type, item, ACL.SYSTEM2, domainRequirements, matcher));
}
for (ListBoxModel.Option option : credentialIds) {
if (ids.add(option.value)) {
result.add(option);
}
Expand Down

0 comments on commit 2daaf47

Please sign in to comment.