root
/
jenkins
mirror of https://github.com/jenkinsci/jenkins.git
1
0
Fork 0
Code Issues Actions 7 Packages Projects Releases Wiki Activity

Removing `throws IOException, ServletException` from most `Permission`-related methods in `Functions`; deleting `adminCheck` (#10844)
Changelog Drafter / update_draft_release (push) Waiting to run Details
Changelog Drafter / jenkins_io_draft (push) Waiting to run Details
Label conflicting PRs / main (push) Waiting to run Details

This commit is contained in:
Kris Stern 2025-07-22 18:16:15 +08:00 committed by GitHub
parent 83fa8ccfef 2b1a5d4efd
commit 184e9d2efa
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 7 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
core/src/main/java/hudson/Functions.java
View File

@ -41,7 +41,6 @@ import hudson.model.Computer;
import hudson.model.Describable; import hudson.model.Describable;
import hudson.model.Descriptor; import hudson.model.Descriptor;
import hudson.model.DescriptorVisibilityFilter; import hudson.model.DescriptorVisibilityFilter;
import hudson.model.Hudson;
import hudson.model.Item; import hudson.model.Item;
import hudson.model.ItemGroup; import hudson.model.ItemGroup;
import hudson.model.Items; import hudson.model.Items;
@ -97,11 +96,9 @@ import hudson.util.jna.GNUCLibrary;
import hudson.views.MyViewsTabBar; import hudson.views.MyViewsTabBar;
import hudson.views.ViewsTabBar; import hudson.views.ViewsTabBar;
import hudson.widgets.RenderOnDemandClosure; import hudson.widgets.RenderOnDemandClosure;
import io.jenkins.servlet.ServletExceptionWrapper;
import io.jenkins.servlet.http.CookieWrapper; import io.jenkins.servlet.http.CookieWrapper;
import io.jenkins.servlet.http.HttpServletRequestWrapper; import io.jenkins.servlet.http.HttpServletRequestWrapper;
import io.jenkins.servlet.http.HttpServletResponseWrapper; import io.jenkins.servlet.http.HttpServletResponseWrapper;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.Cookie; import jakarta.servlet.http.Cookie;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse; import jakarta.servlet.http.HttpServletResponse;
@ -190,8 +187,6 @@ import org.kohsuke.stapler.RawHtmlArgument;
import org.kohsuke.stapler.Stapler; import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest; import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerRequest2; import org.kohsuke.stapler.StaplerRequest2;
import org.kohsuke.stapler.StaplerResponse;
import org.kohsuke.stapler.StaplerResponse2;
import org.springframework.security.access.AccessDeniedException; import org.springframework.security.access.AccessDeniedException;
/** /**
@ -921,11 +916,11 @@ public class Functions {
return buf.toString(); return buf.toString();
} }
public static void checkPermission(Permission permission) throws IOException, ServletException { public static void checkPermission(Permission permission) {
checkPermission(Jenkins.get(), permission); checkPermission(Jenkins.get(), permission);
} }
public static void checkPermission(AccessControlled object, Permission permission) throws IOException, ServletException { public static void checkPermission(AccessControlled object, Permission permission) {
if (permission != null) { if (permission != null) {
object.checkPermission(permission); object.checkPermission(permission);
} }
@ -936,7 +931,7 @@ public class Functions {
* degrades gracefully if "it" is not an {@link AccessControlled} object. * degrades gracefully if "it" is not an {@link AccessControlled} object.
* Otherwise it will perform no check and that problem is hard to notice. * Otherwise it will perform no check and that problem is hard to notice.
*/ */
public static void checkPermission(Object object, Permission permission) throws IOException, ServletException { public static void checkPermission(Object object, Permission permission) {
if (permission == null) if (permission == null)
return; return;
@ -961,7 +956,7 @@ public class Functions {
* @param permission * @param permission
* If null, returns true. This defaulting is convenient in making the use of this method terse. * If null, returns true. This defaulting is convenient in making the use of this method terse.
*/ */
public static boolean hasPermission(Permission permission) throws IOException, ServletException { public static boolean hasPermission(Permission permission) {
return hasPermission(Jenkins.get(), permission); return hasPermission(Jenkins.get(), permission);
} }
@ -969,7 +964,7 @@ public class Functions {
* This version is so that the 'hasPermission' can degrade gracefully * This version is so that the 'hasPermission' can degrade gracefully
* if "it" is not an {@link AccessControlled} object. * if "it" is not an {@link AccessControlled} object.
*/ */
public static boolean hasPermission(Object object, Permission permission) throws IOException, ServletException { public static boolean hasPermission(Object object, Permission permission) {
if (permission == null) if (permission == null)
return true; return true;
if (object instanceof AccessControlled) if (object instanceof AccessControlled)
@ -986,36 +981,6 @@ public class Functions {
} }
} }
/**
* @since 2.475
*/
public static void adminCheck(StaplerRequest2 req, StaplerResponse2 rsp, Object required, Permission permission) throws IOException, ServletException {
// this is legacy --- all views should be eventually converted to
// the permission based model.
if (required != null && !Hudson.adminCheck(StaplerRequest.fromStaplerRequest2(req), StaplerResponse.fromStaplerResponse2(rsp))) {
// check failed. commit the FORBIDDEN response, then abort.
rsp.setStatus(HttpServletResponse.SC_FORBIDDEN);
rsp.getOutputStream().close();
throw new ServletException("Unauthorized access");
}
// make sure the user owns the necessary permission to access this page.
if (permission != null)
checkPermission(permission);
}
/**
* @deprecated use {@link #adminCheck(StaplerRequest2, StaplerResponse2, Object, Permission)}
*/
@Deprecated
public static void adminCheck(StaplerRequest req, StaplerResponse rsp, Object required, Permission permission) throws IOException, javax.servlet.ServletException {
try {
adminCheck(StaplerRequest.toStaplerRequest2(req), StaplerResponse.toStaplerResponse2(rsp), required, permission);
} catch (ServletException e) {
throw ServletExceptionWrapper.fromJakartaServletException(e);
}
}
/** /**
* Infers the hudson installation URL from the given request. * Infers the hudson installation URL from the given request.
* *
@ -1298,7 +1263,7 @@ public class Functions {
* *
* @since 2.238 * @since 2.238
*/ */
public static boolean hasAnyPermission(Object object, Permission[] permissions) throws IOException, ServletException { public static boolean hasAnyPermission(Object object, Permission[] permissions) {
if (permissions == null || permissions.length == 0) { if (permissions == null || permissions.length == 0) {
return true; return true;
} }
@ -1336,7 +1301,7 @@ public class Functions {
* degrades gracefully if "it" is not an {@link AccessControlled} object. * degrades gracefully if "it" is not an {@link AccessControlled} object.
* Otherwise it will perform no check and that problem is hard to notice. * Otherwise it will perform no check and that problem is hard to notice.
*/ */
public static void checkAnyPermission(Object object, Permission[] permissions) throws IOException, ServletException { public static void checkAnyPermission(Object object, Permission[] permissions) {
if (permissions == null || permissions.length == 0) { if (permissions == null || permissions.length == 0) {
return; return;
} }

23
core/src/main/java/hudson/model/Hudson.java
View File

@ -42,7 +42,6 @@ import io.jenkins.servlet.ServletContextWrapper;
import io.jenkins.servlet.ServletExceptionWrapper; import io.jenkins.servlet.ServletExceptionWrapper;
import jakarta.servlet.ServletContext; import jakarta.servlet.ServletContext;
import jakarta.servlet.ServletException; import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletResponse;
import java.io.File; import java.io.File;
import java.io.IOException; import java.io.IOException;
import java.text.NumberFormat; import java.text.NumberFormat;
@ -51,7 +50,6 @@ import java.util.List;
import jenkins.model.Jenkins; import jenkins.model.Jenkins;
import org.jvnet.hudson.reactor.ReactorException; import org.jvnet.hudson.reactor.ReactorException;
import org.kohsuke.stapler.QueryParameter; import org.kohsuke.stapler.QueryParameter;
import org.kohsuke.stapler.Stapler;
import org.kohsuke.stapler.StaplerRequest; import org.kohsuke.stapler.StaplerRequest;
import org.kohsuke.stapler.StaplerResponse; import org.kohsuke.stapler.StaplerResponse;
import org.kohsuke.stapler.interceptor.RequirePOST; import org.kohsuke.stapler.interceptor.RequirePOST;
@ -293,27 +291,6 @@ public class Hudson extends Jenkins {
return Platform.isDarwin(); return Platform.isDarwin();
} }
/**
* @deprecated since 2007-12-18.
* Use {@link #checkPermission(hudson.security.Permission)}
*/
@Deprecated
public static boolean adminCheck() throws IOException {
return adminCheck(Stapler.getCurrentRequest(), Stapler.getCurrentResponse());
}
/**
* @deprecated since 2007-12-18.
* Use {@link #checkPermission(hudson.security.Permission)}
*/
@Deprecated
public static boolean adminCheck(StaplerRequest req, StaplerResponse rsp) throws IOException {
if (isAdmin(req)) return true;
rsp.sendError(HttpServletResponse.SC_FORBIDDEN);
return false;
}
/** /**
* Checks if the current user (for which we are processing the current request) * Checks if the current user (for which we are processing the current request)
* has the admin access. * has the admin access.