Merge branch 'centralized-permissions' into cloud-maintenance

Merging the permission manager changes to the working branch and also
reverting the UUID logic.

Author: prathamalwayscomeslast

src/main/java/com/sap/prd/jenkins/plugins/agent_maintenance/MaintenanceAction.java

@@ -14,7 +14,6 @@
 import java.io.IOException;
 import java.time.LocalDateTime;
 import java.util.ArrayList;
-import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.List;
@@ -64,33 +63,12 @@ public boolean isVisible() {
       if (!MaintenanceHelper.getInstance().isValidTarget(target.toKey())) {
         return false;
       }
-
-      if (isAgent()) {
-        Computer computer = Jenkins.get().getComputer(target.getName());
-        return computer != null
-                && (computer.hasPermission(Computer.DISCONNECT)
-                        || computer.hasPermission(Computer.CONFIGURE)
-                        || computer.hasPermission(Computer.EXTENDED_READ))
-                && computer.getNode() != null;
-      }
-      return Jenkins.get().hasPermission(Jenkins.ADMINISTER);
+      return PermissionManager.canView(target);
     } catch (IOException e) {
       return false;
     }
   }
 
-  protected void checkPermission(Permission... permissions) {
-    if (isAgent()) {
-      Computer c = Jenkins.get().getComputer(target.getName());
-      if (c == null) {
-        throw new IllegalStateException("Agent '" + target.getName() + "' no longer exists");
-      }
-      c.checkAnyPermission(permissions);
-    } else { // For cloud
-      Jenkins.get().checkPermission(Jenkins.ADMINISTER);
-    }
-  }
-
   @Override
   public String getIconFileName() {
     if (isVisible()) {
@@ -103,7 +81,7 @@ public String getIconFileName() {
   @Override
   public String getDisplayName() {
     if (isVisible()) {
-      if (hasPermissions()) {
+      if (PermissionManager.canModify(target)) {
         return Messages.MaintenanceAction_maintenanceWindows();
       } else {
         return Messages.MaintenanceAction_view();
@@ -182,58 +160,30 @@ public Computer getAgentComputer() {
   }
 
   /**
-   * Checks if the user has permissions to access MaintenanceWindows.
+   * Checks if the user can view maintenance windows for this target (called by jelly).
    *
-   * @return true if they do.
+   * @return true if they can view.
    */
   public boolean hasPermissions() {
-    if (isAgent()) {
-      Computer c = Jenkins.get().getComputer(target.getName());
-      return c != null
-              && (c.hasPermission(Computer.DISCONNECT)
-              || c.hasPermission(Computer.CONFIGURE)
-              || c.hasPermission(Computer.EXTENDED_READ));
-    } else {
-      return Jenkins.get().hasPermission(Jenkins.ADMINISTER);
-    }
+    return PermissionManager.canView(target);
   }
 
   /**
-   * Checks the given permissions.
+   * Checks if the user can add or edit maintenance windows for this target (called by jelly).
    *
-   * @param permissions A group of permissions to be checked.
-   * @return true if all permissions are granted.
+   * @return true if they can modify.
    */
-  public boolean hasPermissions(Permission... permissions) {
-    if (isAgent()) {
-      Computer c = Jenkins.get().getComputer(target.getName());
-      return c != null && Arrays.stream(permissions).allMatch(c::hasPermission);
-    } else {
-      return Jenkins.get().hasPermission(Jenkins.ADMINISTER);
-    }
+  public boolean hasModifyPermission() {
+    return PermissionManager.canModify(target);
   }
 
   /**
-   * Checks if the user has permissions to delete MaintenanceWindows.
+   * Checks if the user can delete maintenance windows for this target.
    *
-   * @return true if they do.
+   * @return true if they can delete.
    */
   public boolean hasDeletePermission() {
-    if (isAgent()) {
-      Computer c = Jenkins.get().getComputer(target.getName());
-      return c != null && (c.hasPermission(Computer.DISCONNECT) || c.hasPermission(Computer.CONFIGURE));
-    } else {
-      return Jenkins.get().hasPermission(Jenkins.ADMINISTER);
-    }
-  }
-
-  /**
-   * Checks if the user has permissions to delete Cloud windows.
-   *
-   * @return true if they do.
-   */
-  public boolean hasCloudDeletePermission() {
-    return Jenkins.get().hasPermission(Jenkins.ADMINISTER);
+    return PermissionManager.canDelete(target);
   }
 
   /**
@@ -321,7 +271,7 @@ public Set<RecurringMaintenanceWindow> getRecurringMaintenanceWindows() {
    */
   @POST
   public HttpResponse doAdd(StaplerRequest2 req) throws IOException, ServletException {
-    checkPermission(CONFIGURE_AND_DISCONNECT);
+    PermissionManager.checkCanModify(target);
 
     JSONObject src = req.getSubmittedForm();
     MaintenanceWindow mw = req.bindJSON(MaintenanceWindow.class, src);
@@ -339,7 +289,7 @@ public HttpResponse doAdd(StaplerRequest2 req) throws IOException, ServletExcept
    */
   @POST
   public void doAddRecurring(StaplerRequest2 req, StaplerResponse2 rsp) throws IOException, ServletException {
-    checkPermission(CONFIGURE_AND_DISCONNECT);
+    PermissionManager.checkCanModify(target);
 
     JSONObject src = req.getSubmittedForm();
     RecurringMaintenanceWindow rmw = req.bindJSON(RecurringMaintenanceWindow.class, src);
@@ -354,7 +304,7 @@ public void doAddRecurring(StaplerRequest2 req, StaplerResponse2 rsp) throws IOE
    */
   @JavaScriptMethod
   public String[] deleteMultiple(String[] ids) {
-    checkPermission(CONFIGURE_AND_DISCONNECT);
+    PermissionManager.checkCanDelete(target);
     List<String> deletedList = new ArrayList<>();
     for (String id : ids) {
       try {
@@ -375,7 +325,7 @@ public String[] deleteMultiple(String[] ids) {
   @JavaScriptMethod
   public Map<String, Boolean> getMaintenanceStatus() {
     Map<String, Boolean> statusList = new HashMap<>();
-    if (hasPermissions()) {
+    if (PermissionManager.canView(target)) {
       try {
         for (MaintenanceWindow mw : MaintenanceHelper.getInstance().getMaintenanceWindows(target.toKey())) {
           if (!mw.isMaintenanceOver()) {
@@ -396,7 +346,7 @@ public Map<String, Boolean> getMaintenanceStatus() {
    */
   @JavaScriptMethod
   public String[] deleteMultipleRecurring(String[] ids) {
-    checkPermission(CONFIGURE_AND_DISCONNECT);
+    PermissionManager.checkCanDelete(target);
     List<String> deletedList = new ArrayList<>();
     for (String id : ids) {
       try {
@@ -417,7 +367,7 @@ public String[] deleteMultipleRecurring(String[] ids) {
   @JavaScriptMethod
   public boolean deleteMaintenance(String id) {
     try {
-      checkPermission(CONFIGURE_AND_DISCONNECT);
+      PermissionManager.checkCanDelete(target);
       if (Util.fixEmptyAndTrim(id) == null) {
         return false;
       }
@@ -442,7 +392,7 @@ public boolean deleteMaintenance(String id) {
   @JavaScriptMethod
   public boolean deleteRecurringMaintenance(String id) {
     try {
-      checkPermission(CONFIGURE_AND_DISCONNECT);
+      PermissionManager.checkCanDelete(target);
       if (Util.fixEmptyAndTrim(id) == null) {
         return false;
       }
@@ -469,7 +419,7 @@ public boolean deleteRecurringMaintenance(String id) {
    */
   @POST
   public synchronized HttpResponse doConfigSubmit(StaplerRequest2 req) throws IOException, ServletException {
-    checkPermission(Computer.CONFIGURE);
+    PermissionManager.checkCanModify(target);
 
     JSONObject src = req.getSubmittedForm();
 
@@ -500,7 +450,7 @@ public synchronized HttpResponse doConfigSubmit(StaplerRequest2 req) throws IOEx
   public void doEnable(StaplerResponse2 rsp) throws IOException {
     Computer c = getAgentComputer();
     if (c != null) {
-      c.checkPermission(Computer.CONFIGURE);
+      PermissionManager.checkCanModify(target);
       MaintenanceHelper.getInstance().injectRetentionStrategy(c);
     }
     rsp.sendRedirect(".");
@@ -516,7 +466,7 @@ public void doEnable(StaplerResponse2 rsp) throws IOException {
   public void doDisable(StaplerResponse2 rsp) throws IOException {
     Computer c = getAgentComputer();
     if (c != null) {
-      c.checkPermission(Computer.CONFIGURE);
+      PermissionManager.checkCanModify(target);
       MaintenanceHelper.getInstance().removeRetentionStrategy(c);
     }
 
@@ -536,15 +486,14 @@ public void doIndex(StaplerRequest2 req, StaplerResponse2 rsp)
         rsp.sendError(HttpServletResponse.SC_NOT_FOUND);  // 404
         return;
       }
-      c.checkAnyPermission(Computer.EXTENDED_READ, Computer.CONFIGURE, Computer.DISCONNECT);
     } else {
       Cloud cloud = getCloud();
       if (cloud == null) {
         rsp.sendError(HttpServletResponse.SC_NOT_FOUND);
         return;
       }
-      Jenkins.get().checkPermission(Jenkins.ADMINISTER);
     }
+    PermissionManager.checkCanView(target);
 
     req.getView(this, "index.jelly").forward(req, rsp);
   }

src/main/java/com/sap/prd/jenkins/plugins/agent_maintenance/MaintenanceLink.java

@@ -55,20 +55,18 @@ public String getDescription() {
 
   @Override
   public String getDisplayName() {
-    boolean hasClouds, hasAgents;
-    try {
-      hasClouds = !getCloudTargets().isEmpty();
-      hasAgents = !getAgentTargets().isEmpty();
-    } catch (IOException e) {
-      LOGGER.log(Level.WARNING, "Error while reading cloud metadata", e);
-      throw new RuntimeException(e);
-    }
+    List<MaintenanceAction> all = getTargets();
+    boolean hasAgents = all.stream().anyMatch(MaintenanceAction::isAgent);
+    boolean hasClouds = all.stream().anyMatch(MaintenanceAction::isCloud);
+
     if (hasAgents && !hasClouds) {
       return Messages.MaintenanceLink_displayName_agent();
     }
+
     if (hasClouds && !hasAgents) {
       return Messages.MaintenanceLink_displayName_cloud();
     }
+
     return Messages.MaintenanceLink_displayName();
   }
 
@@ -124,11 +122,13 @@ public List<MaintenanceAction> getTargets() throws IOException {
       }
     }
 
-    return targetList;
+    return targetList.stream()
+        .filter(action -> PermissionManager.canView(action.getTarget()))
+        .toList();
   }
 
   /**
-   * Gets all Agents' maintenance actions.
+   * Gets all Agents' maintenance actions (called by jelly).
    *
    * @return List of all Agent actions.
    */
@@ -140,7 +140,7 @@ public List<MaintenanceAction> getAgentTargets() throws IOException {
   }
 
   /**
-   * Gets all Clouds' maintenance actions.
+   * Gets all Clouds' maintenance actions (called by jelly).
    *
    * @return List of all Cloud actions.
    */
@@ -242,7 +242,8 @@ private String getVerb(int count, String target) {
    */
   @JavaScriptMethod
   public boolean deleteMaintenance(String id, String targetKey) {
-    if (hasPermission(targetKey)) {
+    MaintenanceTarget target = MaintenanceTarget.fromKey(targetKey);
+    if (PermissionManager.canDelete(target)) {
       try {
         MaintenanceHelper.getInstance().deleteMaintenanceWindow(targetKey, id);
         return true;
@@ -265,7 +266,8 @@ public String[] deleteMultiple(JSONObject json) {
     List<String> deletedList = new ArrayList<>();
     for (Entry<String, String> entry : mwList.entrySet()) {
       String targetKey = entry.getValue();
-      if (hasPermission(targetKey)) {
+      MaintenanceTarget target = MaintenanceTarget.fromKey(targetKey);
+      if (PermissionManager.canDelete(target)) {
         String id = entry.getKey();
         try {
           MaintenanceHelper.getInstance().deleteMaintenanceWindow(targetKey, id);
@@ -288,16 +290,14 @@ public Map<String, Boolean> getMaintenanceStatus() throws IOException {
     Map<String, Boolean> statusList = new HashMap<>();
     for (MaintenanceAction action : getTargets()) {
       try {
-        if (!action.hasPermissions()) {
+        if (!PermissionManager.canView(action.getTarget())) {
           continue;
         }
 
         MaintenanceTarget target = action.getTarget();
-        if (target != null) {
-          for (MaintenanceWindow mw : MaintenanceHelper.getInstance().getMaintenanceWindows(target.toKey())) {
-            if (!mw.isMaintenanceOver()) {
-              statusList.put(mw.getId(), mw.isMaintenanceScheduled());
-            }
+        for (MaintenanceWindow mw : MaintenanceHelper.getInstance().getMaintenanceWindows(target.toKey())) {
+          if (!mw.isMaintenanceOver()) {
+            statusList.put(mw.getId(), mw.isMaintenanceScheduled());
           }
         }
       } catch (IOException ioe) {
@@ -307,34 +307,6 @@ public Map<String, Boolean> getMaintenanceStatus() throws IOException {
     return statusList;
   }
 
-  /**
-   * Returns list of available clouds for multi select.
-   *
-   * @return List of available clouds
-   */
-  public List<CloudOption> getAvailableClouds() {
-    List<CloudOption> options = new ArrayList<>();
-    Map<String, Boolean> duplicateMap = new HashMap<>();
-    Jenkins j = Jenkins.get();
-
-    for (Cloud cloud : j.clouds) {
-      duplicateMap.put(cloud.name, CLOUD_UUID_STORE.hasDuplicates(cloud.name));
-    }
-
-    for (Cloud cloud : j.clouds) {
-      String uuid = CLOUD_UUID_STORE.getUuidIfPresent(cloud);
-      boolean hasDuplicate = duplicateMap.getOrDefault(cloud.name, false);
-      String shortUuid = (uuid == null) ? null : uuid.substring(0, 8);
-      options.add(new CloudOption(cloud.name, uuid, shortUuid, hasDuplicate));
-    }
-    return options;
-  }
-
-  private boolean hasPermission(String targetKey) {
-    MaintenanceAction action = new MaintenanceAction(MaintenanceTarget.fromKey(targetKey));
-    return action.hasPermissions();
-  }
-
   @Restricted(NoExternalUse.class)
   public FormValidation doCheckLabel(@QueryParameter String value) {
     return LabelExpression.validate(value);