Fix Authorization Matrix property support on jobs in a folder

Without the fix: > 2020-05-11 10:56:12.238+0000 [id=29522] WARNING > o.e.j.s.h.ContextHandler$Context#log: Error while serving http://localhost/job/someFolder/createItem > java.lang.ClassCastException: com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty cannot be cast to hudson.model.JobProperty It turns out com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty should only be applied to Folders, not Jobs. The latter should use hudson.security.AuthorizationMatrixProperty. Task: 39760 Story: 2007666 Change-Id: I64907265b214fb1e489e1e657a30c90d6ee08c3f
author: Adam Romanek <romanek.adam@gmail.com> 2020-05-11 13:31:50 +0200
committer: Adam Romanek <romanek.adam@gmail.com> 2020-05-13 14:16:45 +0200
commit: 074985c7ff9360bb58be80ffab686746267f814f (patch)
tree: 750db91aeac4e3ad190ae40d745f2b45ef4d4668
parent: dc36dca4791897521cc19203267656eb8d736183 (diff)
download: python-jenkins-job-builder-074985c7ff9360bb58be80ffab686746267f814f.tar.gz
python-jenkins-job-builder-074985c7ff9360bb58be80ffab686746267f814f.tar.xz
python-jenkins-job-builder-074985c7ff9360bb58be80ffab686746267f814f.zip
3 files changed, 40 insertions, 7 deletions
diff --git a/jenkins_jobs/modules/properties.py b/jenkins_jobs/modules/properties.py
index 5be64a0c..41db1c03 100644
--- a/jenkins_jobs/modules/properties.py
+++ b/jenkins_jobs/modules/properties.py
@@ -521,6 +521,9 @@ def authorization(registry, xml_parent, data):
     # get the folder name if it exists
     in_a_folder = data.pop("_use_folder_perms", None) if data else None
 
+    # check if it's a folder or a job
+    is_a_folder = data.pop("_is_a_folder", None) if data else False
+
     credentials = "com.cloudbees.plugins.credentials.CredentialsProvider."
     ownership = "com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin."
 
@@ -549,10 +552,11 @@ def authorization(registry, xml_parent, data):
 
     if data:
         if in_a_folder:
-            matrix = XML.SubElement(
-                xml_parent,
-                "com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty",
-            )
+            if is_a_folder:
+                element_name = "com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty"
+            else:
+                element_name = "hudson.security.AuthorizationMatrixProperty"
+            matrix = XML.SubElement(xml_parent, element_name)
             XML.SubElement(
                 matrix,
                 "inheritanceStrategy",
@@ -1266,13 +1270,14 @@ class Properties(jenkins_jobs.modules.base.Base):
             if next(iter(prop)) == "authorization":
                 # Only projects are placed in folders
                 if "project-type" in data:
-                    if data["project-type"] == "folder":
-                        prop["authorization"]["_use_folder_perms"] = True
-                    elif data["project-type"] == "multibranch":
+                    if data["project-type"] in ("folder", "multibranch"):
                         prop["authorization"]["_use_folder_perms"] = True
+                        prop["authorization"]["_is_a_folder"] = True
                     else:
                         prop["authorization"]["_use_folder_perms"] = "folder" in data
+                        prop["authorization"]["_is_a_folder"] = False
                 else:
                     prop["authorization"]["_use_folder_perms"] = False
+                    prop["authorization"]["_is_a_folder"] = False
 
             self.registry.dispatch("property", properties, prop)
diff --git a/tests/yamlparser/fixtures/auth-jobs/project-in-folder-with-auth-properties.xml b/tests/yamlparser/fixtures/auth-jobs/project-in-folder-with-auth-properties.xml
new file mode 100644
index 00000000..3669b217
--- /dev/null
+++ b/tests/yamlparser/fixtures/auth-jobs/project-in-folder-with-auth-properties.xml
@@ -0,0 +1,20 @@
+<?xml version="1.0" encoding="utf-8"?>
+<project>
+  <actions/>
+  <description>&lt;!-- Managed by Jenkins Job Builder --&gt;</description>
+  <keepDependencies>false</keepDependencies>
+  <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
+  <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
+  <concurrentBuild>false</concurrentBuild>
+  <canRoam>true</canRoam>
+  <properties>
+    <hudson.security.AuthorizationMatrixProperty>
+      <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy"/>
+      <permission>hudson.model.Item.Build:auser</permission>
+    </hudson.security.AuthorizationMatrixProperty>
+  </properties>
+  <scm class="hudson.scm.NullSCM"/>
+  <builders/>
+  <publishers/>
+  <buildWrappers/>
+</project>
diff --git a/tests/yamlparser/fixtures/project-in-folder-with-auth-properties.yaml b/tests/yamlparser/fixtures/project-in-folder-with-auth-properties.yaml
new file mode 100644
index 00000000..ab4dd532
--- /dev/null
+++ b/tests/yamlparser/fixtures/project-in-folder-with-auth-properties.yaml
@@ -0,0 +1,8 @@
+- job:
+    folder: auth-jobs
+    name: auth-job-test
+    project-type: freestyle
+    properties:
+    - authorization:
+        auser:
+          - job-build
author	Adam Romanek <romanek.adam@gmail.com>	2020-05-11 13:31:50 +0200
committer	Adam Romanek <romanek.adam@gmail.com>	2020-05-13 14:16:45 +0200
commit	074985c7ff9360bb58be80ffab686746267f814f (patch)
tree	750db91aeac4e3ad190ae40d745f2b45ef4d4668
parent	dc36dca4791897521cc19203267656eb8d736183 (diff)
download	python-jenkins-job-builder-074985c7ff9360bb58be80ffab686746267f814f.tar.gz python-jenkins-job-builder-074985c7ff9360bb58be80ffab686746267f814f.tar.xz python-jenkins-job-builder-074985c7ff9360bb58be80ffab686746267f814f.zip