Fix Authorization properties for folder and job in Folder

This outputs the correct XML schema for authorization properties for both a folder, and a job inside a folder. Story: 2006493 Story: 2006611 Change-Id: I14662855613ce146f74b85f5978a0ed828f4439b
author: Jo Rhett <jrhett@netconsonance.com> 2019-09-20 16:07:26 -0700
committer: Jo Rhett <jrhett@netconsonance.com> 2019-10-02 12:07:13 -0700
commit: 895d8f3f7a8714d13636ff7113db11b764927998 (patch)
tree: 673c543741e34897e568e922c44feba26c719c41
parent: fc63f1439816d9022a2d538614b0b7592f96b454 (diff)
download: python-jenkins-job-builder-895d8f3f7a8714d13636ff7113db11b764927998.tar.gz
python-jenkins-job-builder-895d8f3f7a8714d13636ff7113db11b764927998.tar.xz
python-jenkins-job-builder-895d8f3f7a8714d13636ff7113db11b764927998.zip
3 files changed, 65 insertions, 3 deletions
diff --git a/jenkins_jobs/modules/properties.py b/jenkins_jobs/modules/properties.py
index 211f5393..342841f8 100644
--- a/jenkins_jobs/modules/properties.py
+++ b/jenkins_jobs/modules/properties.py
@@ -509,6 +509,9 @@ def authorization(registry, xml_parent, data):
        :language: yaml
     """
 
+    # get the folder name if it exists
+    in_a_folder = data.pop("_use_folder_perms")
+
     credentials = "com.cloudbees.plugins.credentials.CredentialsProvider."
     ownership = "com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin."
 
@@ -536,9 +539,23 @@ def authorization(registry, xml_parent, data):
     }
 
     if data:
-        matrix = XML.SubElement(
-            xml_parent, "hudson.security.AuthorizationMatrixProperty"
-        )
+        if in_a_folder:
+            matrix = XML.SubElement(
+                xml_parent,
+                "com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty",
+            )
+            XML.SubElement(
+                matrix,
+                "inheritanceStrategy",
+                {
+                    "class": "org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy"
+                },
+            )
+        else:
+            matrix = XML.SubElement(
+                xml_parent, "hudson.security.AuthorizationMatrixProperty"
+            )
+
         for (username, perms) in data.items():
             for perm in perms:
                 pe = XML.SubElement(matrix, "permission")
@@ -1234,4 +1251,15 @@ class Properties(jenkins_jobs.modules.base.Base):
             properties = XML.SubElement(xml_parent, "properties")
 
         for prop in data.get("properties", []):
+            # Pass a flag for folder permissions to the authorization method
+            if next(iter(prop)) == "authorization":
+                # Only projects are placed in folders
+                if "project-type" in data:
+                    if data["project-type"] == "folder":
+                        prop["authorization"]["_use_folder_perms"] = True
+                    else:
+                        prop["authorization"]["_use_folder_perms"] = "folder" in data
+                else:
+                    prop["authorization"]["_use_folder_perms"] = False
+
             self.registry.dispatch("property", properties, prop)
diff --git a/tests/yamlparser/fixtures/project_folder_template003.xml b/tests/yamlparser/fixtures/project_folder_template003.xml
new file mode 100644
index 00000000..717ab44d
--- /dev/null
+++ b/tests/yamlparser/fixtures/project_folder_template003.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<com.cloudbees.hudson.plugins.folder.Folder plugin="cloudbees-folder">
+  <icon class="com.cloudbees.hudson.plugins.folder.icons.StockFolderIcon"/>
+  <views/>
+  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
+  <primaryView>All</primaryView>
+  <healthMetrics/>
+  <actions/>
+  <description>foo bar&lt;!-- Managed by Jenkins Job Builder --&gt;</description>
+  <keepDependencies>false</keepDependencies>
+  <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
+  <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
+  <concurrentBuild>false</concurrentBuild>
+  <canRoam>true</canRoam>
+  <properties>
+    <com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty>
+      <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy"/>
+      <permission>hudson.model.Item.Read:foobar</permission>
+      <permission>hudson.model.Item.ExtendedRead:foobar</permission>
+    </com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty>
+  </properties>
+  <scm class="hudson.scm.NullSCM"/>
+  <publishers/>
+  <buildWrappers/>
+</com.cloudbees.hudson.plugins.folder.Folder>
diff --git a/tests/yamlparser/fixtures/project_folder_template003.yaml b/tests/yamlparser/fixtures/project_folder_template003.yaml
new file mode 100644
index 00000000..af214cee
--- /dev/null
+++ b/tests/yamlparser/fixtures/project_folder_template003.yaml
@@ -0,0 +1,9 @@
+- job:
+    name: folder_with_auth
+    project-type: folder
+    description: foo bar
+    properties:
+      - authorization:
+          foobar:
+            - 'job-read'
+            - 'job-extended-read'
author	Jo Rhett <jrhett@netconsonance.com>	2019-09-20 16:07:26 -0700
committer	Jo Rhett <jrhett@netconsonance.com>	2019-10-02 12:07:13 -0700
commit	895d8f3f7a8714d13636ff7113db11b764927998 (patch)
tree	673c543741e34897e568e922c44feba26c719c41
parent	fc63f1439816d9022a2d538614b0b7592f96b454 (diff)
download	python-jenkins-job-builder-895d8f3f7a8714d13636ff7113db11b764927998.tar.gz python-jenkins-job-builder-895d8f3f7a8714d13636ff7113db11b764927998.tar.xz python-jenkins-job-builder-895d8f3f7a8714d13636ff7113db11b764927998.zip