From 895d8f3f7a8714d13636ff7113db11b764927998 Mon Sep 17 00:00:00 2001
From: Jo Rhett <jrhett@netconsonance.com>
Date: Fri, 20 Sep 2019 16:07:26 -0700
Subject: Fix Authorization properties for folder and job in Folder

This outputs the correct XML schema for authorization properties for
  both a folder, and a job inside a folder.
Story: 2006493
Story: 2006611

Change-Id: I14662855613ce146f74b85f5978a0ed828f4439b
---
 jenkins_jobs/modules/properties.py | 34 +++++++++++++++++++++++++++++++---
 1 file changed, 31 insertions(+), 3 deletions(-)

(limited to 'jenkins_jobs')

diff --git a/jenkins_jobs/modules/properties.py b/jenkins_jobs/modules/properties.py
index 211f5393..342841f8 100644
--- a/jenkins_jobs/modules/properties.py
+++ b/jenkins_jobs/modules/properties.py
@@ -509,6 +509,9 @@ def authorization(registry, xml_parent, data):
        :language: yaml
     """
 
+    # get the folder name if it exists
+    in_a_folder = data.pop("_use_folder_perms")
+
     credentials = "com.cloudbees.plugins.credentials.CredentialsProvider."
     ownership = "com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin."
 
@@ -536,9 +539,23 @@ def authorization(registry, xml_parent, data):
     }
 
     if data:
-        matrix = XML.SubElement(
-            xml_parent, "hudson.security.AuthorizationMatrixProperty"
-        )
+        if in_a_folder:
+            matrix = XML.SubElement(
+                xml_parent,
+                "com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty",
+            )
+            XML.SubElement(
+                matrix,
+                "inheritanceStrategy",
+                {
+                    "class": "org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy"
+                },
+            )
+        else:
+            matrix = XML.SubElement(
+                xml_parent, "hudson.security.AuthorizationMatrixProperty"
+            )
+
         for (username, perms) in data.items():
             for perm in perms:
                 pe = XML.SubElement(matrix, "permission")
@@ -1234,4 +1251,15 @@ class Properties(jenkins_jobs.modules.base.Base):
             properties = XML.SubElement(xml_parent, "properties")
 
         for prop in data.get("properties", []):
+            # Pass a flag for folder permissions to the authorization method
+            if next(iter(prop)) == "authorization":
+                # Only projects are placed in folders
+                if "project-type" in data:
+                    if data["project-type"] == "folder":
+                        prop["authorization"]["_use_folder_perms"] = True
+                    else:
+                        prop["authorization"]["_use_folder_perms"] = "folder" in data
+                else:
+                    prop["authorization"]["_use_folder_perms"] = False
+
             self.registry.dispatch("property", properties, prop)
-- 
cgit