public class RoleBasedAuthorizationStrategy
extends hudson.security.AuthorizationStrategy
Modifier and Type | Class and Description |
---|---|
static class |
RoleBasedAuthorizationStrategy.ConverterImpl
Converter used to persist and retrieve the strategy from disk.
|
static class |
RoleBasedAuthorizationStrategy.DescriptorImpl
Descriptor used to bind the strategy to the Web forms.
|
Modifier and Type | Field and Description |
---|---|
static RoleBasedAuthorizationStrategy.DescriptorImpl |
DESCRIPTOR |
static String |
GLOBAL |
static String |
MACRO_ROLE |
static String |
MACRO_USER |
static String |
PROJECT |
static String |
SLAVE |
Constructor and Description |
---|
RoleBasedAuthorizationStrategy() |
RoleBasedAuthorizationStrategy(Map<String,RoleMap> grantedRoles) |
Modifier and Type | Method and Description |
---|---|
void |
doAddRole(String type,
String roleName,
String permissionIds,
String overwrite,
String pattern)
API method to add roles
|
void |
doAssignRole(String type,
String roleName,
String sid)
API method to assign SID to role.
|
void |
doDeleteSid(String type,
String sid)
API method to delete a SID from all granted roles.
|
void |
doGetAllRoles(String type)
API method to get all groups/users with their role in any role type
Example: curl -X GET localhost:8080/role-strategy/strategy/getAllRoles?type=projectRoles
|
void |
doRemoveRoles(String type,
String roleNames)
API method to remove roles.
|
void |
doUnassignRole(String type,
String roleName,
String sid)
API method to unassign group/user with a role
Example: curl -X POST localhost:8080/role-strategy/strategy/unassignRole --data "type=globalRoles&roleName=AMD&sid=username"
|
hudson.security.ACL |
getACL(hudson.model.AbstractItem project) |
hudson.security.ACL |
getACL(hudson.model.Computer computer) |
hudson.security.ACL |
getACL(hudson.model.Job<?,?> project)
Get the specific ACL for projects.
|
SortedMap<Role,Set<String>> |
getGrantedRoles(String type)
Get the roles from the global
RoleMap . |
Collection<String> |
getGroups()
Used by the container realm.
|
static RoleBasedAuthorizationStrategy |
getInstance()
Retrieves instance of the strategy.
|
hudson.security.SidACL |
getRootACL()
Get the root ACL.
|
Set<String> |
getSIDs(String type)
Get all the SIDs referenced by specified
RoleMap type. |
static boolean |
isCreateAllowed()
Control job create using
RoleBasedProjectNamingStrategy . |
public static final String GLOBAL
public static final String PROJECT
public static final String SLAVE
public static final String MACRO_ROLE
public static final String MACRO_USER
@Extension public static final RoleBasedAuthorizationStrategy.DescriptorImpl DESCRIPTOR
public hudson.security.SidACL getRootACL()
getRootACL
in class hudson.security.AuthorizationStrategy
public hudson.security.ACL getACL(hudson.model.Job<?,?> project)
getACL
in class hudson.security.AuthorizationStrategy
project
- The access-controlled projectpublic hudson.security.ACL getACL(hudson.model.AbstractItem project)
getACL
in class hudson.security.AuthorizationStrategy
public hudson.security.ACL getACL(hudson.model.Computer computer)
getACL
in class hudson.security.AuthorizationStrategy
public Collection<String> getGroups()
getGroups
in class hudson.security.AuthorizationStrategy
@Nullable public SortedMap<Role,Set<String>> getGrantedRoles(String type)
RoleMap
.
The returned sorted map is unmodifiable.
@CheckForNull public Set<String> getSIDs(String type)
RoleMap
type.@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public void doAddRole(@QueryParameter(required=true) String type, @QueryParameter(required=true) String roleName, @QueryParameter(required=true) String permissionIds, @QueryParameter(required=true) String overwrite, @QueryParameter(required=false) String pattern) throws IOException
example: curl -X POST localhost:8080/role-strategy/strategy/addRole --data "type=globalRoles&roleName=ADM&
permissionIds=hudson.model.Item.Discover,hudson.model.Item.ExtendedRead&overwrite=true"
type
- (globalRoles, projectRoles)roleName
- Name of rolepermissionIds
- Comma separated list of IDs for given roleNameoverwrite
- Overwrite existing rolepattern
- Role patternIOException
- In case saving changes fails@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public void doRemoveRoles(@QueryParameter(required=true) String type, @QueryParameter(required=true) String roleNames) throws IOException
curl -X POST localhost:8080/role-strategy/strategy/removeRoles --data "type=globalRoles&
roleNames=ADM,DEV"
type
- (globalRoles, projectRoles, slaveRoles)roleNames
- comma separated list of roles to remove from typeIOException
- in case saving changes fails@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public void doAssignRole(@QueryParameter(required=true) String type, @QueryParameter(required=true) String roleName, @QueryParameter(required=true) String sid) throws IOException
curl -X POST localhost:8080/role-strategy/strategy/assignRole --data "type=globalRoles&roleName=ADM
&sid=username"
type
- (globalRoles, projectRoles, slaveRoles)roleName
- name of role (single, no list)sid
- user ID (single, no list)IOException
- in case saving changes fails@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public void doDeleteSid(@QueryParameter(required=true) String type, @QueryParameter(required=true) String sid) throws IOException
type
- (globalRoles, projectRoles, slaveRoles)sid
- user ID to removeIOException
- in case saving changes fails@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public void doUnassignRole(@QueryParameter(required=true) String type, @QueryParameter(required=true) String roleName, @QueryParameter(required=true) String sid) throws IOException
type
- (globalRoles, projectRoles, slaveRoles)roleName
- unassign role with sidsid
- user ID to removeIOException
- in case saving changes fails@Restricted(value=org.kohsuke.accmod.restrictions.NoExternalUse.class) public void doGetAllRoles(@QueryParameter(fixEmpty=true) String type) throws IOException
type
- (globalRoles by default, projectRoles, slaveRoles)IOException
@CheckForNull public static RoleBasedAuthorizationStrategy getInstance()
null
if it is disabled.public static boolean isCreateAllowed()
RoleBasedProjectNamingStrategy
.Copyright © 2016–2018. All rights reserved.