[JENKINS-73038] Adapt plugin to allow user with Overall/Manage to configure global settings

pom.xml

@@ -5,7 +5,7 @@
  <parent>
  <groupId>org.jenkins-ci.plugins</groupId>
  <artifactId>plugin</artifactId>
- <version>4.80</version>
+ <version>4.81</version>
  <relativePath />
  </parent>
 
@@ -30,6 +30,7 @@
  <gitHubRepo>jenkinsci/bitbucket-branch-source-plugin</gitHubRepo>
  <jenkins.version>2.401.3</jenkins.version>
  <hpi.compatibleSinceVersion>2.0</hpi.compatibleSinceVersion>
+ <useBeta>true</useBeta> <!-- Jenkins.MANAGE -->
  </properties>
 
  <developers>

src/main/java/com/cloudbees/jenkins/plugins/bitbucket/BitbucketApiUtils.java

@@ -35,7 +35,7 @@
  if (repoOwner == null) {
  return new ListBoxModel();
  }
- if (context == null && !Jenkins.get().hasPermission(Jenkins.ADMINISTER) ||
+ if (context == null && !Jenkins.get().hasPermission(Jenkins.MANAGE) ||
  context != null && !context.hasPermission(Item.EXTENDED_READ)) {
  return new ListBoxModel(); // not supposed to be seeing this form
  }

src/main/java/com/cloudbees/jenkins/plugins/bitbucket/SSHCheckoutTrait.java

@@ -171,7 +171,7 @@
  @QueryParameter String serverUrl,
  @QueryParameter String credentialsId) {
  if (context == null
- ? !Jenkins.get().hasPermission(Jenkins.ADMINISTER)
+ ? !Jenkins.get().hasPermission(Jenkins.MANAGE)
  : !context.hasPermission(Item.EXTENDED_READ)) {
  return new StandardListBoxModel().includeCurrentValue(credentialsId);
  }
@@ -202,7 +202,7 @@
  @QueryParameter String serverUrl,
  @QueryParameter String value) {
  if (context == null
- ? !Jenkins.get().hasPermission(Jenkins.ADMINISTER)
+ ? !Jenkins.get().hasPermission(Jenkins.MANAGE)
  : !context.hasPermission(Item.EXTENDED_READ)) {
  return FormValidation.ok();
  }

src/main/java/com/cloudbees/jenkins/plugins/bitbucket/endpoints/AbstractBitbucketEndpointDescriptor.java

@@ -56,7 +56,7 @@ public abstract class AbstractBitbucketEndpointDescriptor extends Descriptor<Abs
  @SuppressWarnings("unused")
  public ListBoxModel doFillCredentialsIdItems(@QueryParameter String serverUrl) {
  Jenkins jenkins = Jenkins.get();
- jenkins.checkPermission(Jenkins.ADMINISTER);
+ jenkins.checkPermission(Jenkins.MANAGE);
  StandardListBoxModel result = new StandardListBoxModel();
  result.includeMatchingAs(
  ACL.SYSTEM,

src/main/java/com/cloudbees/jenkins/plugins/bitbucket/endpoints/BitbucketEndpointConfiguration.java

@@ -29,6 +29,7 @@
 import hudson.ExtensionList;
 import hudson.Util;
 import hudson.security.ACL;
+import hudson.security.Permission;
 import hudson.util.ListBoxModel;
 import java.net.URI;
 import java.net.URISyntaxException;
@@ -79,6 +80,11 @@ public static BitbucketEndpointConfiguration get() {
  return ExtensionList.lookup(GlobalConfiguration.class).get(BitbucketEndpointConfiguration.class);
  }
 
+ @NonNull
+ @Override
+ public Permission getRequiredGlobalConfigPagePermission() {
+ return Jenkins.MANAGE;
+ }
  /**
  * Called from a {@code readResolve()} method only to convert the old {@code bitbucketServerUrl} field into the new
  * {@code serverUrl} field. When called from {@link ACL#SYSTEM} this will update the configuration with the
@@ -155,7 +161,7 @@ public synchronized List<AbstractBitbucketEndpoint> getEndpoints() {
  * @param endpoints the list of endpoints.
  */
  public synchronized void setEndpoints(@CheckForNull List<? extends AbstractBitbucketEndpoint> endpoints) {
- Jenkins.get().checkPermission(Jenkins.ADMINISTER);
+ Jenkins.get().checkPermission(Jenkins.MANAGE);
  List<AbstractBitbucketEndpoint> eps = new ArrayList<>(Util.fixNull(endpoints));
  // remove duplicates and empty urls
  Set<String> serverUrls = new HashSet<>();

src/test/java/com/cloudbees/jenkins/plugins/bitbucket/endpoints/BitbucketEndpointConfigurationTest.java

@@ -32,6 +32,7 @@
 import com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl;
 import com.google.common.io.Resources;
 import hudson.XmlFile;
+import hudson.model.User;
 import hudson.security.ACL;
 import hudson.security.ACLContext;
 import hudson.security.AuthorizationStrategy;
@@ -49,7 +50,9 @@
 import org.junit.Before;
 import org.junit.ClassRule;
 import org.junit.Test;
+import org.junit.jupiter.api.Assertions;
 import org.jvnet.hudson.test.JenkinsRule;
+import org.jvnet.hudson.test.MockAuthorizationStrategy;
 
 import static org.hamcrest.Matchers.contains;
 import static org.hamcrest.Matchers.hasSize;
@@ -129,6 +132,29 @@
  }
 
  @Test
+ public void given__newInstance__when__configuredAsManage__then__OK() {
+ BitbucketEndpointConfiguration instance = new BitbucketEndpointConfiguration();
+ try {
+ j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
+ MockAuthorizationStrategy mockStrategy = new MockAuthorizationStrategy();
+ mockStrategy.grant(Jenkins.MANAGE).onRoot().to("admin");
+ j.jenkins.setAuthorizationStrategy(mockStrategy);
+ try (ACLContext context = ACL.as(User.get("admin"))) {
+ instance.setEndpoints(Arrays.<AbstractBitbucketEndpoint>asList(
+ new BitbucketCloudEndpoint(true, "first"),
+ new BitbucketCloudEndpoint(true, "second"),
+ new BitbucketCloudEndpoint(true, "third")));
+ assertThat(instance.getEndpoints(), contains(instanceOf(BitbucketCloudEndpoint.class)));
+ assertThat(instance.getEndpoints().get(0).getCredentialsId(), is("first"));
+ } catch (RuntimeException x) {
+ Assertions.fail("No exception should be thrown");
+ }
+ } finally {
+ j.jenkins.setAuthorizationStrategy(AuthorizationStrategy.UNSECURED);
+ }
+ }
+
+ @Test
  public void given__newInstance__when__configuredWithServerUsingCloudUrl__then__convertedToCloud() {
  BitbucketEndpointConfiguration instance = new BitbucketEndpointConfiguration();
  assumeThat(instance.getEndpoints().get(0).getCredentialsId(), not(is("dummy")));