SFEEProjectBasedAuthorizationStrategy.java

package hudson.plugins.sfee;

import hudson.Extension;
import hudson.model.Descriptor;
import hudson.model.Hudson;
import hudson.model.Job;
import hudson.security.ACL;
import hudson.security.AuthorizationStrategy;
import hudson.security.FullControlOnceLoggedInAuthorizationStrategy;
import hudson.security.SparseACL;
import net.sf.json.JSONObject;

import org.acegisecurity.GrantedAuthority;
import org.acegisecurity.GrantedAuthorityImpl;
import org.acegisecurity.acls.sid.GrantedAuthoritySid;
import org.kohsuke.stapler.StaplerRequest;

/**
 * {@link AuthorizationStrategy} that grants control based on owned permissions.
 */
public class SFEEProjectBasedAuthorizationStrategy extends
		FullControlOnceLoggedInAuthorizationStrategy {

	public static final SparseACL UNSECURED_PROJECT_ACL = new SparseACL(null);

	static {
		UNSECURED_PROJECT_ACL.add(ACL.ANONYMOUS, Hudson.ADMINISTER, false);
		UNSECURED_PROJECT_ACL.add(ACL.EVERYONE, Hudson.ADMINISTER, true);
	}

	@Override
	public ACL getRootACL() {
		return UNSECURED_PROJECT_ACL;
	}

	public GrantedAuthority createAuthority(Job<?, ?> project) {
		SourceForgeProject p = project.getProperty(SourceForgeProject.class);
		if (p != null) {
			return new GrantedAuthorityImpl(p.getProjectId());
		} else {
			return null;
		}
	}

	@Override
	public ACL getACL(Job<?, ?> project) {
		GrantedAuthority auth = createAuthority(project);
		if (auth != null) {
			SparseACL acl = new SparseACL(getRootACL());
			acl.add(new GrantedAuthoritySid(auth), Hudson.ADMINISTER,
					true);
			return acl;
		} else {
			return UNSECURED_PROJECT_ACL;
		}
	}

	@Override
	public Descriptor<AuthorizationStrategy> getDescriptor() {
		return DESCRIPTOR;
	}

	//@Extension
	public static final Descriptor<AuthorizationStrategy> DESCRIPTOR = new Descriptor<AuthorizationStrategy>(
			FullControlOnceLoggedInAuthorizationStrategy.class) {
		public String getDisplayName() {
			return "SFEE Project Based Access Control";
		}

		@Override
		public AuthorizationStrategy newInstance(StaplerRequest req,
				JSONObject formData) throws FormException {
			return new SFEEProjectBasedAuthorizationStrategy();
		}

		@Override
		public String getHelpFile() {
			return "/help/security/full-control-once-logged-in.html";
		}
	};
}