0

Does anybody have an idea, if its possible, then how to read the permissions for given Jenkins folder?

I found the way how to iterate over jobs and get Folder "jobs" But have no idea how to access the folder permisisons/read it

Access to folder is pretty simple 

import com.cloudbees.hudson.plugins.folder.*
import groovyjarjarasm.asm.Item

  def items=Jenkins.instance.getAllItems();

  items.each{
    if(it instanceof Folder){
      println it.fullName
    } 
  }

I noticed, when eg. on folder 'A' will grant to user Aread (ldapid) read permissions, then in config file is following 

<com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty>
      <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy"/>
      <permission>com.cloudbees.plugins.credentials.CredentialsProvider.View:Aread</permission>

I found also javadoc for cloudbee's folder class, but there is nothing about permision :/

https://javadoc.jenkins.io/plugin/cloudbees-folder/com/cloudbees/hudson/plugins/folder/package-summary.html

Thanks for your tips (I am using inbuilt script editor for running groovy script)

After some findings I found some clues in Jenkins Add permissions to jobs using groovy

But, when implemented

import com.cloudbees.hudson.plugins.folder.*
import groovyjarjarasm.asm.Item
import jenkins.model.Jenkins
import hudson.security.*
import hudson.model.*

//AbstractProject proj = Hudson.instance.getItem("YourJob")
//AuthorizationMatrixProperty authProperty = proj.getProperty(AuthorizationMatrixProperty.class)

  def items=Jenkins.instance.getAllItems();

  items.each{
    if(it instanceof Folder){
      println it.fullName
      AbstractProject proj = Hudson.instance.getItem(it.fullName)
      AuthorizationMatrixProperty authProperty = proj.getProperty(AuthorizationMatrixProperty.class)
    } 
  }

got an error

org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'com.cloudbees.hudson.plugins.folder.Folder@a35435b[fooFolderName]' with class 'com.cloudbees.hudson.plugins.folder.Folder' to class 'hudson.model.AbstractProject'

(already tried it.name, / it as well :/ - code snippet will do not fail if there is not a folder, but classic job

xxxvodnikxxx
  • 1,270
  • 2
  • 18
  • 37
  • may I ask why you're not executing a shell script in the given location? `$ stat -c %a / 755` `$ stat -c %A / drwxr-xr-x` `$ stat -c %a /tmp 1777` `$ stat -c %A /tmp drwxrwxrwt` – Onur Gokkocabas Sep 11 '18 at 18:40
  • Hi, thanks for the input, but you probably did not understood it correctly `I dont want to know the permissions of the system users for folders on the disk`. There is a special job type- folder, (provided by cloudbees, link in post), which works as usual directory in system. What I need is to obtain user's permissions per these jobs, like `folder(job) AAA: admin, full; userA, read; userB, execute, ... ` – xxxvodnikxxx Sep 12 '18 at 07:01

1 Answers1

3

Handled by the example script from Cloudbees

The groovy script bellow print out the admin users (with job edit permissions) per given folder 

//https://javadoc.jenkins.io/plugin/matrix-auth/com/cloudbees/hudson/plugins/folder/properties/AuthorizationMatrixProperty.html
//https://javadoc.jenkins.io/plugin/cloudbees-folder/com/cloudbees/hudson/plugins/folder/AbstractFolder.html
//https://javadoc.jenkins.io/hudson/security/Permission.html

def folderName = "folderName-fullPath"

com.cloudbees.hudson.plugins.folder.Folder folder = jenkins.model.Jenkins.instance.getItem(folderName);
def URL = folder.getAbsoluteUrl();

//iterate over properties and find permissions
folder.properties.each { p -> 
    if(p.class.canonicalName == "com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty") {
        //permissions found, get them
           Map<hudson.security.Permission,Set<String>> gp = p.getGrantedPermissions();

       //interested only in admins of folder- permission to modify the given folder
       gp.get(hudson.security.Permission.fromId("hudson.model.Item.Configure")).each{ us ->
         User usr = User.getById(us,false);

         if(usr != null){
            def usrMail = usr.getProperty(hudson.tasks.Mailer.UserProperty.class).getAddress();
            print(usr.fullName + " <" + usrMail +">;")
         }               
       }
    }
} 

println ""
xxxvodnikxxx
  • 1,270
  • 2
  • 18
  • 37