allow users with Overall/Manage to configure global options (#423)

Author: mikecirioli

pom.xml

@@ -4,7 +4,7 @@
   <parent>
     <groupId>org.jenkins-ci.plugins</groupId>
     <artifactId>plugin</artifactId>
-    <version>4.78</version>
+    <version>4.81</version>
     <relativePath />
   </parent>
   <groupId>io.jenkins.plugins</groupId>
@@ -35,6 +35,8 @@
     <gitHubRepo>jenkinsci/${project.artifactId}-plugin</gitHubRepo>
     <spotless.check.skip>false</spotless.check.skip>
     <hpi.compatibleSinceVersion>685</hpi.compatibleSinceVersion>
+    <!-- Jenkins.MANAGE is still considered beta -->
+    <useBeta>true</useBeta>
   </properties>
 
   <dependencyManagement>

src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabSCMNavigator.java

@@ -512,7 +512,7 @@ public SCMNavigator newInstance(String name) {
         public ListBoxModel doFillServerNameItems(
                 @AncestorInPath SCMSourceOwner context, @QueryParameter String serverName) {
             if (context == null) {
-                if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
+                if (!Jenkins.get().hasPermission(Jenkins.MANAGE)) {
                     // must have admin if you want the list without a context
                     ListBoxModel result = new ListBoxModel();
                     result.add(serverName);
@@ -535,7 +535,7 @@ public ListBoxModel doFillCredentialsIdItems(
                 @QueryParameter String credentialsId) {
             StandardListBoxModel result = new StandardListBoxModel();
             if (context == null) {
-                if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
+                if (!Jenkins.get().hasPermission(Jenkins.MANAGE)) {
                     // must have admin if you want the list without a context
                     result.includeCurrentValue(credentialsId);
                     return result;

src/main/java/io/jenkins/plugins/gitlabbranchsource/GitLabSCMSource.java

@@ -819,7 +819,7 @@ public String getSelectedServer(@QueryParameter String serverName) {
         public ListBoxModel doFillServerNameItems(
                 @AncestorInPath SCMSourceOwner context, @QueryParameter String serverName) {
             if (context == null) {
-                if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
+                if (!Jenkins.get().hasPermission(Jenkins.MANAGE)) {
                     // must have admin if you want the list without a context
                     ListBoxModel result = new ListBoxModel();
                     result.add(serverName);
@@ -843,7 +843,7 @@ public ListBoxModel doFillCredentialsIdItems(
             StandardListBoxModel result = new StandardListBoxModel();
             if (context == null) {
                 // must have admin if you want the list without a context
-                if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
+                if (!Jenkins.get().hasPermission(Jenkins.MANAGE)) {
                     result.includeCurrentValue(credentialsId);
                     return result;
                 }

src/main/java/io/jenkins/plugins/gitlabbranchsource/SSHCheckoutTrait.java

@@ -88,7 +88,7 @@ public ListBoxModel doFillCredentialsIdItems(
                 @QueryParameter String credentialsId) {
             StandardListBoxModel result = new StandardListBoxModel();
             if (context == null) {
-                if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
+                if (!Jenkins.get().hasPermission(Jenkins.MANAGE)) {
                     // must have admin if you want the list without a context
                     result.includeCurrentValue(credentialsId);
                     return result;

src/main/java/io/jenkins/plugins/gitlabserverconfig/action/GitlabAction.java

@@ -34,7 +34,7 @@ public class GitlabAction implements RootAction {
 
     @RequirePOST
     public HttpResponse doServerList() {
-        if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
+        if (!Jenkins.get().hasPermission(Jenkins.MANAGE)) {
             return HttpResponses.errorJSON("no permission to get Gitlab server list");
         }
 
@@ -52,7 +52,7 @@ public HttpResponse doServerList() {
     @RequirePOST
     public HttpResponse doProjectList(
             @AncestorInPath SCMSourceOwner context, @QueryParameter String server, @QueryParameter String owner) {
-        if (!Jenkins.get().hasPermission(Jenkins.ADMINISTER)) {
+        if (!Jenkins.get().hasPermission(Jenkins.MANAGE)) {
             return HttpResponses.errorJSON("no permission to get Gitlab server list");
         }
 

src/main/java/io/jenkins/plugins/gitlabserverconfig/servers/GitLabServer.java

@@ -507,7 +507,7 @@ public static class DescriptorImpl extends Descriptor<GitLabServer> {
          */
         @POST
         public static FormValidation doCheckServerUrl(@QueryParameter String serverUrl) {
-            Jenkins.get().checkPermission(Jenkins.ADMINISTER);
+            Jenkins.get().checkPermission(Jenkins.MANAGE);
             try {
                 new URL(serverUrl);
             } catch (MalformedURLException e) {
@@ -626,7 +626,7 @@ public FormValidation doTestConnection(@QueryParameter String serverUrl, @QueryP
         public ListBoxModel doFillCredentialsIdItems(
                 @QueryParameter String serverUrl, @QueryParameter String credentialsId) {
             Jenkins jenkins = Jenkins.get();
-            if (!jenkins.hasPermission(Jenkins.ADMINISTER)) {
+            if (!jenkins.hasPermission(Jenkins.MANAGE)) {
                 return new StandardListBoxModel().includeCurrentValue(credentialsId);
             }
             return new StandardListBoxModel()
@@ -650,7 +650,7 @@ public ListBoxModel doFillCredentialsIdItems(
         public ListBoxModel doFillWebhookSecretCredentialsIdItems(
                 @QueryParameter String serverUrl, @QueryParameter String webhookSecretCredentialsId) {
             Jenkins jenkins = Jenkins.get();
-            if (!jenkins.hasPermission(Jenkins.ADMINISTER)) {
+            if (!jenkins.hasPermission(Jenkins.MANAGE)) {
                 return new StandardListBoxModel().includeCurrentValue(webhookSecretCredentialsId);
             }
             return new StandardListBoxModel()
@@ -665,7 +665,7 @@ public ListBoxModel doFillWebhookSecretCredentialsIdItems(
 
         private StandardCredentials getCredentials(String serverUrl, String credentialsId) {
             Jenkins jenkins = Jenkins.get();
-            jenkins.checkPermission(Jenkins.ADMINISTER);
+            jenkins.checkPermission(Jenkins.MANAGE);
             return StringUtils.isBlank(credentialsId)
                     ? null
                     : CredentialsMatchers.firstOrNull(

src/main/java/io/jenkins/plugins/gitlabserverconfig/servers/GitLabServers.java

@@ -8,6 +8,7 @@
 import hudson.ExtensionList;
 import hudson.model.Descriptor;
 import hudson.model.PersistentDescriptor;
+import hudson.security.Permission;
 import hudson.util.ListBoxModel;
 import io.jenkins.plugins.gitlabserverconfig.servers.helpers.GitLabPersonalAccessTokenCreator;
 import java.util.ArrayList;
@@ -38,6 +39,12 @@ public class GitLabServers extends GlobalConfiguration implements PersistentDesc
      */
     private List<GitLabServer> servers;
 
+    @NonNull
+    @Override
+    public Permission getRequiredGlobalConfigPagePermission() {
+        return Jenkins.MANAGE;
+    }
+
     /**
      * Gets the {@link GitLabServers} singleton.
      *
@@ -96,7 +103,7 @@ public List<GitLabServer> getServers() {
      * @param servers the list of endpoints.
      */
     public void setServers(@CheckForNull List<? extends GitLabServer> servers) {
-        Jenkins.get().checkPermission(Jenkins.ADMINISTER);
+        Jenkins.get().checkPermission(Jenkins.MANAGE);
         this.servers = fixNull(servers).stream()
                 .filter(distinctByKey(GitLabServer::getName))
                 .collect(Collectors.toList());

src/main/java/io/jenkins/plugins/gitlabserverconfig/servers/helpers/GitLabPersonalAccessTokenCreator.java

@@ -81,7 +81,7 @@ public String getDisplayName() {
     public ListBoxModel doFillCredentialsIdItems(
             @QueryParameter String serverUrl, @QueryParameter String credentialsId) {
         Jenkins jenkins = Jenkins.get();
-        if (!jenkins.hasPermission(Jenkins.ADMINISTER)) {
+        if (!jenkins.hasPermission(Jenkins.MANAGE)) {
             return new StandardListBoxModel().includeCurrentValue(credentialsId);
         }
         return new StandardUsernameListBoxModel()
@@ -108,7 +108,7 @@ public FormValidation doCreateTokenByCredentials(
             @QueryParameter String serverUrl, @QueryParameter String credentialsId) {
 
         Jenkins jenkins = Jenkins.get();
-        jenkins.checkPermission(Jenkins.ADMINISTER);
+        jenkins.checkPermission(Jenkins.MANAGE);
         if (isEmpty(credentialsId)) {
             return FormValidation.error("Please specify credentials to create token");
         }
@@ -156,7 +156,7 @@ public FormValidation doCreateTokenByCredentials(
     @RequirePOST
     public FormValidation doCreateTokenByPassword(
             @QueryParameter String serverUrl, @QueryParameter String login, @QueryParameter String password) {
-        Jenkins.get().checkPermission(Jenkins.ADMINISTER);
+        Jenkins.get().checkPermission(Jenkins.MANAGE);
         try {
             String tokenName = UUID.randomUUID().toString();
             String token = AccessTokenUtils.createPersonalAccessToken(