Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[JENKINS-60682] Improve scriptApproval ux #282

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
+105 −37
Open

[JENKINS-60682] Improve scriptApproval ux #282

Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
6d72b58
pure whitespace changes
jsoref Jan 7, 2020
3f2c4b7
Rename approvedClasspathEntries-list
jsoref Jan 7, 2020
e6ade29
Add p tags
jsoref Jan 7, 2020
6e21bc7
Use h4 tags for sections
jsoref Jan 7, 2020
d5d5bc2
Add h3 tags for sections
jsoref Jan 7, 2020
6aa9653
Add h2 heading
jsoref Jan 7, 2020
8bb3e7d
Add none value
jsoref Jan 7, 2020
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
142 changes: 105 additions & 37 deletions src/main/resources/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval/index.jelly
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,8 +87,11 @@ THE SOFTWARE.
/*
Create a list like:
<p id="pcp-${pcp.hash}">
<button class="approve" onclick="approveClasspathEntry('${pcp.hash}')">Approve</button> /
<button class="deny" onclick="denyClasspathEntry('${pcp.hash}')">Deny</button>
<button class="approve" onclick="approveClasspathEntry('${pcp.hash}')"
>Approve</button>
/
<button class="deny" onclick="denyClasspathEntry('${pcp.hash}')"
>Deny</button>
${pcp.hash} (${pcp.path})
</p>
*/
Expand Down Expand Up @@ -117,16 +120,18 @@ THE SOFTWARE.
function renderApprovedClasspathEntries(approvedClasspathEntries) {
if (approvedClasspathEntries.length == 0) {
$('approvedClasspathEntries-none').show();
$('approvedClasspathEntries').childElements().each(function(e){e.remove()});
$('approvedClasspathEntries').hide();
$('approvedClasspathEntries-list').childElements().each(function(e){e.remove()});
$('approvedClasspathEntries-list').hide();
$('approved-classpath-entries-clear').hide();
$('approvedClasspathEntries-clear').hide();
} else {
$('approvedClasspathEntries-none').hide();
$('approvedClasspathEntries').childElements().each(function(e){e.remove()});
$('approvedClasspathEntries-list').childElements().each(function(e){e.remove()});
/*
Create a list like:
<p id="acp-${acp.hash}">
<button class="delete" onclick="denyApprovedClasspathEntry('${pcp.hash}')">Delete</button>
<button class="delete" onclick="denyApprovedClasspathEntry('${pcp.hash}')"
>Delete</button>
${acp.hash} (${acp.path})
</p>
*/
Expand All @@ -142,9 +147,10 @@ THE SOFTWARE.
block.insert(deleteButton);
block.insert("&lt;code title='" + e.hash + "'>" + e.path + "&lt;/code>");

$('approvedClasspathEntries').insert(block);
$('approvedClasspathEntries-list').insert(block);
});
$('approvedClasspathEntries').show();
$('approvedClasspathEntries-list').show();
$('approved-classpath-entries-clear').show();
$('approvedClasspathEntries-clear').show();
}
}
Expand Down Expand Up @@ -181,6 +187,12 @@ THE SOFTWARE.
});
});
</script>
<h2>
In-process Script Approval
</h2>
<h3 id="script-approvals">
Script approvals
</h3>
<j:choose>
<j:when test="${it.pendingScripts.isEmpty()}">
<p>
Expand All @@ -191,19 +203,33 @@ THE SOFTWARE.
<j:forEach var="ps" items="${it.pendingScripts}">
<div id="ps-${ps.hash}" class="pending-script">
<p class="ps-context">
<button class="approve" onclick="approveScript('${ps.hash}')">Approve</button> / <button class="deny" onclick="denyScript('${ps.hash}')">Deny</button> ${ps.language.displayName} script
<button class="approve" onclick="approveScript('${ps.hash}')"
>Approve</button>
/
<button class="deny" onclick="denyScript('${ps.hash}')"
>Deny</button>
${ps.language.displayName} script
<st:include it="${ps.context}" page="index.jelly"/>:
</p>
<f:textarea readonly="readonly" codemirror-mode="${ps.language.codeMirrorMode}" codemirror-config='"readOnly": true' rows="10" cols="80" value="${ps.script}"/>
<p>
<f:textarea readonly="readonly"
codemirror-mode="${ps.language.codeMirrorMode}"
codemirror-config='"readOnly": true'
rows="10" cols="80"
value="${ps.script}"/>
</p>
</div>
</j:forEach>
</j:otherwise>
</j:choose>
<p id="approvedScripts-clear">
<h4 id="approved-scripts-clear">
You can also remove all previous script approvals:
</h4>
<p id="approvedScripts-clear">
<button onclick="if (confirm('Really delete all approvals? Any existing scripts will need to be requeued and reapproved.')) {mgr.clearApprovedScripts()}">Clear Approvals</button>
</p>
<hr/>
<h3 id="signature-approvals">Signature Approvals</h3>
<j:choose>
<j:when test="${it.pendingSignatures.isEmpty()}">
<p>
Expand All @@ -214,60 +240,102 @@ THE SOFTWARE.
<j:forEach var="s" items="${it.pendingSignatures}">
<div id="s-${s.hash}">
<p>
<button onclick="approveSignature('${s.signature}', '${s.hash}')">Approve</button> /
<button onclick="approveSignature('${s.signature}', '${s.hash}')"
>Approve</button>
/
<j:if test="${!s.signature.startsWith('field')}">
<button onclick="aclApproveSignature('${s.signature}', '${s.hash}')">Approve assuming permission check</button> /
<button onclick="aclApproveSignature('${s.signature}', '${s.hash}')"
>Approve assuming permission check</button>
/
</j:if>
<button onclick="denySignature('${s.signature}', '${s.hash}')">Deny</button> signature
<button onclick="denySignature('${s.signature}', '${s.hash}')"
>Deny</button>
signature
<st:include it="${s.context}" page="index.jelly"/>:
<code>${s.signature}</code>
<j:if test="${s.dangerous}">
<st:nbsp/><strong><font color="red">Approving this signature may introduce a security vulnerability! You are advised to deny it.</font></strong>
</j:if>
</p>
<j:if test="${s.dangerous}">
<p>
<st:nbsp/><strong><font color="red">Approving this signature may introduce a security vulnerability! You are advised to deny it.</font></strong>
</p>
</j:if>
</div>
</j:forEach>
</j:otherwise>
</j:choose>
<p>Signatures already approved:</p>
<textarea readonly="readonly" id="approvedSignatures" rows="10" cols="80">
<j:forEach var="line" items="${it.approvedSignatures}">${line}<st:out value="&#10;"/></j:forEach>
</textarea>
<p>Signatures already approved assuming permission check:</p>
<textarea readonly="readonly" id="aclApprovedSignatures" rows="10" cols="80">
<j:forEach var="line" items="${it.aclApprovedSignatures}">${line}<st:out value="&#10;"/></j:forEach>
</textarea>
<h4 id="approved-signatures">Signatures already approved:</h4>
<j:choose>
<j:when test="${it.approvedSignatures.isEmpty()}">
<p>
None
</p>
</j:when>
<j:otherwise>
<p>
<textarea readonly="readonly" id="approvedSignatures" rows="10" cols="80">
<j:forEach var="line" items="${it.approvedSignatures}">${line}<st:out value="&#10;"/></j:forEach>
</textarea>
</p>
</j:otherwise>
</j:choose>
<h4 id="approved-acl-signatures">Signatures already approved assuming permission check:</h4>
<j:choose>
<j:when test="${it.aclApprovedSignatures.isEmpty()}">
<p>
None
</p>
</j:when>
<j:otherwise>
<p>
<textarea readonly="readonly" id="aclApprovedSignatures" rows="10" cols="80">
<j:forEach var="line" items="${it.aclApprovedSignatures}">${line}<st:out value="&#10;"/></j:forEach>
</textarea>
</p>
</j:otherwise>
</j:choose>
<j:set var="dangerousApprovedSignatures" value="${it.dangerousApprovedSignatures}"/>
<j:if test="${!empty(dangerousApprovedSignatures)}">
<p>Signatures already approved which <strong><font color="red">may have introduced a security vulnerability</font></strong> (recommend clearing):</p>
<textarea readonly="readonly" id="dangerousApprovedSignatures" rows="10" cols="80">
<j:forEach var="line" items="${dangerousApprovedSignatures}">${line}<st:out value="&#10;"/></j:forEach>
</textarea>
<h4 id="dangerous-approved-signatures">Signatures already approved which <strong><font color="red">may have introduced a security vulnerability</font></strong> (recommend clearing):</h4>
<p>
<textarea readonly="readonly" id="dangerousApprovedSignatures" rows="10" cols="80">
<j:forEach var="line" items="${dangerousApprovedSignatures}">${line}<st:out value="&#10;"/></j:forEach>
</textarea>
</p>
</j:if>
<p>
<h4 id="clear-approved-signatures">
You can also remove all previous signature approvals:
<button onclick="if (confirm('Really delete all approvals? Any existing scripts will need to be rerun and signatures reapproved.')) {clearApprovedSignatures()}">Clear Approvals</button>
</h4>
<p>
<button onclick="if (confirm('Really delete all approvals? Any existing scripts will need to be rerun and signatures reapproved.')) {clearApprovedSignatures()}"
>Clear Approvals</button>
</p>
<j:if test="${!empty(dangerousApprovedSignatures)}">
Or you can just remove the dangerous ones:
<button onclick="clearDangerousApprovedSignatures()">Clear only dangerous Approvals</button>
<h4 id="clear-dangerous-approved-signatures">Or you can just remove the dangerous ones:</h4>
<p>
<button onclick="clearDangerousApprovedSignatures()"
>Clear only dangerous Approvals</button>
</p>
</j:if>
<hr/>
<h3 id="classpath-approvals">Classpath Approvals</h3>
<p id="pendingClasspathEntries-none">
No pending classpath entry approvals.
</p>
<div id="pendingClasspathEntries">
Classpath entries pending approval. (Beware of remote URLs, workspace files, or anything else that might change without your notice.)
</div>
<p>Classpath entries already approved:</p>
<h4 id="approved-classpath-entries">Classpath entries already approved:</h4>
<p id="approvedClasspathEntries-none">
No approved classpath entries.
</p>
<div id="approvedClasspathEntries">
<div id="approvedClasspathEntries-list">
</div>
<p id="approvedClasspathEntries-clear">
<h4 id="approved-classpath-entries-clear">
You can also remove all previous classpath entry approvals:
<button onclick="if (confirm('Really delete all approvals? Any existing scripts using a classpath will need to be rerun and entries reapproved.')) {clearApprovedClasspathEntries()}">Clear Classpath Entries</button>
</h4>
<p id="approvedClasspathEntries-clear">
<button onclick="if (confirm('Really delete all approvals? Any existing scripts using a classpath will need to be rerun and entries reapproved.')) {clearApprovedClasspathEntries()}"
>Clear Classpath Entries</button>
</p>
</l:main-panel>
</l:layout>
Expand Down