Merge "Fix Authorization properties for folder and job in Folder"

jenkins_jobs/modules/properties.py

@@ -509,6 +509,9 @@ def authorization(registry, xml_parent, data):
        :language: yaml
     """
 
+    # get the folder name if it exists
+    in_a_folder = data.pop("_use_folder_perms")
+
     credentials = "com.cloudbees.plugins.credentials.CredentialsProvider."
     ownership = "com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin."
 
@@ -536,9 +539,23 @@ def authorization(registry, xml_parent, data):
     }
 
     if data:
-        matrix = XML.SubElement(
-            xml_parent, "hudson.security.AuthorizationMatrixProperty"
-        )
+        if in_a_folder:
+            matrix = XML.SubElement(
+                xml_parent,
+                "com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty",
+            )
+            XML.SubElement(
+                matrix,
+                "inheritanceStrategy",
+                {
+                    "class": "org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy"
+                },
+            )
+        else:
+            matrix = XML.SubElement(
+                xml_parent, "hudson.security.AuthorizationMatrixProperty"
+            )
+
         for (username, perms) in data.items():
             for perm in perms:
                 pe = XML.SubElement(matrix, "permission")
@@ -1234,4 +1251,15 @@ class Properties(jenkins_jobs.modules.base.Base):
             properties = XML.SubElement(xml_parent, "properties")
 
         for prop in data.get("properties", []):
+            # Pass a flag for folder permissions to the authorization method
+            if next(iter(prop)) == "authorization":
+                # Only projects are placed in folders
+                if "project-type" in data:
+                    if data["project-type"] == "folder":
+                        prop["authorization"]["_use_folder_perms"] = True
+                    else:
+                        prop["authorization"]["_use_folder_perms"] = "folder" in data
+                else:
+                    prop["authorization"]["_use_folder_perms"] = False
+
             self.registry.dispatch("property", properties, prop)

tests/yamlparser/fixtures/project_folder_template003.xml

@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="utf-8"?>
+<com.cloudbees.hudson.plugins.folder.Folder plugin="cloudbees-folder">
+  <icon class="com.cloudbees.hudson.plugins.folder.icons.StockFolderIcon"/>
+  <views/>
+  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
+  <primaryView>All</primaryView>
+  <healthMetrics/>
+  <actions/>
+  <description>foo bar&lt;!-- Managed by Jenkins Job Builder --&gt;</description>
+  <keepDependencies>false</keepDependencies>
+  <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
+  <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
+  <concurrentBuild>false</concurrentBuild>
+  <canRoam>true</canRoam>
+  <properties>
+    <com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty>
+      <inheritanceStrategy class="org.jenkinsci.plugins.matrixauth.inheritance.InheritParentStrategy"/>
+      <permission>hudson.model.Item.Read:foobar</permission>
+      <permission>hudson.model.Item.ExtendedRead:foobar</permission>
+    </com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty>
+  </properties>
+  <scm class="hudson.scm.NullSCM"/>
+  <publishers/>
+  <buildWrappers/>
+</com.cloudbees.hudson.plugins.folder.Folder>

tests/yamlparser/fixtures/project_folder_template003.yaml

@@ -0,0 +1,9 @@
+- job:
+    name: folder_with_auth
+    project-type: folder
+    description: foo bar
+    properties:
+      - authorization:
+          foobar:
+            - 'job-read'
+            - 'job-extended-read'