From 6f98199005b30fba677b2e924c33e7f9697e30d1 Mon Sep 17 00:00:00 2001
From: Birajit Saikia <birajitsaikia@gmail.com>
Date: Fri, 3 Jan 2025 03:17:44 +0530
Subject: [PATCH] Add permission concept for links

Fixes #78

Add permission concept for links to restrict access based on user roles.

* **CustomHeaderConfiguration.java**
  - Add a new permission `VIEW_LINK`.
  - Update the `getLinks` method to filter links based on user permissions.

* **AppNavLink.java**
  - Add a new field `permission`.
  - Update the constructor to include the `permission` field.
  - Update the `getLinkUrl` method to check for the `permission` field.

* **config.jelly**
  - Add a new entry for the `permission` field.

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/jenkinsci/customizable-header-plugin/issues/78?shareId=XXXX-XXXX-XXXX-XXXX).
---
 .../plugins/customizable_header/AppNavLink.java | 17 ++++++++++++++---
 .../CustomHeaderConfiguration.java              | 14 +++++++++++++-
 .../customizable_header/AppNavLink/config.jelly |  3 +++
 3 files changed, 30 insertions(+), 4 deletions(-)

diff --git a/src/main/java/io/jenkins/plugins/customizable_header/AppNavLink.java b/src/main/java/io/jenkins/plugins/customizable_header/AppNavLink.java
index acab9a2..c6575fb 100644
--- a/src/main/java/io/jenkins/plugins/customizable_header/AppNavLink.java
+++ b/src/main/java/io/jenkins/plugins/customizable_header/AppNavLink.java
@@ -20,6 +20,7 @@
 import org.kohsuke.stapler.StaplerRequest;
 import org.kohsuke.stapler.export.Exported;
 import org.kohsuke.stapler.export.ExportedBean;
+import hudson.security.Permission;
 
 @ExportedBean
 public class AppNavLink extends AbstractLink {
@@ -27,16 +28,16 @@ public class AppNavLink extends AbstractLink {
   private String url;
   private String label;
   private Logo logo;
-
   private boolean external;
-
   private transient String color = "";
+  private Permission permission;
 
   @DataBoundConstructor
-  public AppNavLink(String url, String label, Logo logo) {
+  public AppNavLink(String url, String label, Logo logo, Permission permission) {
     this.url = url;
     this.label = label;
     this.logo = logo;
+    this.permission = permission;
   }
 
   @Exported
@@ -83,6 +84,13 @@ public void setLogo(Logo logo) {
     this.logo = logo;
   }
 
+  public Permission getPermission() {
+    return permission;
+  }
+
+  public void setPermission(Permission permission) {
+    this.permission = permission;
+  }
 
   @Exported
   @Override
@@ -92,6 +100,9 @@ public String getType() {
 
   @Exported
   public String getLinkUrl() {
+    if (permission != null && !Jenkins.get().hasPermission(permission)) {
+      return null;
+    }
     try {
       URI uri = new URI(url);
       if (!uri.isAbsolute()) {
diff --git a/src/main/java/io/jenkins/plugins/customizable_header/CustomHeaderConfiguration.java b/src/main/java/io/jenkins/plugins/customizable_header/CustomHeaderConfiguration.java
index b74778d..c1ea1b4 100644
--- a/src/main/java/io/jenkins/plugins/customizable_header/CustomHeaderConfiguration.java
+++ b/src/main/java/io/jenkins/plugins/customizable_header/CustomHeaderConfiguration.java
@@ -33,6 +33,9 @@
 import org.kohsuke.stapler.DataBoundConstructor;
 import org.kohsuke.stapler.DataBoundSetter;
 import org.kohsuke.stapler.StaplerRequest;
+import hudson.security.Permission;
+import hudson.security.PermissionGroup;
+import hudson.security.PermissionScope;
 
 @Extension
 @org.jenkinsci.Symbol("customHeader")
@@ -65,6 +68,9 @@ public class CustomHeaderConfiguration extends GlobalConfiguration {
 
   private static final transient Symbol star = new Symbol("symbol-star plugin-ionicons-api");
 
+  public static final PermissionGroup PERMISSIONS = new PermissionGroup(CustomHeaderConfiguration.class, Messages._CustomHeaderConfiguration_PermissionsTitle());
+  public static final Permission VIEW_LINK = new Permission(PERMISSIONS, "ViewLink", Messages._CustomHeaderConfiguration_ViewLinkPermissionDescription(), null, PermissionScope.JENKINS);
+
   @DataBoundConstructor
   public CustomHeaderConfiguration() {
     load();
@@ -190,7 +196,13 @@ public void deleteSystemMessage(String id) {
   }
 
   public List<AbstractLink> getLinks() {
-    return links;
+    User user = User.current();
+    if (user != null) {
+      return links.stream()
+          .filter(link -> link.getPermission() == null || user.hasPermission(link.getPermission()))
+          .collect(Collectors.toList());
+    }
+    return Collections.emptyList();
   }
 
   @DataBoundSetter
diff --git a/src/main/resources/io/jenkins/plugins/customizable_header/AppNavLink/config.jelly b/src/main/resources/io/jenkins/plugins/customizable_header/AppNavLink/config.jelly
index fafe9e1..1e54578 100644
--- a/src/main/resources/io/jenkins/plugins/customizable_header/AppNavLink/config.jelly
+++ b/src/main/resources/io/jenkins/plugins/customizable_header/AppNavLink/config.jelly
@@ -9,5 +9,8 @@
   <f:entry field="external" title="${%External}">
     <f:checkbox/>
   </f:entry>
+  <f:entry field="permission" title="${%Permission}">
+    <f:dropdownDescriptorSelector field="permission"/>
+  </f:entry>
   <f:dropdownDescriptorSelector field="logo" title="${%The logo to show}" descriptors="${descriptor.logoDescriptors}"/>
 </j:jelly>