Get folder's permission

[Pavel Novák]

Hi, 

regarding https://issues.jenkins-ci.org/browse/JENKINS-53581 

I would like to get permissions setup for the folders in the Jenkins by groovy script used in the jenkins script console 

Environment:

Jenkins ver. 2.121.2 
 + Folders plugin 6.5.1 
 + Matrix Authorization Strategy 2.3 

Jenkins ver. 2.107.3 
 + Folders plugin 6.4 
 + Matrix Authorization Strategy 2.2

I am using similar scripts for kind of reporting, e.g. number of folders, folders with recent builds (in given period, etc.)

I tried, with the clues over the internet, following 

import com.cloudbees.hudson.plugins.folder.*
import groovyjarjarasm.asm.Item
import jenkins.model.Jenkins
import hudson.security.*
import hudson.model.*
//AbstractProject proj = Hudson.instance.getItem("YourJob")
//AuthorizationMatrixProperty authProperty = proj.getProperty(AuthorizationMatrixProperty.class)

 def items=Jenkins.instance.getAllItems();
//load all items in jenkins 
 items.each{
      //get folders only
      if(it instanceof Folder){
      // println it //print for debug
     AbstractProject proj = Hudson.instance.getItem(it.fullName)
     AuthorizationMatrixProperty authProperty =  proj.getProperties(AuthorizationMatrixProperty.class)
     }
 }

But that fails because casting error 

org.codehaus.groovy.runtime.typehandling.GroovyCastException: Cannot cast object 'com.cloudbees.hudson.plugins.folder.Folder@4c019d3f[foldername]' with class 'com.cloudbees.hudson.plugins.folder.Folder' to class 'hudson.model.AbstractProject'

In the link above I got an advise as to use abstract folder, etc. now I am in the state I am getting error about getting property 
groovy.lang.MissingMethodException: No signature of method: com.cloudbees.hudson.plugins.folder.Folder.getProperties() is applicable for argument types: (java.lang.Class) values: [class hudson.security.AuthorizationMatrixProperty]
Possible solutions: getProperties(), getProperties()

Do you have any idea, how to obtain the permissions on the folder 
- in fact, 1st level like "job root" should be enough, I dont need to go deeper
- in ideal case I would like to get all the granted permissions
- at least, I need users, which are having any permissions on the folder (Excl. jenkins admins, ofc.)

note- I am jenkins admin, so I have the full permissions

Thanks in advance for any advise.

[Pavel Novák]

I found nice repository from cloudbees 

https://github.com/cloudbees/jenkins-scripts

and there is a script existing already 

https://github.com/cloudbees/jenkins-scripts/blob/master/auth-project-report.groovy

So I have take inspiration and did my script regarding the followup from the links above

- reading folders

- reads permissions

- if there is a user with "external" in the fullName, then store it, and if there are found at least 1 externals, it got printed out in pseudo-csv like 

folderName;URL;userID;userFullName;mailAddres

See below

//taken @ https://github.com/cloudbees/jenkins-scripts/blob/master/auth-project-report.groovy

//https://javadoc.jenkins.io/plugin/matrix-auth/com/cloudbees/hudson/plugins/folder/properties/AuthorizationMatrixProperty.html

//https://javadoc.jenkins.io/plugin/cloudbees-folder/com/cloudbees/hudson/plugins/folder/AbstractFolder.html

//https://javadoc.jenkins.io/hudson/security/Permission.html

def folder

def URL

List<String> adminUserList=new ArrayList<String>() 

//get items

for (item in Jenkins.instance.allItems) {

  //find folders

  if (item.class.canonicalName == "com.cloudbees.hudson.plugins.folder.Folder") {

    folder = item.fullName

    URL = item.getAbsoluteUrl()

    //iterate over properties and find permissions

    item.properties.each { p -> 

      if(p.class.canonicalName == "com.cloudbees.hudson.plugins.folder.properties.AuthorizationMatrixProperty") {

          //permissions found, get them

  Map<hudson.security.Permission,Set<String>> gp = p.getGrantedPermissions()

        

         //interested only in admins of folder- permission to modify the given folder

         gp.get(hudson.security.Permission.fromId("hudson.model.Item.Configure")).each{

           //getUserList

           

            User usr = User.getById(it,false)

            //println usr.fullName

   

   if(usr != null && usr.fullName.contains("external")) {

   def usrMail = usr.getProperty(hudson.tasks.Mailer.UserProperty.class).getAddress();

   adminUserList.add(it + ";" + usr.fullName +";" + usrMail)

       }

        }

 

      }

    } 

 

  }

  

  if(adminUserList.size() > 0) {

  adminUserList.each{user ->

  println folder + ";" + URL + ";"+ user

  }

  }

  adminUserList=new ArrayList<String>()

   

}

 

Dne pondělí 17. září 2018 13:51:34 UTC+2 Pavel Novák napsal(a):