[JENKINS-73053] Allow users with Overall/Manage permission to configu…

…re endpoints (#784)

* [JENKINS-73053] Allow users with Overall/Manage permission to configure endpoints

See [JENKINS-73053](https://issues.jenkins.io/browse/JENKINS-73053).

* Tests that the endpoints configuration is visible to Overall/Manage

src/main/java/org/jenkinsci/plugins/github_branch_source/Connector.java

@@ -182,7 +182,7 @@ public static FormValidation checkScanCredentials(
      */
     public static FormValidation checkScanCredentials(
             @CheckForNull Item context, String apiUri, String scanCredentialsId, @CheckForNull String repoOwner) {
-        if (context == null && !Jenkins.get().hasPermission(Jenkins.ADMINISTER)
+        if (context == null && !Jenkins.get().hasPermission(Jenkins.MANAGE)
                 || context != null && !context.hasPermission(Item.EXTENDED_READ)) {
             return FormValidation.ok();
         }

src/main/java/org/jenkinsci/plugins/github_branch_source/Endpoint.java

@@ -130,7 +130,7 @@ public String getDisplayName() {
         @RequirePOST
         @Restricted(NoExternalUse.class)
         public FormValidation doCheckApiUri(@QueryParameter String apiUri) {
-            Jenkins.get().checkPermission(Jenkins.ADMINISTER);
+            Jenkins.get().checkPermission(Jenkins.MANAGE);
             if (Util.fixEmptyAndTrim(apiUri) == null) {
                 return FormValidation.warning("You must specify the API URL");
             }

src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubConfiguration.java

@@ -27,6 +27,7 @@
 import edu.umd.cs.findbugs.annotations.CheckForNull;
 import edu.umd.cs.findbugs.annotations.NonNull;
 import hudson.Extension;
+import hudson.security.Permission;
 import hudson.util.ListBoxModel;
 import java.net.URI;
 import java.net.URISyntaxException;
@@ -38,6 +39,7 @@
 import java.util.Locale;
 import java.util.Set;
 import jenkins.model.GlobalConfiguration;
+import jenkins.model.Jenkins;
 import net.sf.json.JSONObject;
 import org.apache.commons.lang.StringUtils;
 import org.kohsuke.stapler.StaplerRequest;
@@ -232,4 +234,10 @@ public ListBoxModel doFillApiRateLimitCheckerItems() {
         }
         return items;
     }
+
+    @NonNull
+    @Override
+    public Permission getRequiredGlobalConfigPagePermission() {
+        return Jenkins.MANAGE;
+    }
 }

src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigator.java

@@ -1800,7 +1800,7 @@ public ListBoxModel doFillCredentialsIdItems(
                 @QueryParameter String apiUri,
                 @QueryParameter String credentialsId) {
             if (context == null
-                    ? !Jenkins.get().hasPermission(Jenkins.ADMINISTER)
+                    ? !Jenkins.get().hasPermission(Jenkins.MANAGE)
                     : !context.hasPermission(Item.EXTENDED_READ)) {
                 return new StandardListBoxModel().includeCurrentValue(credentialsId);
             }

src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMSource.java

@@ -2069,7 +2069,7 @@ public ListBoxModel doFillCredentialsIdItems(
                 @QueryParameter String apiUri,
                 @QueryParameter String credentialsId) {
             if (context == null
-                    ? !Jenkins.get().hasPermission(Jenkins.ADMINISTER)
+                    ? !Jenkins.get().hasPermission(Jenkins.MANAGE)
                     : !context.hasPermission(Item.EXTENDED_READ)) {
                 return new StandardListBoxModel().includeCurrentValue(credentialsId);
             }
@@ -2102,7 +2102,7 @@ public FormValidation doValidateRepositoryUrlAndCredentials(
                 @QueryParameter String repositoryUrl,
                 @QueryParameter String credentialsId,
                 @QueryParameter String repoOwner) {
-            if (context == null && !Jenkins.get().hasPermission(Jenkins.ADMINISTER)
+            if (context == null && !Jenkins.get().hasPermission(Jenkins.MANAGE)
                     || context != null && !context.hasPermission(Item.EXTENDED_READ)) {
                 return FormValidation.error(
                         "Unable to validate repository information"); // not supposed to be seeing this form
@@ -2249,7 +2249,7 @@ public ListBoxModel doFillOrganizationItems(
             if (credentialsId == null) {
                 return new ListBoxModel();
             }
-            if (context == null && !Jenkins.get().hasPermission(Jenkins.ADMINISTER)
+            if (context == null && !Jenkins.get().hasPermission(Jenkins.MANAGE)
                     || context != null && !context.hasPermission(Item.EXTENDED_READ)) {
                 return new ListBoxModel(); // not supposed to be seeing this form
             }
@@ -2297,7 +2297,7 @@ public ListBoxModel doFillRepositoryItems(
             if (repoOwner == null) {
                 return new ListBoxModel();
             }
-            if (context == null && !Jenkins.get().hasPermission(Jenkins.ADMINISTER)
+            if (context == null && !Jenkins.get().hasPermission(Jenkins.MANAGE)
                     || context != null && !context.hasPermission(Item.EXTENDED_READ)) {
                 return new ListBoxModel(); // not supposed to be seeing this form
             }

src/main/java/org/jenkinsci/plugins/github_branch_source/SSHCheckoutTrait.java

@@ -152,7 +152,7 @@ public ListBoxModel doFillCredentialsIdItems(
                 @QueryParameter String apiUri,
                 @QueryParameter String credentialsId) {
             if (context == null
-                    ? !Jenkins.get().hasPermission(Jenkins.ADMINISTER)
+                    ? !Jenkins.get().hasPermission(Jenkins.MANAGE)
                     : !context.hasPermission(Item.EXTENDED_READ)) {
                 return new StandardListBoxModel().includeCurrentValue(credentialsId);
             }
@@ -181,7 +181,7 @@ public FormValidation doCheckCredentialsId(
                 @QueryParameter String serverUrl,
                 @QueryParameter String value) {
             if (context == null
-                    ? !Jenkins.get().hasPermission(Jenkins.ADMINISTER)
+                    ? !Jenkins.get().hasPermission(Jenkins.MANAGE)
                     : !context.hasPermission(Item.EXTENDED_READ)) {
                 return FormValidation.ok();
             }

src/test/java/org/jenkinsci/plugins/github_branch_source/EndpointTest.java

@@ -22,6 +22,7 @@
 import org.htmlunit.HttpMethod;
 import org.htmlunit.Page;
 import org.htmlunit.WebRequest;
+import org.htmlunit.html.HtmlPage;
 import org.htmlunit.util.NameValuePair;
 import org.junit.Before;
 import org.junit.Rule;
@@ -45,7 +46,7 @@ public class EndpointTest {
     public void setUp() throws Exception {
         j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
         MockAuthorizationStrategy auth = new MockAuthorizationStrategy();
-        auth.grant(Jenkins.ADMINISTER).everywhere().to("alice");
+        auth.grant(Jenkins.MANAGE).everywhere().to("alice");
         auth.grant(Jenkins.READ).everywhere().toEveryone();
         j.jenkins.setAuthorizationStrategy(auth);
         testUrl = Util.rawEncode(j.getURL().toString() + "testroot/");
@@ -90,6 +91,13 @@ public void canPostAsAdmin_doCheckApiUri() throws Exception {
         assertTrue(TestRoot.get().visited);
     }
 
+    @Test
+    @Issue("JENKINS-73053")
+    public void manageCanSetupEndpoints() throws Exception {
+        HtmlPage htmlPage = j.createWebClient().login("alice").goTo("manage/configure");
+        assertTrue(htmlPage.getVisibleText().contains("GitHub Enterprise Servers"));
+    }
+
     private String appendCrumb(String url) {
         return url + "&" + getCrumb();
     }

src/test/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMNavigatorTest.java

@@ -458,7 +458,7 @@ public void doFillScanCredentials() throws Exception {
         try {
             r.jenkins.setSecurityRealm(r.createDummySecurityRealm());
             MockAuthorizationStrategy mockStrategy = new MockAuthorizationStrategy();
-            mockStrategy.grant(Jenkins.ADMINISTER).onRoot().to("admin");
+            mockStrategy.grant(Jenkins.MANAGE).onRoot().to("admin");
             mockStrategy.grant(Item.CONFIGURE).onItems(dummy).to("bob");
             mockStrategy.grant(Item.EXTENDED_READ).onItems(dummy).to("jim");
             r.jenkins.setAuthorizationStrategy(mockStrategy);

src/test/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMSourceTest.java

@@ -739,7 +739,7 @@ public void doFillCredentials() throws Exception {
         try {
             r.jenkins.setSecurityRealm(r.createDummySecurityRealm());
             MockAuthorizationStrategy mockStrategy = new MockAuthorizationStrategy();
-            mockStrategy.grant(Jenkins.ADMINISTER).onRoot().to("admin");
+            mockStrategy.grant(Jenkins.MANAGE).onRoot().to("admin");
             mockStrategy.grant(Item.CONFIGURE).onItems(dummy).to("bob");
             mockStrategy.grant(Item.EXTENDED_READ).onItems(dummy).to("jim");
             r.jenkins.setAuthorizationStrategy(mockStrategy);

src/test/java/org/jenkinsci/plugins/github_branch_source/SSHCheckoutTraitTest.java

@@ -86,7 +86,7 @@ public void given__descriptor__when__displayingCredentials__then__contractEnforc
         try {
             j.jenkins.setSecurityRealm(j.createDummySecurityRealm());
             MockAuthorizationStrategy mockStrategy = new MockAuthorizationStrategy();
-            mockStrategy.grant(Jenkins.ADMINISTER).onRoot().to("admin");
+            mockStrategy.grant(Jenkins.MANAGE).onRoot().to("admin");
             mockStrategy.grant(Item.CONFIGURE).onItems(dummy).to("bob");
             mockStrategy.grant(Item.EXTENDED_READ).onItems(dummy).to("jim");
             j.jenkins.setAuthorizationStrategy(mockStrategy);