Adapt to enablement of Overall/Manage permission

jtnord · jtnord · commit dc511de58d5c · 2025-12-02T12:27:04.000Z
Adapts to jenkinsci/jenkins#23873 so the tests pass on the current Jenkins version as well as a version containing the PR discovered by jenkinsci/bom#6031 in preparation for jenkinsci/jenkins#23873 tested with mvn test -Djenkins.version=2.540-rc37747.87da_150079a_1
diff --git a/src/test/java/org/jenkinsci/plugins/configfiles/Security2203Test.java b/src/test/java/org/jenkinsci/plugins/configfiles/Security2203Test.java
@@ -32,6 +32,7 @@
 import org.jenkinsci.plugins.configfiles.maven.job.MvnGlobalSettingsProvider;
 import org.jenkinsci.plugins.configfiles.maven.job.MvnSettingsProvider;
 import org.jenkinsci.plugins.configfiles.sec.ProtectedCodeRunner;
+import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.jvnet.hudson.test.Issue;
@@ -57,6 +58,12 @@ class Security2203Test {
 
     private FreeStyleProject project;
 
+    @BeforeAll
+    static void enableManagePermission() {
+        // TODO remove when baseline contains https://github.com/jenkinsci/jenkins/pull/23873
+        Jenkins.MANAGE.setEnabled(true);
+    }
+
     @BeforeEach
     void setUpAuthorizationAndProject(JenkinsRule r) throws IOException {
         this.r = r;
@@ -72,7 +79,10 @@ void setUpAuthorizationAndProject(JenkinsRule r) throws IOException {
                 .to("projectConfigurer")
                 .grant(Jenkins.ADMINISTER)
                 .everywhere()
-                .to("administer"));
+                .to("administer")
+                .grant(Jenkins.MANAGE)
+                .everywhere()
+                .to("manager"));
     }
 
     /**
@@ -292,8 +302,8 @@ private Config createSetting(ConfigProvider provider) {
     }
 
     /**
-     * The {@link ConfigFilesManagement#getTarget()} is only accessible by people able to administer jenkins. It guarantees
-     * all methods in the class require {@link Jenkins#ADMINISTER}.
+     * The {@link ConfigFilesManagement#getTarget()} is only accessible by people able to manage jenkins. It guarantees
+     * all methods in the class require {@link Jenkins#MANAGE}.
      */
     @Issue("SECURITY-2203")
     @Test
@@ -304,7 +314,7 @@ void configFilesManagementAllMethodsProtected() {
             configFilesManagement.getTarget();
         };
 
-        assertWhoCanExecute(run, Jenkins.ADMINISTER, "ConfigFilesManagement#getTarget");
+        assertWhoCanExecute(run, Jenkins.MANAGE, "ConfigFilesManagement#getTarget");
     }
 
     /**
@@ -317,7 +327,7 @@ private void assertWhoCanExecute(Runnable run, Permission permission, String che
         final Map<Permission, String> userWithPermission = Stream.of(
                         new AbstractMap.SimpleEntry<>(Jenkins.READ, "reader"),
                         new AbstractMap.SimpleEntry<>(Item.CONFIGURE, "projectConfigurer"),
-                        new AbstractMap.SimpleEntry<>(Jenkins.ADMINISTER, "administer"))
+                        new AbstractMap.SimpleEntry<>(Jenkins.MANAGE, "manager"))
                 .collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue));
 
         try (ACLContext ctx = ACL.as(User.getOrCreateByIdOrFullName("reader"))) {
