feat: improve boolean reability

meiswjn · meiswjn · commit 50f5c5c400cc · 2024-05-03T13:41:08.000+02:00
diff --git a/src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java b/src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java
@@ -618,28 +618,32 @@ synchronized boolean isEmpty() {
      * @param language the language in which it is written
      * @param context any additional information about how where or by whom this is being configured
      * @param approveIfAdmin indicates whether script should be approved if current user has admin permissions
-     * @param ignoreAdmin indicates whether auto approval should be ignored, regardless of any configurations.
+     * @param ignoreAdmin indicates whether an admin's ability to approve a script without visiting the script approval site should be ignored, regardless of any configurations.
      * @return {@code script}, for convenience
      */
     public synchronized String configuring(@NonNull String script, @NonNull Language language, @NonNull ApprovalContext context, boolean approveIfAdmin, boolean ignoreAdmin) {
         final ConversionCheckResult result = checkAndConvertApprovedScript(script, language);
-        if (!result.approved) {
-            if (!Jenkins.get().isUseSecurity() ||
-                    (ALLOW_ADMIN_APPROVAL_ENABLED &&
-                    ((Jenkins.getAuthentication2() != ACL.SYSTEM2 && Jenkins.get().hasPermission(Jenkins.ADMINISTER))
-                            && (ADMIN_AUTO_APPROVAL_ENABLED || approveIfAdmin) && !ignoreAdmin))) {
-                approvedScriptHashes.add(result.newHash);
-                //Pending scripts are not stored with a precalculated hash, so no need to remove any old hashes
-                removePendingScript(result.newHash);
-            } else {
-                String key = context.getKey();
-                if (key != null) {
-                    pendingScripts.removeIf(pendingScript -> key.equals(pendingScript.getContext().getKey()));
-                }
-                pendingScripts.add(new PendingScript(script, language, context));
+        if (result.approved) {
+            return script;
+        }
+        // Security is disabled globally.
+        boolean securityIsDisabled = !Jenkins.get().isUseSecurity();
+        // Has to be an actual user and the user must be admin. System-triggered jobs should not auto-approve. (I guess that is the reasonf or this boolean?)
+        boolean isAdminUser = Jenkins.getAuthentication2() != ACL.SYSTEM2 && Jenkins.get().hasPermission(Jenkins.ADMINISTER);
+        boolean implicitAdminApproval = ADMIN_AUTO_APPROVAL_ENABLED || approveIfAdmin;
+        if (securityIsDisabled ||
+                (ALLOW_ADMIN_APPROVAL_ENABLED && isAdminUser && implicitAdminApproval && !ignoreAdmin)) {
+            approvedScriptHashes.add(result.newHash);
+            //Pending scripts are not stored with a precalculated hash, so no need to remove any old hashes
+            removePendingScript(result.newHash);
+        } else {
+            String key = context.getKey();
+            if (key != null) {
+                pendingScripts.removeIf(pendingScript -> key.equals(pendingScript.getContext().getKey()));
             }
-            save();
+            pendingScripts.add(new PendingScript(script, language, context));
         }
+        save();
         return script;
     }
 
