@@ -561,7 +561,13 @@ public static <C extends Credentials> List<C> lookupCredentials(@NonNull Class<C
561561 for (CredentialsProvider provider : all ()) {
562562 if (provider .isEnabled (item ) && provider .isApplicable (type )) {
563563 try {
564- for (C c : provider .getCredentials (type , item , authentication , domainRequirements )) {
564+ List <C > credentials = provider .getCredentials (type , item , authentication , domainRequirements );
565+ // also lookup credentials as SYSTEM if granted for this item
566+ if (authentication != ACL .SYSTEM && item .getACL ().hasPermission (authentication , CredentialsProvider .USE_ITEM )) {
567+ credentials .addAll (provider .getCredentials (type , item , ACL .SYSTEM , domainRequirements ));
568+ }
569+
570+ for (C c : credentials ) {
565571 if (!(c instanceof IdCredentials ) || ids .add (((IdCredentials ) c ).getId ())) {
566572 // if IdCredentials, only add if we haven't added already
567573 // if not IdCredentials, always add
@@ -620,9 +626,12 @@ public static <C extends IdCredentials> ListBoxModel listCredentials(@NonNull Cl
620626 for (CredentialsProvider provider : all ()) {
621627 if (provider .isEnabled (item ) && provider .isApplicable (type )) {
622628 try {
623- for (ListBoxModel .Option option : provider .getCredentialIds (
624- type , item , authentication , domainRequirements , matcher )
625- ) {
629+ ListBoxModel credentialIds = provider .getCredentialIds (type , item , authentication , domainRequirements , matcher );
630+ // also lookup credentials with scope SYSTEM when user has grants for this item
631+ if (authentication != ACL .SYSTEM && item .getACL ().hasPermission (authentication , CredentialsProvider .USE_ITEM )) {
632+ credentialIds .addAll (provider .getCredentialIds (type , item , ACL .SYSTEM , domainRequirements , matcher ));
633+ }
634+ for (ListBoxModel .Option option : credentialIds ) {
626635 if (ids .add (option .value )) {
627636 result .add (option );
628637 }
0 commit comments