Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-13429

Nested views not showing up with just read perms for View

    Details

    • Similar Issues:

      Description

      Jenkins 1.459 + Nested View Plugin 1.8 + Role-based Authorization Strategy 1.1.2

      User has read permissions for "View" but Jenkins main page is missing Nested views (even if they have sub views with jobs).
      Adding "configure" perms for "View" results in Nested views showing up correctly.

      It looks like it's connected with:
      "Added the View.READ permission to control visibility of views, and updated the default implementation to hide empty views. (issue 3681)"

        Attachments

          Issue Links

            Activity

            carno M S created issue -
            Hide
            carno M S added a comment -

            Taking into consideration, that Sectioned View plugin will laso have the same problem if we use it without any job inside (for example using only text lists inside) I think that "hide empty views" implementation is too naive, looking only at jobs directly under view.

            Show
            carno M S added a comment - Taking into consideration, that Sectioned View plugin will laso have the same problem if we use it without any job inside (for example using only text lists inside) I think that "hide empty views" implementation is too naive, looking only at jobs directly under view.
            mindless Alan Harder made changes -
            Field Original Value New Value
            Link This issue is related to JENKINS-3681 [ JENKINS-3681 ]
            mindless Alan Harder made changes -
            Assignee Alan Harder [ mindless ] Kohsuke Kawaguchi [ kohsuke ]
            Hide
            mabahj Markus added a comment -

            Seeing the same with matrix based security.
            Jenkins 1.460
            Nested View Plugin 1.8.
            Active Directory plugin 1.23

            Show
            mabahj Markus added a comment - Seeing the same with matrix based security. Jenkins 1.460 Nested View Plugin 1.8. Active Directory plugin 1.23
            Hide
            josesa Jose Sa added a comment - - edited

            Upgraded from 1.456 (which had nested views of nested views showing ok) to 1.462 and now it only shows the default "All" view and no nested views.
            Had to revert and will have to stick with 1.458 until nested tabs can be visible again with "anonymous view.read" permission.

            Show
            josesa Jose Sa added a comment - - edited Upgraded from 1.456 (which had nested views of nested views showing ok) to 1.462 and now it only shows the default "All" view and no nested views. Had to revert and will have to stick with 1.458 until nested tabs can be visible again with "anonymous view.read" permission.
            Hide
            vlatombe Vincent Latombe added a comment -

            Pull request created for this issue
            https://github.com/jenkinsci/jenkins/pull/464

            Show
            vlatombe Vincent Latombe added a comment - Pull request created for this issue https://github.com/jenkinsci/jenkins/pull/464
            Hide
            brennx0r Brenna Flood added a comment -

            Upgraded from 1.458 to 1.463 yesterday and started experiencing this issue. It's fairly important in our company implementation that anonymous users be able to continue to browse through nested views without requiring authentication; for security purposes, the workaround of giving configure perms for View for anonymous is not viable.

            Show
            brennx0r Brenna Flood added a comment - Upgraded from 1.458 to 1.463 yesterday and started experiencing this issue. It's fairly important in our company implementation that anonymous users be able to continue to browse through nested views without requiring authentication; for security purposes, the workaround of giving configure perms for View for anonymous is not viable.
            Hide
            vrenjith Renjith Pillai added a comment -

            Badly in need of this correction. The workaround to give 'Configure' permission for the same seems to be dangerous.

            Show
            vrenjith Renjith Pillai added a comment - Badly in need of this correction. The workaround to give 'Configure' permission for the same seems to be dangerous.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Vincent Latombe
            Path:
            changelog.html
            core/src/main/java/hudson/security/AuthorizationStrategy.java
            http://jenkins-ci.org/commit/jenkins/d1b2ba7e4988d26fbb815b8912efb16273c407d4
            Log:
            [FIXED JENKINS-13429]
            Backward compatibility is preventing the View.READ permission to apply
            correctly. It actually overrides the View.READ instead of complementing
            it.

            This change only applies default READ right if the View.READ is not
            available, and the user has View.CONFIGURE + the view is not empty.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Vincent Latombe Path: changelog.html core/src/main/java/hudson/security/AuthorizationStrategy.java http://jenkins-ci.org/commit/jenkins/d1b2ba7e4988d26fbb815b8912efb16273c407d4 Log: [FIXED JENKINS-13429] Backward compatibility is preventing the View.READ permission to apply correctly. It actually overrides the View.READ instead of complementing it. This change only applies default READ right if the View.READ is not available, and the user has View.CONFIGURE + the view is not empty.
            scm_issue_link SCM/JIRA link daemon made changes -
            Status Open [ 1 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            Hide
            vrenjith Renjith Pillai added a comment -

            So which release contains this correction? The changelogs doesn't seem to indicate this.

            Show
            vrenjith Renjith Pillai added a comment - So which release contains this correction? The changelogs doesn't seem to indicate this.
            Hide
            vlatombe Vincent Latombe added a comment -

            It will be in 1.467

            Show
            vlatombe Vincent Latombe added a comment - It will be in 1.467
            aleksas aleksas made changes -
            Link This issue is duplicated by JENKINS-13942 [ JENKINS-13942 ]
            Hide
            dogfood dogfood added a comment -

            Integrated in jenkins_ui-changes_branch #30
            [FIXED JENKINS-13429] (Revision d1b2ba7e4988d26fbb815b8912efb16273c407d4)

            Result = SUCCESS
            Kohsuke Kawaguchi : d1b2ba7e4988d26fbb815b8912efb16273c407d4
            Files :

            • core/src/main/java/hudson/security/AuthorizationStrategy.java
            • changelog.html
            Show
            dogfood dogfood added a comment - Integrated in jenkins_ui-changes_branch #30 [FIXED JENKINS-13429] (Revision d1b2ba7e4988d26fbb815b8912efb16273c407d4) Result = SUCCESS Kohsuke Kawaguchi : d1b2ba7e4988d26fbb815b8912efb16273c407d4 Files : core/src/main/java/hudson/security/AuthorizationStrategy.java changelog.html
            aherbe Anthony HERBÉ made changes -
            Link This issue is duplicated by JENKINS-14546 [ JENKINS-14546 ]
            pmv pmv made changes -
            Link This issue is duplicated by JENKINS-17315 [ JENKINS-17315 ]
            ctapobep Stanislav Bashkyrtsev made changes -
            Status Resolved [ 5 ] Closed [ 6 ]
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 143895 ] JNJira + In-Review [ 205788 ]

              People

              • Assignee:
                kohsuke Kohsuke Kawaguchi
                Reporter:
                carno M S
              • Votes:
                11 Vote for this issue
                Watchers:
                13 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: