Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-13502

Editing any job removes inaccessible downstream jobs from all accessible jobs

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      If a user is editing any job, all jobs accessible to that user lose their downstream build triggers to jobs that are inaccessible to the editing user.

      Example:
      1. Jenkins is using a project-based security model (e.g. project-based matrix or role strategy plugin)
      2. There are two users, Admin (full access) and User (restricted access).
      3. There are three jobs, U (upstream), D (downstream), and E (edit).
      4. Give User read-only access to job U and read/config access to job E. Give User no permissions for job D.
      5. Admin adds a downstream build of job D to job U. This association is invisible to user U1 despite read access to job U.
      6. User edits job E

      Expected result
      Job U is not affected.

      Actual result
      The build trigger of job D is removed from job U despite User neither having editing permissions to that job, nor actually accessing that job.

      Workarounds
      Use parameterized build trigger and check [x] trigger without parameters

      Notes

      • Something similar would probably happen when User is editing job U despite nobody expecting removal of the invisible association, but there's at least some connection between User's action and the removal of the association.
      • Classified as blocker, since this issue is difficult to track down (even with e.g. job config history plugin), bypasses Jenkins security, and can break a lot of job upstream/downstream associations for no apparent reason.

        Attachments

          Issue Links

            Activity

            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Nicolas De Loof
            Path:
            changelog.html
            core/src/main/java/hudson/model/AbstractProject.java
            http://jenkins-ci.org/commit/jenkins/5d38d40e550ea918101c3b3249384c2158177698
            Log:
            [FIXED JENKINS-13502] impersonate a SYSTEM to handle upstream build trigger

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Nicolas De Loof Path: changelog.html core/src/main/java/hudson/model/AbstractProject.java http://jenkins-ci.org/commit/jenkins/5d38d40e550ea918101c3b3249384c2158177698 Log: [FIXED JENKINS-13502] impersonate a SYSTEM to handle upstream build trigger
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Nicolas De Loof
            Path:
            core/src/main/java/hudson/model/AbstractProject.java
            test/src/test/java/hudson/model/AbstractProjectTest.java
            http://jenkins-ci.org/commit/jenkins/dbc212e2e3ac364d08f73897c1b8f1202b5d937e
            Log:
            unit test to reproduce JENKINS-13502 and confirm fix

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Nicolas De Loof Path: core/src/main/java/hudson/model/AbstractProject.java test/src/test/java/hudson/model/AbstractProjectTest.java http://jenkins-ci.org/commit/jenkins/dbc212e2e3ac364d08f73897c1b8f1202b5d937e Log: unit test to reproduce JENKINS-13502 and confirm fix
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            changelog.html
            core/src/main/java/hudson/model/AbstractProject.java
            test/src/test/java/hudson/model/AbstractProjectTest.java
            http://jenkins-ci.org/commit/jenkins/ef9c30c665c4a5c59e1a1af54072b95831eed831
            Log:
            Merge pull request #722 from ndeloof/master

            [FIXED JENKINS-13502] Fix dependency graph computation when upstream build trigger is involved

            Compare: https://github.com/jenkinsci/jenkins/compare/fa50b3d7e6e2...ef9c30c665c4


            You received this message because you are subscribed to the Google Groups "Jenkins Commits" group.
            To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscribe@googlegroups.com.
            For more options, visit https://groups.google.com/groups/opt_out.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: changelog.html core/src/main/java/hudson/model/AbstractProject.java test/src/test/java/hudson/model/AbstractProjectTest.java http://jenkins-ci.org/commit/jenkins/ef9c30c665c4a5c59e1a1af54072b95831eed831 Log: Merge pull request #722 from ndeloof/master [FIXED JENKINS-13502] Fix dependency graph computation when upstream build trigger is involved Compare: https://github.com/jenkinsci/jenkins/compare/fa50b3d7e6e2...ef9c30c665c4 – You received this message because you are subscribed to the Google Groups "Jenkins Commits" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out .
            Hide
            dogfood dogfood added a comment -

            Integrated in jenkins_main_trunk #2324
            [FIXED JENKINS-13502] impersonate a SYSTEM to handle upstream build trigger (Revision 5d38d40e550ea918101c3b3249384c2158177698)
            unit test to reproduce JENKINS-13502 and confirm fix (Revision dbc212e2e3ac364d08f73897c1b8f1202b5d937e)

            Result = SUCCESS
            Nicolas De Loof : 5d38d40e550ea918101c3b3249384c2158177698
            Files :

            • core/src/main/java/hudson/model/AbstractProject.java
            • changelog.html

            Nicolas De Loof : dbc212e2e3ac364d08f73897c1b8f1202b5d937e
            Files :

            • test/src/test/java/hudson/model/AbstractProjectTest.java
            • core/src/main/java/hudson/model/AbstractProject.java
            Show
            dogfood dogfood added a comment - Integrated in jenkins_main_trunk #2324 [FIXED JENKINS-13502] impersonate a SYSTEM to handle upstream build trigger (Revision 5d38d40e550ea918101c3b3249384c2158177698) unit test to reproduce JENKINS-13502 and confirm fix (Revision dbc212e2e3ac364d08f73897c1b8f1202b5d937e) Result = SUCCESS Nicolas De Loof : 5d38d40e550ea918101c3b3249384c2158177698 Files : core/src/main/java/hudson/model/AbstractProject.java changelog.html Nicolas De Loof : dbc212e2e3ac364d08f73897c1b8f1202b5d937e Files : test/src/test/java/hudson/model/AbstractProjectTest.java core/src/main/java/hudson/model/AbstractProject.java
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            test/src/test/groovy/hudson/model/AbstractProjectTest.groovy
            http://jenkins-ci.org/commit/jenkins/b53139e0db15d1a9b8f6b8eac5b08c33ea40566b
            Log:
            Test of JENKINS-13502 fix is obsolete since we no longer check permissions when configuring triggers.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: test/src/test/groovy/hudson/model/AbstractProjectTest.groovy http://jenkins-ci.org/commit/jenkins/b53139e0db15d1a9b8f6b8eac5b08c33ea40566b Log: Test of JENKINS-13502 fix is obsolete since we no longer check permissions when configuring triggers.

              People

              • Assignee:
                ndeloof Nicolas De Loof
                Reporter:
                danielbeck Daniel Beck
              • Votes:
                2 Vote for this issue
                Watchers:
                7 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: