Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-1837

Anonymous users are able to reset scores even with security enabled

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Component/s: ci-game-plugin
    • Labels:
      None
    • Environment:
      Platform: All, OS: Linux
    • Similar Issues:

      Description

      With ci-game version 1.4, I am able to view the link to reset scores on the
      leader board even if I am logged in anonymously. I do have security enabled in
      matrix mode.

      If I bound the <l:task /> link for the "confirmResetScores" (in sidepanel.jelly)
      with the following check, the link appears only when desired (i.e., when an
      admin is logged in):

      <j:if test="$

      {h.hasPermission(app.ADMINISTER)}

      ">
      <l:task ... href="confirmResetScores" ... permission="$

      {it.CONFIGURE}" />
      </j:if>

      Not sure if the ${it.CONFIGURE}

      attribute value is not being picked up, or if I
      have a misconfiguration on my server somewhere.

        Attachments

          Activity

            People

            • Assignee:
              redsolo redsolo
              Reporter:
              drather19 drather19
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: