-
Bug
-
Resolution: Fixed
-
Critical
-
None
-
Mac OS X
LDAP matrix-based security
In 2f202613be0e44c48b8185b7b639c25d18e06003, job name expansion based on parameters is disallowed unless the job is accessible to all authenticated users. This was because a user could create a job that could access another job for which they don't have the credentials. However, this doesn't make sense:
- It's only applicable with project-based security (I use LDAP + matrix-based)
- How do you tell the difference between an "authorized" job and an "unauthorized" job? Jobs don't have permissions, users do.
- It's the administrator's job to authorize those who can create jobs in the first place.
- Opening up a project to ALL authenticated LDAP users, regardless of their group, in order to use the plugin, is unacceptable.