Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25691

Redeploy link is displayed to Anonymous users with read only permissions for a job

    Details

    • Similar Issues:

      Description

      Hello,

      We have a job with project-based security enabled. The job has to be visible to anonymous users and they should only have read-only permissions. After applying the "Read" permission for the job I tried checking out it out as an anonymous user. The job is displayed to the user, but I found out he can redeploy artifacts by clicking on the last successful/failed build number. This functionality is not desired and probably a bug.

      Regards,
      Steve

        Attachments

          Issue Links

            Activity

            Hide
            tftd Steve Todorov added a comment - - edited

            @Daniel no, the job is only in a view. We don't use the Cloudbees Folder plugin at all.

            Show
            tftd Steve Todorov added a comment - - edited @Daniel no, the job is only in a view. We don't use the Cloudbees Folder plugin at all.
            Hide
            danielbeck Daniel Beck added a comment -

            This is only a cosmetic issue, as clicking the link will require users to authenticate (if anonymous) or tell them they're not allowed (otherwise).

            Pull request with fix: https://github.com/jenkinsci/maven-plugin/pull/33

            Show
            danielbeck Daniel Beck added a comment - This is only a cosmetic issue, as clicking the link will require users to authenticate (if anonymous) or tell them they're not allowed (otherwise). Pull request with fix: https://github.com/jenkinsci/maven-plugin/pull/33
            Hide
            tftd Steve Todorov added a comment -

            You're right, I double tested it and when the user clicks the link it forces him to login. I probably was logged in last time when it deployed the artifacts. Thanks for checking and solving this issue!

            Show
            tftd Steve Todorov added a comment - You're right, I double tested it and when the user clicks the link it forces him to login. I probably was logged in last time when it deployed the artifacts. Thanks for checking and solving this issue!
            Hide
            jglick Jesse Glick added a comment -

            I guess the JIRA link daemon is down again.

            Show
            jglick Jesse Glick added a comment - I guess the JIRA link daemon is down again.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            core/src/main/java/hudson/model/TaskAction.java
            http://jenkins-ci.org/commit/jenkins/08542cad7524ba4838922622889700e4dd7c2ce1
            Log:
            Javadoc notes warning that the action should be hidden if impermissible.
            JENKINS-25691 Might have prevented the need for: https://github.com/jenkinsci/maven-plugin/pull/33

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/java/hudson/model/TaskAction.java http://jenkins-ci.org/commit/jenkins/08542cad7524ba4838922622889700e4dd7c2ce1 Log: Javadoc notes warning that the action should be hidden if impermissible. JENKINS-25691 Might have prevented the need for: https://github.com/jenkinsci/maven-plugin/pull/33

              People

              • Assignee:
                danielbeck Daniel Beck
                Reporter:
                tftd Steve Todorov
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: