Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-25691

Redeploy link is displayed to Anonymous users with read only permissions for a job

    Details

    • Similar Issues:

      Description

      Hello,

      We have a job with project-based security enabled. The job has to be visible to anonymous users and they should only have read-only permissions. After applying the "Read" permission for the job I tried checking out it out as an anonymous user. The job is displayed to the user, but I found out he can redeploy artifacts by clicking on the last successful/failed build number. This functionality is not desired and probably a bug.

      Regards,
      Steve

        Attachments

        1. Configure Global Security ACL.png
          54 kB
          Steve Todorov
        2. job acl.png
          37 kB
          Steve Todorov
        3. screenshot.png
          35 kB
          Steve Todorov

          Issue Links

            Activity

            Hide
            tftd Steve Todorov added a comment - - edited

            @Daniel no, the job is only in a view. We don't use the Cloudbees Folder plugin at all.

            Show
            tftd Steve Todorov added a comment - - edited @Daniel no, the job is only in a view. We don't use the Cloudbees Folder plugin at all.
            Hide
            danielbeck Daniel Beck added a comment -

            This is only a cosmetic issue, as clicking the link will require users to authenticate (if anonymous) or tell them they're not allowed (otherwise).

            Pull request with fix: https://github.com/jenkinsci/maven-plugin/pull/33

            Show
            danielbeck Daniel Beck added a comment - This is only a cosmetic issue, as clicking the link will require users to authenticate (if anonymous) or tell them they're not allowed (otherwise). Pull request with fix: https://github.com/jenkinsci/maven-plugin/pull/33
            Hide
            tftd Steve Todorov added a comment -

            You're right, I double tested it and when the user clicks the link it forces him to login. I probably was logged in last time when it deployed the artifacts. Thanks for checking and solving this issue!

            Show
            tftd Steve Todorov added a comment - You're right, I double tested it and when the user clicks the link it forces him to login. I probably was logged in last time when it deployed the artifacts. Thanks for checking and solving this issue!
            Hide
            jglick Jesse Glick added a comment -

            I guess the JIRA link daemon is down again.

            Show
            jglick Jesse Glick added a comment - I guess the JIRA link daemon is down again.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Jesse Glick
            Path:
            core/src/main/java/hudson/model/TaskAction.java
            http://jenkins-ci.org/commit/jenkins/08542cad7524ba4838922622889700e4dd7c2ce1
            Log:
            Javadoc notes warning that the action should be hidden if impermissible.
            JENKINS-25691 Might have prevented the need for: https://github.com/jenkinsci/maven-plugin/pull/33

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: core/src/main/java/hudson/model/TaskAction.java http://jenkins-ci.org/commit/jenkins/08542cad7524ba4838922622889700e4dd7c2ce1 Log: Javadoc notes warning that the action should be hidden if impermissible. JENKINS-25691 Might have prevented the need for: https://github.com/jenkinsci/maven-plugin/pull/33

              People

              • Assignee:
                danielbeck Daniel Beck
                Reporter:
                tftd Steve Todorov
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: