Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-2773

Results of task scan should be limited to authenticated users

    Details

    • Type: Improvement
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: tasks-plugin
    • Labels:
      None
    • Environment:
      Platform: All, OS: All
    • Similar Issues:

      Description

      Non-authenticated users like anonymous have limited permissions when viewing projects – for instance,
      they are not allowed to browse a project's workspace. However, the task scanner plugin circumvents this
      security measure by allowing anonymous users to view the source code files in the task reports. This
      plugin should prevent these reports from being shown unless the user is authenticated in Hudson.

        Attachments

          Activity

          Hide
          zixenator zixenator added a comment -

          I agree. We share Hudson with two groups - tech support and programmers. Tech
          support are not allowed access to the source code, and this prevents us from
          using this plugin (which is a shame because the programmers all really want
          it). Perhaps the portions of the plugin that display the source code could be
          tied to the workspace read permission?

          Show
          zixenator zixenator added a comment - I agree. We share Hudson with two groups - tech support and programmers. Tech support are not allowed access to the source code, and this prevents us from using this plugin (which is a shame because the programmers all really want it). Perhaps the portions of the plugin that display the source code could be tied to the workspace read permission?
          Hide
          drulli Ulli Hafner added a comment -

          Fixed in TRUNK. Authorization is bound to Hudson.ADMINISTRATOR.

          Show
          drulli Ulli Hafner added a comment - Fixed in TRUNK. Authorization is bound to Hudson.ADMINISTRATOR.
          Hide
          krischan83 krischan83 added a comment -

          Is it intended to permit administrators only the source code?

          In our overall project (https://rtsys.informatik.uni-kiel.de/hudson/) are a few
          admins.
          Each sub project has it's conductor who is responsible for the code and the
          nightly build job configuration.

          However, even the sub project guys are not able use the very nice presenting
          features of Hudson's code analysis tools completely.

          Long story short: I demand for allowing each authorized person to view the code
          or additional conig opportunities.

          Best,
          Christian

          Show
          krischan83 krischan83 added a comment - Is it intended to permit administrators only the source code? In our overall project ( https://rtsys.informatik.uni-kiel.de/hudson/ ) are a few admins. Each sub project has it's conductor who is responsible for the code and the nightly build job configuration. However, even the sub project guys are not able use the very nice presenting features of Hudson's code analysis tools completely. Long story short: I demand for allowing each authorized person to view the code or additional conig opportunities. Best, Christian
          Hide
          drulli Ulli Hafner added a comment -

          Well actually I don't know what the original reported intended.

          The best thing would be to replace the current permission (Hudson.ADMIN) with
          the AbstractProject.WORKSPACE role that is also used when accessing the
          workspace files.

          What do you think?

          Show
          drulli Ulli Hafner added a comment - Well actually I don't know what the original reported intended. The best thing would be to replace the current permission (Hudson.ADMIN) with the AbstractProject.WORKSPACE role that is also used when accessing the workspace files. What do you think?
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in hudson
          User: : drulli
          Path:
          branches/drulli-commons-plugin/analysis-core/src/main/java/hudson/plugins/analysis/util/DetailBuilder.java
          branches/drulli-commons-plugin/analysis-core/src/main/java/hudson/plugins/analysis/util/model/AbstractAnnotation.java
          http://fisheye4.cenqua.com/changelog/hudson/?cs=22464
          Log:
          [FIXED JENKINS-2773] Changed source code viewing permission from ADMINISTRATION to WORKSPACE.

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in hudson User: : drulli Path: branches/drulli-commons-plugin/analysis-core/src/main/java/hudson/plugins/analysis/util/DetailBuilder.java branches/drulli-commons-plugin/analysis-core/src/main/java/hudson/plugins/analysis/util/model/AbstractAnnotation.java http://fisheye4.cenqua.com/changelog/hudson/?cs=22464 Log: [FIXED JENKINS-2773] Changed source code viewing permission from ADMINISTRATION to WORKSPACE.
          Hide
          krischan83 krischan83 added a comment -

          Oh, I'm absolutely OK with that solution !

          Do you have an idea when the feature will be available, i.e. the next release is
          scheduled?

          best,
          Christian

          Show
          krischan83 krischan83 added a comment - Oh, I'm absolutely OK with that solution ! Do you have an idea when the feature will be available, i.e. the next release is scheduled? best, Christian

            People

            • Assignee:
              drulli Ulli Hafner
              Reporter:
              sqook sqook
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: