Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-31727

Access Denied - Please login to access job XXX on project summary page

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      I'm using the Role Strategy Plugin to control who can Discover, Read, Build, & Cancel specific jobs on Jenkins. When a user logins to Jenkins he/she will see only the jobs he/she has permission to run.

      Some of the jobs Trigger/Call builds on other projects. This works fine when running the job. i.e. Though restricted to Job X the user also kicks off Job Y because it is a sub-project of Job X. But, when signed in as a restricted user, an error appears on Job X's main page. See the attached screenshot. Essentially this error message is displayed on the webpage where Subprojects should be defined which says Access Denied - Please login to access job Y.

      This issue was discovered while betaing a job with a user. It's not a deal breaker but it obviously can cause confusion. The html should either not show the Sub-Projects if the user does not have permission. Or it should show the subprojects as normal since the user is in fact running them.

        Attachments

          Issue Links

            Activity

            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            Hi Shane,

            I suspect it's an issue in Parameterized trigger plugin. I'll investigate it and provide the test results.

            Show
            oleg_nenashev Oleg Nenashev added a comment - Hi Shane, I suspect it's an issue in Parameterized trigger plugin. I'll investigate it and provide the test results.
            Hide
            oleg_nenashev Oleg Nenashev added a comment -

            The issue has been caused b the Parameterized Trigger Plugin
            The issue has been caused by the global Item.DISCOVER permission without global Item.READ. It causes the IllegalStateException in SubProjectAction Groovy web UI layouts, which somehow leads to such behavior. I'm working on the fix

            Show
            oleg_nenashev Oleg Nenashev added a comment - The issue has been caused b the Parameterized Trigger Plugin The issue has been caused by the global Item.DISCOVER permission without global Item.READ. It causes the IllegalStateException in SubProjectAction Groovy web UI layouts, which somehow leads to such behavior. I'm working on the fix
            Hide
            oleg_nenashev Oleg Nenashev added a comment -
            Show
            oleg_nenashev Oleg Nenashev added a comment - Created the pull request: https://github.com/jenkinsci/parameterized-trigger-plugin/pull/96
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            src/test/java/hudson/plugins/parameterizedtrigger/test/BuildTriggerConfigTest.java
            http://jenkins-ci.org/commit/parameterized-trigger-plugin/15604f1363f0c868069827de5a531438506ae173
            Log:
            JENKINS-31727 - Direct unit test reproducing the issue

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: src/test/java/hudson/plugins/parameterizedtrigger/test/BuildTriggerConfigTest.java http://jenkins-ci.org/commit/parameterized-trigger-plugin/15604f1363f0c868069827de5a531438506ae173 Log: JENKINS-31727 - Direct unit test reproducing the issue
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Oleg Nenashev
            Path:
            src/main/java/hudson/plugins/parameterizedtrigger/BuildTriggerConfig.java
            http://jenkins-ci.org/commit/parameterized-trigger-plugin/9ebaae3b26552db97c81331376b42ef6b585d05e
            Log:
            [FIXED JENKINS-31727] - Add AccessDenied checks to make the configuration robust against Item.DISCOVER without Item.READ

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Oleg Nenashev Path: src/main/java/hudson/plugins/parameterizedtrigger/BuildTriggerConfig.java http://jenkins-ci.org/commit/parameterized-trigger-plugin/9ebaae3b26552db97c81331376b42ef6b585d05e Log: [FIXED JENKINS-31727] - Add AccessDenied checks to make the configuration robust against Item.DISCOVER without Item.READ
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Sam Van Oort
            Path:
            src/main/java/hudson/plugins/parameterizedtrigger/BuildTriggerConfig.java
            src/test/java/hudson/plugins/parameterizedtrigger/test/BuildTriggerConfigTest.java
            http://jenkins-ci.org/commit/parameterized-trigger-plugin/5cc4a44ca4969139751793db03dc23f24b31ef20
            Log:
            Merge pull request #96 from oleg-nenashev/JENKINS-31727

            [FIXED JENKINS-31727] - ConfigTrigger should be tolerant against Item.DISCOVER without Item.READ

            Compare: https://github.com/jenkinsci/parameterized-trigger-plugin/compare/9741736f532e...5cc4a44ca496

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Sam Van Oort Path: src/main/java/hudson/plugins/parameterizedtrigger/BuildTriggerConfig.java src/test/java/hudson/plugins/parameterizedtrigger/test/BuildTriggerConfigTest.java http://jenkins-ci.org/commit/parameterized-trigger-plugin/5cc4a44ca4969139751793db03dc23f24b31ef20 Log: Merge pull request #96 from oleg-nenashev/ JENKINS-31727 [FIXED JENKINS-31727] - ConfigTrigger should be tolerant against Item.DISCOVER without Item.READ Compare: https://github.com/jenkinsci/parameterized-trigger-plugin/compare/9741736f532e...5cc4a44ca496

              People

              • Assignee:
                oleg_nenashev Oleg Nenashev
                Reporter:
                sgannon200 Shane Gannon
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: