Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-33883

allow anonymous read of cc.xml file works only for root one

    Details

    • Similar Issues:

      Description

      It seems that the option to allow anonymous users to read the /cc.xml works only for the root one and not for those associated with other views, or the special "all" view which is exposed at /view/All/cc.xml

      This bug has a serious impact because due to it, it means that you can only expose the status of the jobs present on the default view. On any serious setup, the default view does not expose ALL jobs.

      Even worse, it seems that if you try to get the other cc.xml files you get a 403 but if you try to use basic auth, you will get a 500 error.

      Ideally the github integration plugin should expose github login as basic auth, so we can use it from other applications too. Still, this would be subject to a different bug report.

        Attachments

          Issue Links

            Activity

            Hide
            ssbarnea Sorin Sbarnea added a comment -

            Sam Gleske I added PR that solves this bug. I tested the code myself and works as expected. Now the cc.xml files from inside folders can also be accessed.

            Show
            ssbarnea Sorin Sbarnea added a comment - Sam Gleske I added PR that solves this bug. I tested the code myself and works as expected. Now the cc.xml files from inside folders can also be accessed.
            Hide
            sag47 Sam Gleske added a comment -

            Great, thanks for the PR. I'll open it for code review and test it myself.

            Show
            sag47 Sam Gleske added a comment - Great, thanks for the PR. I'll open it for code review and test it myself.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Sorin Sbarnea
            Path:
            src/main/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACL.java
            src/main/resources/org/jenkinsci/plugins/GithubAuthorizationStrategy/config.jelly
            src/main/webapp/help/auth/grant-read-to-cctray-help.html
            http://jenkins-ci.org/commit/github-oauth-plugin/87ff4fc335dc4bb1875145f5a58a4e64d2cd7056
            Log:
            Fixed JENKINS-33883 by allowing .*/cc.xml instead of only root one.

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Sorin Sbarnea Path: src/main/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACL.java src/main/resources/org/jenkinsci/plugins/GithubAuthorizationStrategy/config.jelly src/main/webapp/help/auth/grant-read-to-cctray-help.html http://jenkins-ci.org/commit/github-oauth-plugin/87ff4fc335dc4bb1875145f5a58a4e64d2cd7056 Log: Fixed JENKINS-33883 by allowing .*/cc.xml instead of only root one.
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Sam Gleske
            Path:
            src/main/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACL.java
            src/main/resources/org/jenkinsci/plugins/GithubAuthorizationStrategy/config.jelly
            src/main/webapp/help/auth/grant-read-to-cctray-help.html
            http://jenkins-ci.org/commit/github-oauth-plugin/be21b48813d9b57f4fcfdeb076918ad5e17f6e45
            Log:
            Merge #52 Fixed JENKINS-33883 by allowing .*/cc.xml

            instead of only root one.

            Compare: https://github.com/jenkinsci/github-oauth-plugin/compare/8b50e781ca83...be21b48813d9

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Sam Gleske Path: src/main/java/org/jenkinsci/plugins/GithubRequireOrganizationMembershipACL.java src/main/resources/org/jenkinsci/plugins/GithubAuthorizationStrategy/config.jelly src/main/webapp/help/auth/grant-read-to-cctray-help.html http://jenkins-ci.org/commit/github-oauth-plugin/be21b48813d9b57f4fcfdeb076918ad5e17f6e45 Log: Merge #52 Fixed JENKINS-33883 by allowing .*/cc.xml instead of only root one. Compare: https://github.com/jenkinsci/github-oauth-plugin/compare/8b50e781ca83...be21b48813d9
            Hide
            sag47 Sam Gleske added a comment -

            Thanks for contributing a fix. I have merged your proposed change. I reproduced the behavior, tested the upgrade, and verified the fix.

            I'll close this issue after I perform a release.

            Show
            sag47 Sam Gleske added a comment - Thanks for contributing a fix. I have merged your proposed change. I reproduced the behavior, tested the upgrade, and verified the fix. I'll close this issue after I perform a release.
            Hide
            sag47 Sam Gleske added a comment -

            Released 0.24.

            Show
            sag47 Sam Gleske added a comment - Released 0.24.

              People

              • Assignee:
                sag47 Sam Gleske
                Reporter:
                ssbarnea Sorin Sbarnea
              • Votes:
                1 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: