-
New Feature
-
Resolution: Fixed
-
Critical
-
None
-
Platform: All, OS: All
Context:
I'm trying to use per-project authorization matrixes, in order to allow users to
add custom jobs for branches they may have to create into the SVN repository,
without letting them tweak the others jobs – and especially the main job,
which surveys the repository's trunk and shall ONLY be carefully configured by
the Hudson server's admins.
Problem:
-> If I don't give a standard (non-admin) user the authorization to globally
configure projects, he/she won't be able to configure/manage his new-made
project without requiring admin's intervention.
-> And if I give standard users the global job-configuration power, they will be
able to tamper with the main (trunk-related) job, which is unacceptable!
To see the problem "live", follow this procedure:
- Ensure Hudson is configured to use per-project matrix-based authorization
strategy. - If it isn't already the case, create at least 2 users on your Hudson
config.: one with full powers ("administrator" who sould already exist anyway),
and a standard user (only able to read, see workspaces and build jobs). - If it's not already the case, create a job (named "main"), which should only
be configured by admin(s). - Give the standard user the right to create jobs.
- Exit Hudson, then log in as your standard user. "Enter" the main job: you
can't configure it (OK). Try to create a new "branch1" job. PROBLEM (1): you get
an error ("xxx user is missing the configure permission"); the job is however
created, but you can't configure it (nor delete it)! - Exit Hudson, then log back as an administrator, then configure Hudson to
allow the standard user to globally configure jobs. - Exit Hudson, then log in as your standard user. Create a new "branch2" job,
then "enter" it: you can now configure it (OK). Exit this job, then enter the
"main" job. PROBLEM (2): you can also configure it!
Enhancement proposed:
It would be desirable to automatically give an user the full powers over a job
he/she has just created (he/she will of course have the responsibility to tune
the authorizations on his/her new job accurately).
Hudson server configuration:
Hudson 1.309, running standalone (with its embedded Winstone app. server, and
its own user database) on Linux Debian 5.0.