Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-44136

Anonymous user can abort pipeline if choose abort in input

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Proceed and abort options treats different for anonymous user. 

      When user are not logged in and it comes to Proceed or Abort options in input step. It is supposed to be neither of them valid for such user. But current case : user can abort the whole pipeline.

      Should this be treated as a bug or the logic in canSettle() is correct?

        Attachments

          Activity

          Hide
          shaiton Kevin Raymond added a comment -

          On the other hand, an authenticated user who don't have the right to Proceed can Abort.

          We might imagine a long standing pipeline (several builds) it should not be aborted by a wrong user.

           

          Proceed and Abort should most probably use the same logic using the submitter parameter.

          Show
          shaiton Kevin Raymond added a comment - On the other hand, an authenticated user who don't have the right to Proceed can Abort. We might imagine a long standing pipeline (several builds) it should not be aborted by a wrong user.   Proceed and Abort should most probably use the same logic using the submitter parameter.
          Hide
          abayer Andrew Bayer added a comment -

          This was fixed a little while ago in a security fix. Let me know if you're still having this problem with the latest version.

          Show
          abayer Andrew Bayer added a comment - This was fixed a little while ago in a security fix. Let me know if you're still having this problem with the latest version.

            People

            • Assignee:
              Unassigned
              Reporter:
              zdtsw Wen Zhou
            • Votes:
              1 Vote for this issue
              Watchers:
              5 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: