Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55462

"shelve project" button missing for all non-admin users

    Details

    • Similar Issues:

      Description

      Hello,

      with project based authorisation, all non-admin user cannot see the Shelve Project button. the button will appear if we grant the administrator privileges to the user in Global Security.

      I manually created a free style project for testing which behaves the same.

      Jenkins and plugins are updated to the latest version.

      Thanks for helping.

      Roger

        Attachments

          Issue Links

            Activity

            rogerwang Roger Wang created issue -
            rogerwang Roger Wang made changes -
            Field Original Value New Value
            Priority Blocker [ 1 ] Major [ 3 ]
            Hide
            rogerwang Roger Wang added a comment -

            just add what we have tested:

            1. granted all permissions except administrator to user, the shelve project button is missing.
            2. change the authorisation to matrix based, the problem is still appeared.
            Show
            rogerwang Roger Wang added a comment - just add what we have tested: granted all permissions except administrator to user, the shelve project button is missing. change the authorisation to matrix based, the problem is still appeared.
            Hide
            pierrebtz Pierre Beitz added a comment -

            Roger Wang I reproduced the issue, it seems the check for the delete permission is not correct. I'll work on a fix as soon as possible.

            In the meantime, I confirm only the admin rights allows to shelve/unshelve.

            This doesn't seem like a regression as the guilty code has been here for a long time.

            Show
            pierrebtz Pierre Beitz added a comment - Roger Wang I reproduced the issue, it seems the check for the delete permission is not correct. I'll work on a fix as soon as possible. In the meantime, I confirm only the admin rights allows to shelve/unshelve. This doesn't seem like a regression as the guilty code has been here for a long time.
            rogerwang Roger Wang made changes -
            Assignee Pierre Beitz [ pierrebtz ] Roger Wang [ rogerwang ]
            rogerwang Roger Wang made changes -
            Assignee Roger Wang [ rogerwang ] Pierre Awaragi [ pierre ]
            rogerwang Roger Wang made changes -
            Assignee Pierre Awaragi [ pierre ] Pierre Beitz [ pierrebtz ]
            Hide
            rogerwang Roger Wang added a comment -

            Hi Pierre,

            For some reasons, it accidentally assign the case to me, so I assigned it back to you. 

            And just wondering anything I could do to speed up the crucial repairing task, as the Shelve Project feature is kind of essential requirement from our development team and we have to continue use the very old Jenkins until it is fixed.

            Thank you very much for your help.

            Roger

            Show
            rogerwang Roger Wang added a comment - Hi Pierre, For some reasons, it accidentally assign the case to me, so I assigned it back to you.  And just wondering anything I could do to speed up the crucial repairing task, as the Shelve Project feature is kind of essential requirement from our development team and we have to continue use the very old Jenkins until it is fixed. Thank you very much for your help. Roger
            Hide
            pierrebtz Pierre Beitz added a comment -

            Roger Wang I had a quick look, the fix in itself is quite simple but I see two issues:

            • I'm not sure how it could work in the past, could you please send me the Jenkins Core version + Shelve Plugin version that you worked for you so that I can dig deeper?
            • As I was saying, the fix is quite simple, but it would introduce an issue because of how the plugin is designed. It is due to the fact that anybody with the create permission on the root of Jenkins can see all the shelved projects. But somebody with the create permission on the root of Jenkins does not necessarily have the rights on a subfolder. Here is a simple example showing my case:

            User A has the create permission on root, but cannot see content of folder B. Somebody shelves a job in B, B/job. User A can browse the shelved jobs (because of the create permission on root), therefore he can see the B/job which he is not supposed to see.

             

            From my point of view, allowing users with the delete permission to shelve projects is ok, but allowing people with the create permission to see all the shelved project is not.

            This means I can make a quick fix, so that users with the delete permission have the rights to shelve. But only administrators will have the rights to unshelve.

             

             

            Show
            pierrebtz Pierre Beitz added a comment - Roger Wang I had a quick look, the fix in itself is quite simple but I see two issues: I'm not sure how it could work in the past, could you please send me the Jenkins Core version + Shelve Plugin version that you worked for you so that I can dig deeper? As I was saying, the fix is quite simple, but it would introduce an issue because of how the plugin is designed. It is due to the fact that anybody with the create permission on the root of Jenkins can see all the shelved projects. But somebody with the create permission on the root of Jenkins does not necessarily have the rights on a subfolder. Here is a simple example showing my case: User A has the create permission on root, but cannot see content of folder B. Somebody shelves a job in B, B/job. User A can browse the shelved jobs (because of the create permission on root), therefore he can see the B/job which he is not supposed to see.   From my point of view, allowing users with the delete permission to shelve projects is ok, but allowing people with the create permission to see all the shelved project is not. This means I can make a quick fix, so that users with the delete permission have the rights to shelve. But only administrators will have the rights to unshelve.    
            Hide
            rogerwang Roger Wang added a comment -

            Hi Pierre,

            That is great news. I am still waiting our development's opinion for your suggestion. But, in my perspective, that should solve our problems for now if we can't have the permanent solution.

            Besides that, the current Jenkins is v1.590 and Shelve Project plugin is v1.5.

            Thank you for your help!

            Cheers,

            Roger

            Show
            rogerwang Roger Wang added a comment - Hi Pierre, That is great news. I am still waiting our development's opinion for your suggestion. But, in my perspective, that should solve our problems for now if we can't have the permanent solution. Besides that, the current Jenkins is v1.590 and Shelve Project plugin is v1.5. Thank you for your help! Cheers, Roger
            Hide
            rogerwang Roger Wang added a comment -

            Hello Pierre,

            the development team think that should be doable.  So, just wondering when could we have a trial? 

            Thank you very much!

            Roger

            Show
            rogerwang Roger Wang added a comment - Hello Pierre, the development team think that should be doable.  So, just wondering when could we have a trial?  Thank you very much! Roger
            Hide
            rogerwang Roger Wang added a comment -

            Hello Pierre Beitz, just wondering if there is any issues about the fix. anything we could do to speed up the process?

            Show
            rogerwang Roger Wang added a comment - Hello Pierre Beitz , just wondering if there is any issues about the fix. anything we could do to speed up the process?
            Hide
            pierrebtz Pierre Beitz added a comment -

            Roger Wang Sorry for the delay. No issue, I didn't have time to work on the plugin lately... Fix is straightforward, I just need to make some time to test it properly.

            Show
            pierrebtz Pierre Beitz added a comment - Roger Wang Sorry for the delay. No issue, I didn't have time to work on the plugin lately... Fix is straightforward, I just need to make some time to test it properly.
            Hide
            rogerwang Roger Wang added a comment -

            Hi Pierre Beitz,

            Thanks for your help. Sorry to keep bothering you when you are busy. Please let us know when the fix is done.

            Show
            rogerwang Roger Wang added a comment - Hi Pierre Beitz , Thanks for your help. Sorry to keep bothering you when you are busy. Please let us know when the fix is done.
            pierrebtz Pierre Beitz made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            pierrebtz Pierre Beitz made changes -
            Remote Link This issue links to "PR#17 (Web Link)" [ 22457 ]
            pierrebtz Pierre Beitz made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            pierrebtz Pierre Beitz made changes -
            Status In Review [ 10005 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            pierrebtz Pierre Beitz made changes -
            Labels 2.4-fixed

              People

              • Assignee:
                pierrebtz Pierre Beitz
                Reporter:
                rogerwang Roger Wang
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: