Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55565

Folder-level nested views do not show "New Item" link when the Job/Create permission is not granted globally

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Open (View Workflow)
    • Priority: Major
    • Resolution: Unresolved
    • Component/s: core, nested-view-plugin
    • Labels:
      None
    • Environment:
      - Jenkins 2.138.2
      - Matrix Authorization Strategy Plugin 2.3
      - Folders Plugin 6.6
    • Similar Issues:

      Description

      The "New Item" Button is missing in Subviews of Nested Views when the Job/Create permission is not granted globally

       

      To reproduce:

       

      1. Create a Top-Level folder that sets "Do not inherit permission grant from other ACLs" then gives ALL the permission to a user or group.

      2. Create a Nested View in that folder.

      3. Create a List View in that Nested View.

       

      Now even the user has all the permissions the "New Item" button is missing in the List View, but it appears in the folder.

      Note: the "New Item"-Button also appears in a List View directly residing in the folder.

        Attachments

          Issue Links

            Activity

            Hide
            scic Daniel Zeiter added a comment -

            JENKINS-46540 might be a similar issue.

            Show
            scic Daniel Zeiter added a comment - JENKINS-46540 might be a similar issue.
            Hide
            danielbeck Daniel Beck added a comment -

            I am able to reproduce this problem on Jenkins 2.138.x and Matrix Auth 2.4.

            Show
            danielbeck Daniel Beck added a comment - I am able to reproduce this problem on Jenkins 2.138.x and Matrix Auth 2.4.
            Hide
            danielbeck Daniel Beck added a comment -

            This appears to be either a core bug, or a bug in nested view plugin.

            Core will only allow permissions to create jobs in views to users who have this permission globally:
            https://github.com/jenkinsci/jenkins/blob/a5a92af4bebc73298d2061e8e95227d4e416fc74/core/src/main/resources/hudson/model/View/sidepanel.jelly#L43

            It happens independent of "Do not inherit permission grant from other ACLs" – just don't grant the Item/Create permission globally.

            I expect this doesn't happen for folder-level non-nested views because AbstractFolder defines tasks-new.jelly and references tasks-create.jelly which has a folder-level permission check.

            nested-views plugin does not do that, so the fallback in core is used. Somewhere between the two, something goes wrong.

            Show
            danielbeck Daniel Beck added a comment - This appears to be either a core bug, or a bug in nested view plugin. Core will only allow permissions to create jobs in views to users who have this permission globally: https://github.com/jenkinsci/jenkins/blob/a5a92af4bebc73298d2061e8e95227d4e416fc74/core/src/main/resources/hudson/model/View/sidepanel.jelly#L43 It happens independent of "Do not inherit permission grant from other ACLs" – just don't grant the Item/Create permission globally. I expect this doesn't happen for folder-level non-nested views because  AbstractFolder defines tasks-new.jelly and references tasks-create.jelly which has a folder-level permission check. nested-views plugin does not do that, so the fallback in core is used. Somewhere between the two, something goes wrong.

              People

              • Assignee:
                Unassigned
                Reporter:
                scic Daniel Zeiter
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: