Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-8355

Allow to filter by user/group

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      We use LDAP login to our hudson webinterface, so it would be nice to filter job view by user/group such that not all internals can be seen by everyone. Also the 'anonymous' user who cannot login should not see every job - even if matrix based security allows him to read.

        Attachments

          Activity

          Hide
          jacob_robertson Jacob Robertson added a comment - - edited

          I will implement this feature, but I'd like to get your feedback first to make sure I'm clear on what you want. The way I'm imagining this is that the Hudson admin will configure security however makes sense for them, and this filter will help you to create views that filter out jobs that fit within certain roles. For example, if certain users (i.e. a group) are configured to be only able to read certain jobs, only able to build certain other jobs, and finally there are some jobs they can also configure – then we could create different views that each captured the permissions. Since we can't associate jobs specifically with users or groups, we would filter based on permissions of the current user. For example, we could have a view representing "All Jobs You can Build" and another one for "All Jobs You can Configure".

          I have attached a screenshot of what this might look like. Please let me know if this does/doesn't meet your use cases. If not, I'll need some more details from you on how you'd like to filter jobs out of a view based on security settings.

          Show
          jacob_robertson Jacob Robertson added a comment - - edited I will implement this feature, but I'd like to get your feedback first to make sure I'm clear on what you want. The way I'm imagining this is that the Hudson admin will configure security however makes sense for them, and this filter will help you to create views that filter out jobs that fit within certain roles. For example, if certain users (i.e. a group) are configured to be only able to read certain jobs, only able to build certain other jobs, and finally there are some jobs they can also configure – then we could create different views that each captured the permissions. Since we can't associate jobs specifically with users or groups, we would filter based on permissions of the current user. For example, we could have a view representing "All Jobs You can Build" and another one for "All Jobs You can Configure". I have attached a screenshot of what this might look like. Please let me know if this does/doesn't meet your use cases. If not, I'll need some more details from you on how you'd like to filter jobs out of a view based on security settings.
          Hide
          hbockelmann hbockelmann added a comment -

          If a view filter based on login name (username or group) is not possible, your suggestions matches my setting. Actually the hudson admin is the only one to create and configure jobs and we want to distinguish two classes of other users: first the anonymous user who has no rights but to view the actual status of some dedicated jobs (maybe also the workspace content), second the authenticated user (who can login via LDAP authentication) who might also build some jobs and update the description of the builds he triggered. Most jobs should only be visible to the admin, since they present some minor steps in a long job-chain.
          We are indeed using the Project-based Matrix Authorization Strategy to set these rights and so your suggested solution is meaningful to me. btw: we granted the Overall/Read right to the Anonymous user, but still if you are not logged in you cannot see anything. I expected that at least the dashboard should be visible?

          Show
          hbockelmann hbockelmann added a comment - If a view filter based on login name (username or group) is not possible, your suggestions matches my setting. Actually the hudson admin is the only one to create and configure jobs and we want to distinguish two classes of other users: first the anonymous user who has no rights but to view the actual status of some dedicated jobs (maybe also the workspace content), second the authenticated user (who can login via LDAP authentication) who might also build some jobs and update the description of the builds he triggered. Most jobs should only be visible to the admin, since they present some minor steps in a long job-chain. We are indeed using the Project-based Matrix Authorization Strategy to set these rights and so your suggested solution is meaningful to me. btw: we granted the Overall/Read right to the Anonymous user, but still if you are not logged in you cannot see anything. I expected that at least the dashboard should be visible?
          Hide
          jacob_robertson Jacob Robertson added a comment -

          I have completed the implementation for the filter the way I showed it in the screenshot, and you can look for it to be released in the very near future. I would of course still be open to changes and improvements, and will think a little more about the logistics behind basing a filter on a username or group.

          Also, for the Anonymous user to see a job they will also need the "Jobs/Read" right for that job. You can set that either at the global level or at the job level since you're using project-based matrix security. If the anonymous user can't see any jobs (at all), then it shows basically a blank view with a "there are no jobs in this view" sort of a message.

          Show
          jacob_robertson Jacob Robertson added a comment - I have completed the implementation for the filter the way I showed it in the screenshot, and you can look for it to be released in the very near future. I would of course still be open to changes and improvements, and will think a little more about the logistics behind basing a filter on a username or group. Also, for the Anonymous user to see a job they will also need the "Jobs/Read" right for that job. You can set that either at the global level or at the job level since you're using project-based matrix security. If the anonymous user can't see any jobs (at all), then it shows basically a blank view with a "there are no jobs in this view" sort of a message.

            People

            • Assignee:
              jacob_robertson Jacob Robertson
              Reporter:
              hbockelmann hbockelmann
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: