Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-8578

Permissions not enforced for Query and Trigger Gerrit Patches feature

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Our hudson is configured so that anonymous has no access (view, triggers build, nothing). Yet, without logging in, you can go to Query and Trigger Gerrit Patches, type in a query, and trigger builds. The UI says no jobs were triggered, but after logging back in, the job was indeed triggered. The Query and Trigger Gerrit Patches should at the minimum check that the logged in user has the Build permission for that specific job.

        Attachments

          Activity

          Hide
          ccutrer Cody Cutrer added a comment -

          I suppose this is an improvement, not a bug, since it is possible to globally disable the feature, which would meet the security requirements (at the loss of a very very very useful feature).

          Show
          ccutrer Cody Cutrer added a comment - I suppose this is an improvement, not a bug, since it is possible to globally disable the feature, which would meet the security requirements (at the loss of a very very very useful feature).
          Hide
          rsandell rsandell added a comment -

          Commit: fa95ddbf47b42daf638c
          Released in version 2.3.0

          Show
          rsandell rsandell added a comment - Commit: fa95ddbf47b42daf638c Released in version 2.3.0

            People

            • Assignee:
              rsandell rsandell
              Reporter:
              ccutrer Cody Cutrer
            • Votes:
              1 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: