Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-1158

improve security - link to jobs

    XMLWordPrintable

    Details

    • Type: Improvement
    • Status: Closed (View Workflow)
    • Priority: Major
    • Resolution: Fixed
    • Component/s: _unsorted
    • Labels:
      None
    • Environment:
      Platform: All, OS: All
    • Similar Issues:

      Description

      Security now allows for overall control, this control can be extended to allow a
      user or group of users to only have access to views they are permitted to view,
      and only build projects they are permitted to build.

        Attachments

          Activity

          Hide
          huybrechts huybrechts added a comment -

          Attaching a patch that provides a start for job-based security.

          • each object has its own getACL()
          • which delegates to AuthorizationStrategy
          • existing strategies all return the root acl for each object
          • changed jelly scripts to use object permissions

          The patch also contains a ProjectBasedAuthorizationStrategy. This is a working
          strategy but it does not define any way to link jobs to users. I get this
          information from a link with SFEE (not included in patch).

          Show
          huybrechts huybrechts added a comment - Attaching a patch that provides a start for job-based security. each object has its own getACL() which delegates to AuthorizationStrategy existing strategies all return the root acl for each object changed jelly scripts to use object permissions The patch also contains a ProjectBasedAuthorizationStrategy. This is a working strategy but it does not define any way to link jobs to users. I get this information from a link with SFEE (not included in patch).
          Hide
          huybrechts huybrechts added a comment -

          Created an attachment (id=173)
          patch for project based security

          Show
          huybrechts huybrechts added a comment - Created an attachment (id=173) patch for project based security
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in hudson
          User: : huybrechts
          Path:
          branches/tom/main/core/src/main/java/hudson/Functions.java
          branches/tom/main/core/src/main/java/hudson/model/AbstractItem.java
          branches/tom/main/core/src/main/java/hudson/model/AbstractProject.java
          branches/tom/main/core/src/main/java/hudson/model/Computer.java
          branches/tom/main/core/src/main/java/hudson/security/AccessControlled.java
          branches/tom/main/core/src/main/java/hudson/security/AuthorizationStrategy.java
          branches/tom/main/core/src/main/java/hudson/util/FormFieldValidator.java
          branches/tom/main/core/src/main/resources/hudson/model/Computer/index.jelly
          branches/tom/main/core/src/main/resources/hudson/model/ComputerSet/index.jelly
          branches/tom/main/core/src/main/resources/hudson/model/Hudson/configure.jelly
          branches/tom/main/core/src/main/resources/hudson/model/Hudson/log.jelly
          branches/tom/main/core/src/main/resources/hudson/model/Hudson/managePlugins.jelly
          branches/tom/main/core/src/main/resources/hudson/model/Slave/ComputerImpl/disconnect.jelly
          branches/tom/main/core/src/main/resources/hudson/model/Slave/ComputerImpl/log.jelly
          branches/tom/main/core/src/main/resources/hudson/model/View/index.jelly
          branches/tom/main/core/src/main/resources/lib/layout/layout.jelly
          branches/tom/main/core/src/main/resources/lib/layout/task.jelly
          http://fisheye4.cenqua.com/changelog/hudson/?cs=8,548
          Log:
          Issue 1158

          • extended AuthorizationStrategy to provide ACLs for different types of objects
          • changed several object types to use these methods
          • changed jelly to check permissions (instead of using isAdmin check)
          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in hudson User: : huybrechts Path: branches/tom/main/core/src/main/java/hudson/Functions.java branches/tom/main/core/src/main/java/hudson/model/AbstractItem.java branches/tom/main/core/src/main/java/hudson/model/AbstractProject.java branches/tom/main/core/src/main/java/hudson/model/Computer.java branches/tom/main/core/src/main/java/hudson/security/AccessControlled.java branches/tom/main/core/src/main/java/hudson/security/AuthorizationStrategy.java branches/tom/main/core/src/main/java/hudson/util/FormFieldValidator.java branches/tom/main/core/src/main/resources/hudson/model/Computer/index.jelly branches/tom/main/core/src/main/resources/hudson/model/ComputerSet/index.jelly branches/tom/main/core/src/main/resources/hudson/model/Hudson/configure.jelly branches/tom/main/core/src/main/resources/hudson/model/Hudson/log.jelly branches/tom/main/core/src/main/resources/hudson/model/Hudson/managePlugins.jelly branches/tom/main/core/src/main/resources/hudson/model/Slave/ComputerImpl/disconnect.jelly branches/tom/main/core/src/main/resources/hudson/model/Slave/ComputerImpl/log.jelly branches/tom/main/core/src/main/resources/hudson/model/View/index.jelly branches/tom/main/core/src/main/resources/lib/layout/layout.jelly branches/tom/main/core/src/main/resources/lib/layout/task.jelly http://fisheye4.cenqua.com/changelog/hudson/?cs=8,548 Log: Issue 1158 extended AuthorizationStrategy to provide ACLs for different types of objects changed several object types to use these methods changed jelly to check permissions (instead of using isAdmin check)
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in hudson
          User: : huybrechts
          Path:
          branches/tom/main/core/src/main/java/hudson/model/Computer.java
          branches/tom/main/core/src/main/java/hudson/model/Run.java
          branches/tom/main/core/src/main/java/hudson/model/View.java
          branches/tom/main/core/src/main/resources/lib/layout/task.jelly
          http://fisheye4.cenqua.com/changelog/hudson/?cs=8806
          Log:
          Issue 1158

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in hudson User: : huybrechts Path: branches/tom/main/core/src/main/java/hudson/model/Computer.java branches/tom/main/core/src/main/java/hudson/model/Run.java branches/tom/main/core/src/main/java/hudson/model/View.java branches/tom/main/core/src/main/resources/lib/layout/task.jelly http://fisheye4.cenqua.com/changelog/hudson/?cs=8806 Log: Issue 1158
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in hudson
          User: : huybrechts
          Path:
          branches/tom/main/core/src/main/java/hudson/Functions.java
          branches/tom/main/core/src/main/java/hudson/model/Computer.java
          branches/tom/main/core/src/main/java/hudson/model/Label.java
          branches/tom/main/core/src/main/java/hudson/model/Slave.java
          branches/tom/main/core/src/main/resources/hudson/matrix/MatrixProject/index.jelly
          branches/tom/main/core/src/main/resources/hudson/maven/MavenModuleSet/index.jelly
          branches/tom/main/core/src/main/resources/hudson/model/AbstractBuild/index.jelly
          branches/tom/main/core/src/main/resources/hudson/model/Hudson/systemInfo.jelly
          branches/tom/main/core/src/main/resources/hudson/model/Hudson/threadDump.jelly
          branches/tom/main/core/src/main/resources/hudson/model/Job/index.jelly
          branches/tom/main/core/src/main/resources/hudson/model/Slave/ComputerImpl/log.jelly
          branches/tom/main/core/src/main/resources/hudson/model/Slave/ComputerImpl/sidepanel.jelly
          branches/tom/main/core/src/main/resources/hudson/model/Slave/ComputerImpl/systemInfo.jelly
          branches/tom/main/core/src/main/resources/hudson/model/View/index.jelly
          branches/tom/main/core/src/main/resources/lib/hudson/editableDescription.jelly
          branches/tom/main/core/src/main/resources/lib/layout/hasPermission.jelly
          branches/tom/main/core/src/main/resources/lib/layout/layout.jelly
          http://fisheye4.cenqua.com/changelog/hudson/?cs=9027
          Log:
          Issue 1158 - fixing permission checks in jelly

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in hudson User: : huybrechts Path: branches/tom/main/core/src/main/java/hudson/Functions.java branches/tom/main/core/src/main/java/hudson/model/Computer.java branches/tom/main/core/src/main/java/hudson/model/Label.java branches/tom/main/core/src/main/java/hudson/model/Slave.java branches/tom/main/core/src/main/resources/hudson/matrix/MatrixProject/index.jelly branches/tom/main/core/src/main/resources/hudson/maven/MavenModuleSet/index.jelly branches/tom/main/core/src/main/resources/hudson/model/AbstractBuild/index.jelly branches/tom/main/core/src/main/resources/hudson/model/Hudson/systemInfo.jelly branches/tom/main/core/src/main/resources/hudson/model/Hudson/threadDump.jelly branches/tom/main/core/src/main/resources/hudson/model/Job/index.jelly branches/tom/main/core/src/main/resources/hudson/model/Slave/ComputerImpl/log.jelly branches/tom/main/core/src/main/resources/hudson/model/Slave/ComputerImpl/sidepanel.jelly branches/tom/main/core/src/main/resources/hudson/model/Slave/ComputerImpl/systemInfo.jelly branches/tom/main/core/src/main/resources/hudson/model/View/index.jelly branches/tom/main/core/src/main/resources/lib/hudson/editableDescription.jelly branches/tom/main/core/src/main/resources/lib/layout/hasPermission.jelly branches/tom/main/core/src/main/resources/lib/layout/layout.jelly http://fisheye4.cenqua.com/changelog/hudson/?cs=9027 Log: Issue 1158 - fixing permission checks in jelly
          Hide
          scm_issue_link SCM/JIRA link daemon added a comment -

          Code changed in hudson
          User: : kohsuke
          Path:
          trunk/www/changelog.html
          http://fisheye4.cenqua.com/changelog/hudson/?cs=9744
          Log:
          [FIXED JENKINS-1158] Noting the fix in the branch that was merged in 1.220.

          Show
          scm_issue_link SCM/JIRA link daemon added a comment - Code changed in hudson User: : kohsuke Path: trunk/www/changelog.html http://fisheye4.cenqua.com/changelog/hudson/?cs=9744 Log: [FIXED JENKINS-1158] Noting the fix in the branch that was merged in 1.220.

            People

            Assignee:
            kohsuke Kohsuke Kawaguchi
            Reporter:
            rajp rajp
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: