Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-1171

With matrix-based permissions, users can create new jobs regardless of whether they have permission

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Minor Minor
    • matrix-project-plugin
    • None
    • Platform: All, OS: All

      Anonymous users with read-only access can access the new job form by clicking
      on the "Welcome to Hudson! Please create new jobs to get started." link.

          [JENKINS-1171] With matrix-based permissions, users can create new jobs regardless of whether they have permission

          dwdyer added a comment -

          But if they actually try to submit the form, they have to login, so it's not so
          bad. However, it might be less confusing if access to forms was blocked with a
          message to login first.

          Changing priority because this is not as severe as I thought it was.

          dwdyer added a comment - But if they actually try to submit the form, they have to login, so it's not so bad. However, it might be less confusing if access to forms was blocked with a message to login first. Changing priority because this is not as severe as I thought it was.

          I think the right solution here is to change Hudson so that "Welcome to
          Hudson..." link displays a different text if the current user doesn't have a
          permission.

          I don't think we need to protect the "new job creation" page as long as the
          actual submission fails.

          Would you be interested in fixing this for us?

          Kohsuke Kawaguchi added a comment - I think the right solution here is to change Hudson so that "Welcome to Hudson..." link displays a different text if the current user doesn't have a permission. I don't think we need to protect the "new job creation" page as long as the actual submission fails. Would you be interested in fixing this for us?

          dwdyer added a comment -

          No problem. I've just committed a change to noJob.jelly (revision 1.2). If
          the user does not have permission to create jobs, they don't get shown the
          links.

          Additionally, if they are anonymous, they are shown a login link and a sign-up
          link (if sign-up is available).

          dwdyer added a comment - No problem. I've just committed a change to noJob.jelly (revision 1.2). If the user does not have permission to create jobs, they don't get shown the links. Additionally, if they are anonymous, they are shown a login link and a sign-up link (if sign-up is available).

            Unassigned Unassigned
            dwdyer dwdyer
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: