Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-1171

With matrix-based permissions, users can create new jobs regardless of whether they have permission

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      Anonymous users with read-only access can access the new job form by clicking
      on the "Welcome to Hudson! Please create new jobs to get started." link.

        Attachments

          Activity

          Hide
          dwdyer dwdyer added a comment -

          But if they actually try to submit the form, they have to login, so it's not so
          bad. However, it might be less confusing if access to forms was blocked with a
          message to login first.

          Changing priority because this is not as severe as I thought it was.

          Show
          dwdyer dwdyer added a comment - But if they actually try to submit the form, they have to login, so it's not so bad. However, it might be less confusing if access to forms was blocked with a message to login first. Changing priority because this is not as severe as I thought it was.
          Hide
          kohsuke Kohsuke Kawaguchi added a comment -

          I think the right solution here is to change Hudson so that "Welcome to
          Hudson..." link displays a different text if the current user doesn't have a
          permission.

          I don't think we need to protect the "new job creation" page as long as the
          actual submission fails.

          Would you be interested in fixing this for us?

          Show
          kohsuke Kohsuke Kawaguchi added a comment - I think the right solution here is to change Hudson so that "Welcome to Hudson..." link displays a different text if the current user doesn't have a permission. I don't think we need to protect the "new job creation" page as long as the actual submission fails. Would you be interested in fixing this for us?
          Hide
          dwdyer dwdyer added a comment -

          No problem. I've just committed a change to noJob.jelly (revision 1.2). If
          the user does not have permission to create jobs, they don't get shown the
          links.

          Additionally, if they are anonymous, they are shown a login link and a sign-up
          link (if sign-up is available).

          Show
          dwdyer dwdyer added a comment - No problem. I've just committed a change to noJob.jelly (revision 1.2). If the user does not have permission to create jobs, they don't get shown the links. Additionally, if they are anonymous, they are shown a login link and a sign-up link (if sign-up is available).

            People

            Assignee:
            Unassigned Unassigned
            Reporter:
            dwdyer dwdyer
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: