Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-12080

job configuration corrupted when user isn't admin

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Major Major
    • groovy-plugin
    • None

      Let's consider :

      • a user with job configuration rights and no overall admin right
      • a job containing a system groovy build step

      If the user edits the configuration, makes a change (even without altering the system groovy part) and then saves the configuration, an error message is displayed :

      Access Denied
      <username> is missing the Administer permission

      On Job save, Groovy plugin checks for admin permission to save the system groovy script. It may then fail. This should have been checked before rendering UI. The side effect is that the job config is partially saved (without user to know it) and may be corrupted (exception occurs on Project.submit() from builders.rebuildHetero, so job has been partially configured and not saved.

      The job configuration page, when including a system groovy script, should not be editable when user don't have ADMIN permission - Not sure about the cleaner way to implement the ADMIN only configuration

      OR the script should be set read-only for non ADMIN and then only displayed for information, but retrieved from another source than the standard incoming JSON request.

            vjuranek vjuranek
            ndeloof Nicolas De Loof
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: