Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-13190

Add ACLPermissionOverride Extension Point to grant additional permissions to an ACL regardless of the AuthorizationStrategy being used


    • Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Minor Minor
    • core

      For the github-oauth-plugin people want to use the existing GlobalMatrixAuthorizationStrategy and enable things like the github-webhook callback. Currently I have my own AuthorizationStrategy that supports these extra callback URL's but I want to be able to transparently support them without caring which specific AuthorizationStrategy is being used.

      My solution is to add a new extension point into Jenkins that is invoked at the base ACL class that checks if any ACLPermissionOverride extensions want to grant the permission before the ACL checks its own authorization logic.

      For the github-oauth-plugin it means that I can add in these extra URL's allow options into my SecurityRealm and then get them applied before the GlobalMatrixAuthorizationStrategy's ACL logic is used.

            Unassigned Unassigned
            mocleiri Michael O'Cleirigh
            0 Vote for this issue
            2 Start watching this issue