Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-13502

Editing any job removes inaccessible downstream jobs from all accessible jobs

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Blocker Blocker
    • core
    • 1.460 on Windows 7

      If a user is editing any job, all jobs accessible to that user lose their downstream build triggers to jobs that are inaccessible to the editing user.

      Example:
      1. Jenkins is using a project-based security model (e.g. project-based matrix or role strategy plugin)
      2. There are two users, Admin (full access) and User (restricted access).
      3. There are three jobs, U (upstream), D (downstream), and E (edit).
      4. Give User read-only access to job U and read/config access to job E. Give User no permissions for job D.
      5. Admin adds a downstream build of job D to job U. This association is invisible to user U1 despite read access to job U.
      6. User edits job E

      Expected result
      Job U is not affected.

      Actual result
      The build trigger of job D is removed from job U despite User neither having editing permissions to that job, nor actually accessing that job.

      Workarounds
      Use parameterized build trigger and check [x] trigger without parameters

      Notes

      • Something similar would probably happen when User is editing job U despite nobody expecting removal of the invisible association, but there's at least some connection between User's action and the removal of the association.
      • Classified as blocker, since this issue is difficult to track down (even with e.g. job config history plugin), bypasses Jenkins security, and can break a lot of job upstream/downstream associations for no apparent reason.

          [JENKINS-13502] Editing any job removes inaccessible downstream jobs from all accessible jobs

          Code changed in jenkins
          User: Nicolas De Loof
          Path:
          changelog.html
          core/src/main/java/hudson/model/AbstractProject.java
          http://jenkins-ci.org/commit/jenkins/5d38d40e550ea918101c3b3249384c2158177698
          Log:
          [FIXED JENKINS-13502] impersonate a SYSTEM to handle upstream build trigger

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Nicolas De Loof Path: changelog.html core/src/main/java/hudson/model/AbstractProject.java http://jenkins-ci.org/commit/jenkins/5d38d40e550ea918101c3b3249384c2158177698 Log: [FIXED JENKINS-13502] impersonate a SYSTEM to handle upstream build trigger

          Code changed in jenkins
          User: Nicolas De Loof
          Path:
          core/src/main/java/hudson/model/AbstractProject.java
          test/src/test/java/hudson/model/AbstractProjectTest.java
          http://jenkins-ci.org/commit/jenkins/dbc212e2e3ac364d08f73897c1b8f1202b5d937e
          Log:
          unit test to reproduce JENKINS-13502 and confirm fix

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Nicolas De Loof Path: core/src/main/java/hudson/model/AbstractProject.java test/src/test/java/hudson/model/AbstractProjectTest.java http://jenkins-ci.org/commit/jenkins/dbc212e2e3ac364d08f73897c1b8f1202b5d937e Log: unit test to reproduce JENKINS-13502 and confirm fix

          Code changed in jenkins
          User: Jesse Glick
          Path:
          changelog.html
          core/src/main/java/hudson/model/AbstractProject.java
          test/src/test/java/hudson/model/AbstractProjectTest.java
          http://jenkins-ci.org/commit/jenkins/ef9c30c665c4a5c59e1a1af54072b95831eed831
          Log:
          Merge pull request #722 from ndeloof/master

          [FIXED JENKINS-13502] Fix dependency graph computation when upstream build trigger is involved

          Compare: https://github.com/jenkinsci/jenkins/compare/fa50b3d7e6e2...ef9c30c665c4


          You received this message because you are subscribed to the Google Groups "Jenkins Commits" group.
          To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscribe@googlegroups.com.
          For more options, visit https://groups.google.com/groups/opt_out.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: changelog.html core/src/main/java/hudson/model/AbstractProject.java test/src/test/java/hudson/model/AbstractProjectTest.java http://jenkins-ci.org/commit/jenkins/ef9c30c665c4a5c59e1a1af54072b95831eed831 Log: Merge pull request #722 from ndeloof/master [FIXED JENKINS-13502] Fix dependency graph computation when upstream build trigger is involved Compare: https://github.com/jenkinsci/jenkins/compare/fa50b3d7e6e2...ef9c30c665c4 – You received this message because you are subscribed to the Google Groups "Jenkins Commits" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-commits+unsubscribe@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out .

          dogfood added a comment -

          Integrated in jenkins_main_trunk #2324
          [FIXED JENKINS-13502] impersonate a SYSTEM to handle upstream build trigger (Revision 5d38d40e550ea918101c3b3249384c2158177698)
          unit test to reproduce JENKINS-13502 and confirm fix (Revision dbc212e2e3ac364d08f73897c1b8f1202b5d937e)

          Result = SUCCESS
          Nicolas De Loof : 5d38d40e550ea918101c3b3249384c2158177698
          Files :

          • core/src/main/java/hudson/model/AbstractProject.java
          • changelog.html

          Nicolas De Loof : dbc212e2e3ac364d08f73897c1b8f1202b5d937e
          Files :

          • test/src/test/java/hudson/model/AbstractProjectTest.java
          • core/src/main/java/hudson/model/AbstractProject.java

          dogfood added a comment - Integrated in jenkins_main_trunk #2324 [FIXED JENKINS-13502] impersonate a SYSTEM to handle upstream build trigger (Revision 5d38d40e550ea918101c3b3249384c2158177698) unit test to reproduce JENKINS-13502 and confirm fix (Revision dbc212e2e3ac364d08f73897c1b8f1202b5d937e) Result = SUCCESS Nicolas De Loof : 5d38d40e550ea918101c3b3249384c2158177698 Files : core/src/main/java/hudson/model/AbstractProject.java changelog.html Nicolas De Loof : dbc212e2e3ac364d08f73897c1b8f1202b5d937e Files : test/src/test/java/hudson/model/AbstractProjectTest.java core/src/main/java/hudson/model/AbstractProject.java

          Code changed in jenkins
          User: Jesse Glick
          Path:
          test/src/test/groovy/hudson/model/AbstractProjectTest.groovy
          http://jenkins-ci.org/commit/jenkins/b53139e0db15d1a9b8f6b8eac5b08c33ea40566b
          Log:
          Test of JENKINS-13502 fix is obsolete since we no longer check permissions when configuring triggers.

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: test/src/test/groovy/hudson/model/AbstractProjectTest.groovy http://jenkins-ci.org/commit/jenkins/b53139e0db15d1a9b8f6b8eac5b08c33ea40566b Log: Test of JENKINS-13502 fix is obsolete since we no longer check permissions when configuring triggers.

            ndeloof Nicolas De Loof
            danielbeck Daniel Beck
            Votes:
            2 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: