Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-14992

Can add "build other projects" trigger to a project we cannot otherwise configure

      Not sure if this is actually a bug or not. AbstractProject.doConfigSubmit modifies the publishersList of an upstream project regardless of your permissions on that project. I would expect that you would need to have CONFIGURE permission on it. Not clear that there is a specific security threat from adding a BuildTrigger to an arbitrary project, but it will at a minimum result in a config.xml change from an unauthorized user, which might raise eyebrows.

      BuildTrigger.DescriptorImpl.doCheck also ought to issue an error if you have no CONFIGURE permission. doAutoCompleteUpstreamProjects can probably be left alone - complete everything we can see but show an error if you cannot really touch it.

      Also doCheck neglects to check AbstractProject.isConfigurable as doConfigSubmit does.

          [JENKINS-14992] Can add "build other projects" trigger to a project we cannot otherwise configure

          Jesse Glick created issue -
          Jesse Glick made changes -
          Link New: This issue is related to JENKINS-14411 [ JENKINS-14411 ]
          Jesse Glick made changes -
          Link New: This issue is related to JENKINS-16956 [ JENKINS-16956 ]

          Jesse Glick added a comment -

          Not a bug as such, but JENKINS-16956 discusses better ideas.

          Jesse Glick added a comment - Not a bug as such, but JENKINS-16956 discusses better ideas.
          Jesse Glick made changes -
          Resolution New: Not A Defect [ 7 ]
          Status Original: Open [ 1 ] New: Resolved [ 5 ]
          Daniel Beck made changes -
          Link New: This issue is related to JENKINS-13502 [ JENKINS-13502 ]
          R. Tyler Croy made changes -
          Workflow Original: JNJira [ 145711 ] New: JNJira + In-Review [ 191593 ]

            Unassigned Unassigned
            jglick Jesse Glick
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: