-
Improvement
-
Resolution: Fixed
-
Major
-
None
This is more a suggestion than a real issue.
When configuring Jenkins to matrix bases security, and giving anonymous users read access, they are able to browse source code throw the coverage report.
Other plugins does not permit this (workspace is not available as default for anonymous) and for example both Task Scanner and the Warnings plugin disable the last link down to the source when not logged in.
My use case is to let logged in users do almost anything (we give authenticated users admin rights) and users not logged in should be able to see jobs and job results - but the source code.
I wrote a mail to the dev-list and tried to discuss it there in more generelt.
Mail subject is: "Jenkins security setup and plugin responsibility"
[JENKINS-15415] Anonymous users can browse source code through coverage report
this has been solved in the tip of the repos, so we are just waiting for the next release of the plugin
I have created this pull reqeust to solve the issue https://github.com/jenkinsci/cobertura-plugin/pull/11