Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-18570

Entire view fails if user does not have read permissions to every job within a view (project-based security)

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Major Major
    • sectioned-view-plugin
    • None
    • Sectioned-View 1.18
      Jenkins 1.520

      If the user does not have Read access to every single job in a given sectioned view the entire view fails (crashes).

      This is specifically a problem when using project-based security where not all users will have read permissions to all jobs in a view. Every other view type simply omits the specific job from the view for that user.

      In Firefox they're presented with a browser error, "Content Encoding Error - The page you are trying to view cannot be shown because it uses an invalid or unsupported form of compression."

      IE responds, "This Page Can't Be Displayed"

      Chrome responds, "This webpage is not available
      The webpage at https://build-master/jenkins/view/LNEC/ might be temporarily down or it may have moved permanently to a new web address.
      Error 330 (net::ERR_CONTENT_DECODING_FAILED): Unknown error."

      To reproduce:

      Create a job with project-based security enabled. Call it "Foo" and Disable Read for Anonymous.

      Create another job with project-based security enabled, but this time enable Read and Discover for Anonymous. Call this job "Bar".

      Create a new sectioned-view, call it "Test View"

      Add jobs Foo and Bar to Test View.

      Login to Jenkins with an account that is neither an Admin nor has global Read permissions (but does have global View permissions).

      Attempt to navigate to Test View.

      Result: Content-coding browser exception.

      Expected result: Test View displayed with only Bar listed (since we lack the ability to read Foo).

      Exception log/stack trace attached.

        1. log.txt
          10 kB
          Byron Brummer

            tbingaman Timothy Bingaman
            byronbrummer Byron Brummer
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated: