Details
-
Bug
-
Status: Resolved (View Workflow)
-
Minor
-
Resolution: Fixed
-
Windows7 using the integrated webserver using ActiveDirectory authentication and matrix based security.
Description
I have a user that has only the single right "Job: read", but is still allowed to change the description of the server (main heading) for everyone.
Could be reproduced:
- log on as this user
- main page shows up, but no link to change the description)
- click on "my views"
- this will open the URL https://SERVERNAME/me/my-views
- which is redirected to https://SERVERNAME/me/my-views/view/Alle/
- On this page the global server description is writeable
This could also be tested by directly opening the URL:
https://SERVERNAME/me/my-views/editDescription
Code changed in jenkins
User: Jesse Glick
Path:
core/src/main/java/hudson/model/AllView.java
core/src/main/resources/hudson/model/AbstractModelObject/descriptionForm.jelly
core/src/main/resources/hudson/model/View/index.jelly
http://jenkins-ci.org/commit/jenkins/624395829bfda6a87b3c0210e0a691af90037358
Log:
[FIXED JENKINS-18633] Simplified distinction between Jenkins.description and View.description.
Both are shown if defined. The edit description link only applies to View.description.
Properly handle a ViewGroup other than Jenkins itself, such as a folder.
(cherry picked from commit 04c8a1efc0f6324868638be9a4cfdb085e17744f)
Conflicts:
changelog.html
Compare: https://github.com/jenkinsci/jenkins/compare/65158b098327...624395829bfd