Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-19922

"Build after other projects are built" job trigger causes permission check errors in case of enabled security



      2 projects: P1, P2
      2 Users: U1 and U2
      U1: Full access to P1, Read-only to P2
      U2: Read-only access to P1, Full access to P2

      Reproduction steps
      1) U1 adds a "Build after other projects are built" trigger to P1. Then he sets completion of P2 as a trigger. Although U1 has no configuration access rights to P1, P1 is reconfigured to trigger P2 <<< ERROR?
      2) After that, U2 configures some stuff in his job. After clicking on "Save button" he receives error "You have no permissions to build P1"
      3) User U2 won't be able to save his job till he removes triggering of P1 from his job. Jenkins does not check configuration permissions, so U2 is able to remove trigger from P1 <<< ERROR?

      => Configuration wars and complains from users

      Issue can be even more complex if many users have access to these jobs => configuration saving will work differently for users.

      Proposal 1:

      • Require "build" access rights for adding of new items;
      • Print warning for projects w/o build permissions, but allow saving of configs

      Proposal 2:

      • Completely decouple fictive triggers (replace them to BuildListeners) and post-build actions in jobs

            Unassigned Unassigned
            oleg_nenashev Oleg Nenashev
            0 Vote for this issue
            2 Start watching this issue