Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-19922

"Build after other projects are built" job trigger causes permission check errors in case of enabled security

    XMLWordPrintable

Details

    Description

      Use-case:

      2 projects: P1, P2
      2 Users: U1 and U2
      Permissions:
      U1: Full access to P1, Read-only to P2
      U2: Read-only access to P1, Full access to P2

      Reproduction steps
      1) U1 adds a "Build after other projects are built" trigger to P1. Then he sets completion of P2 as a trigger. Although U1 has no configuration access rights to P1, P1 is reconfigured to trigger P2 <<< ERROR?
      2) After that, U2 configures some stuff in his job. After clicking on "Save button" he receives error "You have no permissions to build P1"
      3) User U2 won't be able to save his job till he removes triggering of P1 from his job. Jenkins does not check configuration permissions, so U2 is able to remove trigger from P1 <<< ERROR?

      => Configuration wars and complains from users

      Issue can be even more complex if many users have access to these jobs => configuration saving will work differently for users.

      Proposal 1:

      • Require "build" access rights for adding of new items;
      • Print warning for projects w/o build permissions, but allow saving of configs

      Proposal 2:

      • Completely decouple fictive triggers (replace them to BuildListeners) and post-build actions in jobs

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              oleg_nenashev Oleg Nenashev
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: