Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-22769

ListView's ItemListener runs with user privileges, might miss affected views

        [JENKINS-22769] ListView's ItemListener runs with user privileges, might miss affected views

        Daniel Beck created issue -
        Jesse Glick made changes -
        Link New: This issue is blocking JENKINS-18680 [ JENKINS-18680 ]
        Jesse Glick made changes -
        Labels New: permissions
        Jesse Glick made changes -
        Link New: This issue is related to JENKINS-20474 [ JENKINS-20474 ]
        Jesse Glick made changes -
        Assignee New: Jesse Glick [ jglick ]
        Jesse Glick made changes -
        Status Original: Open [ 1 ] New: In Progress [ 3 ]
        Jesse Glick made changes -
        Labels Original: permissions New: performance permissions

        Jesse Glick added a comment -

        Can also be a performance issue (even when all the ACL checks pass) in case the authorization strategy takes much longer to check an ACL for a real user than for SYSTEM.

        Jesse Glick added a comment - Can also be a performance issue (even when all the ACL checks pass) in case the authorization strategy takes much longer to check an ACL for a real user than for SYSTEM .
        Jesse Glick made changes -
        Labels Original: performance permissions New: lts-candidate performance permissions

        Code changed in jenkins
        User: Jesse Glick
        Path:
        changelog.html
        core/src/main/java/hudson/model/listeners/ItemListener.java
        test/src/test/java/hudson/model/ListViewTest.java
        http://jenkins-ci.org/commit/jenkins/c04cdcd9f717ddcd3e8c9dbe86cb353c14ae511e
        Log:
        [FIXED JENKINS-22769] ItemListener callbacks should run as SYSTEM since they sometimes do ACL-checked calls.

        Compare: https://github.com/jenkinsci/jenkins/compare/28dfd90d2d6a...c04cdcd9f717

        SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: changelog.html core/src/main/java/hudson/model/listeners/ItemListener.java test/src/test/java/hudson/model/ListViewTest.java http://jenkins-ci.org/commit/jenkins/c04cdcd9f717ddcd3e8c9dbe86cb353c14ae511e Log: [FIXED JENKINS-22769] ItemListener callbacks should run as SYSTEM since they sometimes do ACL-checked calls. Compare: https://github.com/jenkinsci/jenkins/compare/28dfd90d2d6a...c04cdcd9f717
        SCM/JIRA link daemon made changes -
        Resolution New: Fixed [ 1 ]
        Status Original: In Progress [ 3 ] New: Resolved [ 5 ]

          jglick Jesse Glick
          danielbeck Daniel Beck
          Votes:
          0 Vote for this issue
          Watchers:
          4 Start watching this issue

            Created:
            Updated:
            Resolved: