Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-23131

Misleading permission scopes

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      CredentialsProvider.CREATE and the like are now scoped to ITEM, yet they can be (in fact are usually) checked at the global level, and Jenkins is not an Item—it is an ItemGroup. So perhaps the scopes should be both ITEM and ITEM_GROUP.

      (Would not matter for Permission.isContainedBy, since these uses scope inheritance, but an AuthorizationStrategy may want to know which permissions are actually checked at various levels.)

      In fact it seems like a new scope might be in order, since the actual check is on CredentialsStore. So maybe this should define a custom scope (contained in ITEM).

      Also CredentialsStore almost but not quite implements AccessControlled, which seems like an oversight.

        Attachments

          Activity

          jglick Jesse Glick created issue -
          scm_issue_link SCM/JIRA link daemon made changes -
          Field Original Value New Value
          Resolution Fixed [ 1 ]
          Status Open [ 1 ] Resolved [ 5 ]
          stephenconnolly Stephen Connolly made changes -
          Status Resolved [ 5 ] Closed [ 6 ]
          rtyler R. Tyler Croy made changes -
          Workflow JNJira [ 155463 ] JNJira + In-Review [ 207727 ]

            People

            Assignee:
            stephenconnolly Stephen Connolly
            Reporter:
            jglick Jesse Glick
            Votes:
            1 Vote for this issue
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved: