See attached patch file...
This patch provides the ability to hide jobs from the view of certain users
(including anonymous). The Co
nfigure System page in Manage Hudson now will display a READ permission under
the Job heading. If not che
cked, the user will be denied access to the job in the following ways:
- the job will not be visible in any views
- upstream and downstream dependencies referencing this job will be hidden
- the job will not be accessable by a direct URL reference (404 will occur)
- if the job is scheduled to be built, it will show up as "Unknown Task" in the
build queue
- the job will also show as "Unkown Task" in the Build Executor when the job is
building
Files Changed:
Set authentication to SYSTEM in the following processes:
- WebAppMain "hudson initialization thread"
- Hudson constructor
- Trigger.Cron threads
AbstractProject.java:
- Updated deprecated permissions checks
Hudson.java:
- retrieval of Items is now access controlled. Only readable items are returned.
Item.java:
- added READ permission oject
GlobalMatrixAuthorizationStrategy.java:
- removed unused private method readResolve. It appears this is a left-over
from an old ACL implementatio
n
I am implementing READ permission at the job level.
When this is done, a user that lacks the READ permission for a particular job
will not:
There is a related forum post where I am looking for feedback on what ACLs to
use: http://www.nabble.com/Read-permission-on-Jobs-td20650539.html