-
Bug
-
Resolution: Duplicate
-
Major
-
Email-ext 2.37.2.2 on Jenkins 1.554.3
The permissions check is run in a system context (or not re-run for every page view), so it's ineffective.
The permission needs to be checked:
- in the action itself (e.g. the index.jelly) to fail when configure permission is missing (for those clever users navigating to known URLs directly)
- as well as the action.jelly that needs to be added for this
- duplicates
-
-
- Resolved
-
[JENKINS-23986] Permissions check in ExtendedEmailPublisher.getProjectActions does not work
| Description |
Original:
The permissions check is run in a system context (or not re-run for every page view), so it's ineffective. The permission needs to be checked: * in the action itself (e.g. the index.jelly) to fail when configure permission is missing * as well as the action.jelly that needs to be added for this |
New:
The permissions check is run in a system context (or not re-run for every page view), so it's ineffective. The permission needs to be checked: * in the action itself (e.g. the index.jelly) to fail when configure permission is missing (for those clever users navigating to known URLs directly) * as well as the action.jelly that needs to be added for this |
| Assignee | Original: Alex Earl [ slide_o_mix ] | New: Daniel Beck [ danielbeck ] |
| Assignee | Original: Daniel Beck [ danielbeck ] | New: Alex Earl [ slide_o_mix ] |
| Link |
New:
This issue duplicates |
| Resolution | New: Duplicate [ 3 ] | |
| Status | Original: Open [ 1 ] | New: Closed [ 6 ] |
| Workflow | Original: JNJira [ 156856 ] | New: JNJira + In-Review [ 207900 ] |
Yeah, I already have a fix for this. I noticed it the other day.