Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-2532

Unable to delete builds when project-based security is enabled

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical Critical
    • _unsorted
    • None
    • Platform: All, OS: All

      I upgraded to version 1.256. I use the Active Directory plugin. I have the
      Project-based Matrix Authorization Strategy and my login has access to
      everything. Under the Job Settings, I have enabled project-based security and I
      have access to everything. When I try to delete a build from the build history,
      I am prompted for confirmation, when I confirm I get the following stacktrace
      on my page.

      org.acegisecurity.providers.UsernamePasswordAuthenticationToken@53ec2f89:
      Username: hudson.plugins.active_directory.ActiveDirectoryUserDetail@0:
      Username: abc; Password: [PROTECTED]; Enabled: true; AccountNonExpired: true;
      credentialsNonExpired: true; AccountNonLocked: true; Granted Authorities:
      Development, Information Technology; Password: [PROTECTED]; Authenticated:
      true; Details: org.acegisecurity.ui.WebAuthenticationDetails@0:
      RemoteIpAddress: 11.11.230.52; SessionId: 17ef63f6996a3215cdbed6920a1ea122;
      Granted Authorities: Development, Information Technology is missing Delete

          [JENKINS-2532] Unable to delete builds when project-based security is enabled

          Alan Harder added a comment -

          I see this in 1.263 too.

          I'm looking at hudson/security/AuthorizationMatrixPropery.java,
          DescriptorImpl.getAllGroups(), which returns a list from
          PermissionGroup.get(Item.class). If I understand correctly, this means the
          project-based settings can currently only set permission exactly at
          project-level, not at the build level. So delete-build and
          update-build-description don't seem to be grantable permissions right now.

          Alan Harder added a comment - I see this in 1.263 too. I'm looking at hudson/security/AuthorizationMatrixPropery.java, DescriptorImpl.getAllGroups(), which returns a list from PermissionGroup.get(Item.class). If I understand correctly, this means the project-based settings can currently only set permission exactly at project-level, not at the build level. So delete-build and update-build-description don't seem to be grantable permissions right now.

          Alan Harder added a comment -

          This should be fixed with my patch in issue #2727.

          Alan Harder added a comment - This should be fixed with my patch in issue #2727.

          Alan Harder added a comment -

          Patch in issue #2727 has been committed, so this should be fixed in 1.265.

          Alan Harder added a comment - Patch in issue #2727 has been committed, so this should be fixed in 1.265.

            Unassigned Unassigned
            vijaysl vijaysl
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: