Details
-
Type:
Bug
-
Status: Resolved (View Workflow)
-
Priority:
Minor
-
Resolution: Fixed
-
Component/s: maven-plugin
-
Labels:
-
Environment:Jenkins: 1.590
Java: 1.7.0_67
-
Similar Issues:
Description
Hello,
We have a job with project-based security enabled. The job has to be visible to anonymous users and they should only have read-only permissions. After applying the "Read" permission for the job I tried checking out it out as an anonymous user. The job is displayed to the user, but I found out he can redeploy artifacts by clicking on the last successful/failed build number. This functionality is not desired and probably a bug.
Regards,
Steve
Attachments
Issue Links
- links to
Activity
This is only a cosmetic issue, as clicking the link will require users to authenticate (if anonymous) or tell them they're not allowed (otherwise).
Pull request with fix: https://github.com/jenkinsci/maven-plugin/pull/33
You're right, I double tested it and when the user clicks the link it forces him to login. I probably was logged in last time when it deployed the artifacts. Thanks for checking and solving this issue!
Steve Todorov
added a comment - You're right, I double tested it and when the user clicks the link it forces him to login. I probably was logged in last time when it deployed the artifacts. Thanks for checking and solving this issue! I guess the JIRA link daemon is down again.
Code changed in jenkins
User: Jesse Glick
Path:
core/src/main/java/hudson/model/TaskAction.java
http://jenkins-ci.org/commit/jenkins/08542cad7524ba4838922622889700e4dd7c2ce1
Log:
Javadoc notes warning that the action should be hidden if impermissible.
JENKINS-25691 Might have prevented the need for: https://github.com/jenkinsci/maven-plugin/pull/33
@Daniel no, the job is only in a view. We don't use the Cloudbees Folder plugin at all.