Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-2715

Field validators in configure screen require admin permission

XMLWordPrintable

    • Icon: Patch Patch
    • Resolution: Fixed
    • Icon: Critical Critical
    • _unsorted
    • None
    • Platform: All, OS: All

      I found 8 cases when a field validator in the project configure screen required
      admin permission:
      1-2) Project to build before/after this one
      3-4) Schedule for build times or poll SCM times
      5) Subversion remote url check
      6-7) FishEye cvs/svn
      8) Sventon

      My log filled with many long exceptions as soon as I visited a configure page
      with a user having all permissions except admin.
      I resolved this issue in 3 ways:
      a) In items 1-4 the checkURL now includes project=${it.name}. If a valid name
      is given for this parameter, the check requires CONFIGURE permission on that
      project; otherwise it checks for admin permission.
      b) Items 5-7 start with the same check as (a) for some basic checks of the field
      syntax.. however, these actually connect to URLs and check the content. This
      portion is done only if the user has admin permission, otherwise that part is
      just skipped.
      c) The Sventon validator had only a retrieve-URL check (no simple validation),
      so for that one I simply omitted the checkURL attribute in the jelly file for
      non admins.

      Patch attached.

            mindless Alan Harder
            mindless Alan Harder
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: