Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-2773

Results of task scan should be limited to authenticated users

    • Icon: Improvement Improvement
    • Resolution: Fixed
    • Icon: Major Major
    • tasks-plugin
    • None
    • Platform: All, OS: All

      Non-authenticated users like anonymous have limited permissions when viewing projects – for instance,
      they are not allowed to browse a project's workspace. However, the task scanner plugin circumvents this
      security measure by allowing anonymous users to view the source code files in the task reports. This
      plugin should prevent these reports from being shown unless the user is authenticated in Hudson.

          [JENKINS-2773] Results of task scan should be limited to authenticated users

          zixenator added a comment -

          I agree. We share Hudson with two groups - tech support and programmers. Tech
          support are not allowed access to the source code, and this prevents us from
          using this plugin (which is a shame because the programmers all really want
          it). Perhaps the portions of the plugin that display the source code could be
          tied to the workspace read permission?

          zixenator added a comment - I agree. We share Hudson with two groups - tech support and programmers. Tech support are not allowed access to the source code, and this prevents us from using this plugin (which is a shame because the programmers all really want it). Perhaps the portions of the plugin that display the source code could be tied to the workspace read permission?

          Ulli Hafner added a comment -

          Fixed in TRUNK. Authorization is bound to Hudson.ADMINISTRATOR.

          Ulli Hafner added a comment - Fixed in TRUNK. Authorization is bound to Hudson.ADMINISTRATOR.

          krischan83 added a comment -

          Is it intended to permit administrators only the source code?

          In our overall project (https://rtsys.informatik.uni-kiel.de/hudson/) are a few
          admins.
          Each sub project has it's conductor who is responsible for the code and the
          nightly build job configuration.

          However, even the sub project guys are not able use the very nice presenting
          features of Hudson's code analysis tools completely.

          Long story short: I demand for allowing each authorized person to view the code
          or additional conig opportunities.

          Best,
          Christian

          krischan83 added a comment - Is it intended to permit administrators only the source code? In our overall project ( https://rtsys.informatik.uni-kiel.de/hudson/ ) are a few admins. Each sub project has it's conductor who is responsible for the code and the nightly build job configuration. However, even the sub project guys are not able use the very nice presenting features of Hudson's code analysis tools completely. Long story short: I demand for allowing each authorized person to view the code or additional conig opportunities. Best, Christian

          Ulli Hafner added a comment -

          Well actually I don't know what the original reported intended.

          The best thing would be to replace the current permission (Hudson.ADMIN) with
          the AbstractProject.WORKSPACE role that is also used when accessing the
          workspace files.

          What do you think?

          Ulli Hafner added a comment - Well actually I don't know what the original reported intended. The best thing would be to replace the current permission (Hudson.ADMIN) with the AbstractProject.WORKSPACE role that is also used when accessing the workspace files. What do you think?

          Code changed in hudson
          User: : drulli
          Path:
          branches/drulli-commons-plugin/analysis-core/src/main/java/hudson/plugins/analysis/util/DetailBuilder.java
          branches/drulli-commons-plugin/analysis-core/src/main/java/hudson/plugins/analysis/util/model/AbstractAnnotation.java
          http://fisheye4.cenqua.com/changelog/hudson/?cs=22464
          Log:
          [FIXED JENKINS-2773] Changed source code viewing permission from ADMINISTRATION to WORKSPACE.

          SCM/JIRA link daemon added a comment - Code changed in hudson User: : drulli Path: branches/drulli-commons-plugin/analysis-core/src/main/java/hudson/plugins/analysis/util/DetailBuilder.java branches/drulli-commons-plugin/analysis-core/src/main/java/hudson/plugins/analysis/util/model/AbstractAnnotation.java http://fisheye4.cenqua.com/changelog/hudson/?cs=22464 Log: [FIXED JENKINS-2773] Changed source code viewing permission from ADMINISTRATION to WORKSPACE.

          krischan83 added a comment -

          Oh, I'm absolutely OK with that solution !

          Do you have an idea when the feature will be available, i.e. the next release is
          scheduled?

          best,
          Christian

          krischan83 added a comment - Oh, I'm absolutely OK with that solution ! Do you have an idea when the feature will be available, i.e. the next release is scheduled? best, Christian

            drulli Ulli Hafner
            sqook sqook
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

              Created:
              Updated:
              Resolved: