• Icon: Improvement Improvement
    • Resolution: Unresolved
    • Icon: Minor Minor
    • github-oauth-plugin
    • None
    • Jenkins ver. 1.596.2, Ubuntu 12.04

      The current option "Use Github repository permissions" says:

      If checked will use github repository permissions to determine jenkins permissions for each project.

      Public projects - all authenticated users can READ. Only collaborators can BUILD, EDIT, CONFIGURE or DELETE.
      Private projects, only collaborators can READ, BUILD, EDIT, CONFIGURE or DELETE

      For private repos there are 3 access levels: pull (read) access, push (write) access and admin access.

      It would be much better to give people will pull access READ permission, people with push access READ/BUILD permission and READ, BUILD, EDIT, CONFIGURE or DELETE only to admins.

          [JENKINS-27844] Improve Use Github repository permissions

          Sam Gleske added a comment -

          Agreed, contributions are welcome! I don't actively develop this plugin. I only maintain pull requests and releases.

          Sam Gleske added a comment - Agreed, contributions are welcome! I don't actively develop this plugin. I only maintain pull requests and releases.

          Jon Ogden added a comment -

          I'm looking to make some improvements in this area, but could use a hand understanding how the current GitHub ACL is setup and how developing a security plugin works.  Anyone want to partner?

          Jon Ogden added a comment - I'm looking to make some improvements in this area, but could use a hand understanding how the current GitHub ACL is setup and how developing a security plugin works.  Anyone want to partner?

          Kevin R. added a comment -

          Bump. Like jtogden, I'm at a loss as to how to get this done too.

          Kevin R. added a comment - Bump. Like jtogden , I'm at a loss as to how to get this done too.

          The PR I opened seems to pretty much match what this ticket is asking for: https://github.com/jenkinsci/github-oauth-plugin/pull/91

          Chris Williams added a comment - The PR I opened seems to pretty much match what this ticket is asking for: https://github.com/jenkinsci/github-oauth-plugin/pull/91

          Sam Gleske added a comment -

          Hey Chris, I'll review your PR and, if there's no issues, I'll merge it. This issue is meant to track completely rewriting all permissions for GitHub committer authorization strategy. I'd like users to be able to better define how they want permissions to behave (similar to the matrix authorization).

          I envision a strategy which allows you to choose what permissions you want each user to have whether they're:

          • Organization owners
          • Repository Admins
          • Write access to repositories
          • Read access to repositories
          • A repository contributor

          And more generically permissions for:

          • Anonymous users
          • Authenticated users

          I would like each of these categories to be evaluated on a per-repository basis and allow users to define how permissions should look for each of those types of users defined. This is just a high level and not really well defined other than this comment. But I would like permissions for the GitHub committer authorization strategy to be much more flexible. As-is, the current strategy leaves something to be desired I think

          Sam Gleske added a comment - Hey Chris, I'll review your PR and, if there's no issues, I'll merge it. This issue is meant to track completely rewriting all permissions for GitHub committer authorization strategy. I'd like users to be able to better define how they want permissions to behave (similar to the matrix authorization). I envision a strategy which allows you to choose what permissions you want each user to have whether they're: Organization owners Repository Admins Write access to repositories Read access to repositories A repository contributor And more generically permissions for: Anonymous users Authenticated users I would like each of these categories to be evaluated on a per-repository basis and allow users to define how permissions should look for each of those types of users defined. This is just a high level and not really well defined other than this comment. But I would like permissions for the GitHub committer authorization strategy to be much more flexible. As-is, the current strategy leaves something to be desired I think

          amy bachir added a comment -

          I'm having the same issue with repository permissions not working. What is the status on the PR mentioned above? Has it been merged? Is there a plan to implement this improvement? 

          amy bachir added a comment - I'm having the same issue with repository permissions not working. What is the status on the PR mentioned above? Has it been merged? Is there a plan to implement this improvement? 

          Mark Waite added a comment - - edited

          amybachir according to https://github.com/jenkinsci/github-oauth-plugin/commit/7a4539f8c6f245b83c78b61acb3c94bfe43652b5, the pull request has been merged and released in github oauth plugin releases 0.31, 0.32, and 0.33.

          Mark Waite added a comment - - edited amybachir according to https://github.com/jenkinsci/github-oauth-plugin/commit/7a4539f8c6f245b83c78b61acb3c94bfe43652b5 , the pull request has been merged and released in github oauth plugin releases 0.31, 0.32, and 0.33.

          amy bachir added a comment -

          Thanks markewaite! I looked at the PR and read through the code a little because the improvement in that PR did not work for me as expected. All GitHub organization members are able to view, build and cancel all jobs created for all repos. The only thing that seems to be working correctly is the "view configurations"  tab in a jenkins jobcorresponding to a certain repo where a collaborator (read, write or admin) on one repo can only "view configurations" on that repo and they are not able to perform this function on a repo that they are not collaborators on but unfortunately all org members can view and build all jobs regardless of the repos permissions. I wonder if I configured the plugin incorrectly. I attached a screenshot of my configurations for your reference 

          amy bachir added a comment - Thanks markewaite ! I looked at the PR and read through the code a little because the improvement in that PR did not work for me as expected. All GitHub organization members are able to view, build and cancel all jobs created for all repos. The only thing that seems to be working correctly is the "view configurations"  tab in a jenkins jobcorresponding to a certain repo where a collaborator (read, write or admin) on one repo can only "view configurations" on that repo and they are not able to perform this function on a repo that they are not collaborators on but unfortunately all org members can view and build all jobs regardless of the repos permissions. I wonder if I configured the plugin incorrectly. I attached a screenshot of my configurations for your reference 

            sag47 Sam Gleske
            lucasocio Leandro Lucarella
            Votes:
            7 Vote for this issue
            Watchers:
            13 Start watching this issue

              Created:
              Updated: