Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-29346

Input approval should only be granted to users with job build permission

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      When there is no submitters specified on the workflow input step, anyone that can access the workflow build page can approve the input, only the read permission is required for this.

        Attachments

          Issue Links

            Activity

            Hide
            jglick Jesse Glick added a comment -

            Not exactly a duplicate, but an implementation of JENKINS-27134 would cover it, so marking it that way.

            Show
            jglick Jesse Glick added a comment - Not exactly a duplicate, but an implementation of JENKINS-27134 would cover it, so marking it that way.
            Hide
            jglick Jesse Glick added a comment -

            Not really; the default permission should be better.

            Show
            jglick Jesse Glick added a comment - Not really; the default permission should be better.
            Hide
            jglick Jesse Glick added a comment -

            Moving from JENKINS-27134:

            even admin permissions aren't enough to grant approval for an input step (even though you can rewrite the job totally with those permissions)

            In some sense the flip side of this: while the permission check when there is no submitter should be limited to those with BUILD, if you have CONFIGURE you should arguably be permitted to approve despite being omitted from submitter. Of course you could also just cancel the current build and adjust the job definition to allow people like yourself to approve for the future, so I am not convinced it is a good idea to allow non-submitter submissions.

            Show
            jglick Jesse Glick added a comment - Moving from  JENKINS-27134 : even admin permissions aren't enough to grant approval for an input step (even though you can rewrite the job totally with those permissions) In some sense the flip side of this: while the permission check when there is no submitter should be limited to those with BUILD , if you have CONFIGURE you should arguably be permitted to approve despite being omitted from submitter . Of course you could also just cancel the current build and adjust the job definition to allow people like yourself to approve for the future, so I am not convinced it is a good idea to allow non- submitter submissions.
            Hide
            abayer Andrew Bayer added a comment -

            This was actually fixed in SECURITY-576.

            Show
            abayer Andrew Bayer added a comment - This was actually fixed in SECURITY-576.

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              alecharp Adrien Lecharpentier
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: