-
Bug
-
Resolution: Fixed
-
Major
The fix for SECURITY-186 hides a lot of other tasks that should not be hidden... rather than testing for tasks that implement Item it should be checking against tasks that implement AccessControlled so that tasks can still remain visible
- links to
[JENKINS-31649] SECURITY-186 regression: non-item tasks hidden
| Status | Original: Open [ 1 ] | New: In Progress [ 3 ] |
| Labels | New: lts-candidate |
Code changed in jenkins
User: Stephen Connolly
Path:
core/src/main/java/hudson/model/Queue.java
http://jenkins-ci.org/commit/jenkins/cf1fdf98e435b4c7df54f1a8e958d185f1a0f3d2
Log:
[FIXED JENKINS-31649] Check should be against AccessControlled and Permission.READ
- The previous check was to narrow.
- We now check on AccessControlled (which is implemented by Item)
- We now also check on Permission.READ (which is the generic read permission)
This should allow subtasks who's task may not be an Item to at least implement AccessControlled to alow visibility.
There remains an open question as to whether tasks that are not AccessControlled should ever be visible in the UI
| Resolution | New: Fixed [ 1 ] | |
| Status | Original: In Progress [ 3 ] | New: Resolved [ 5 ] |
Code changed in jenkins
User: Stephen Connolly
Path:
core/src/main/java/hudson/model/Queue.java
http://jenkins-ci.org/commit/jenkins/46ef3a5776b9a60a1e5d364c29afda01fa09faed
Log:
Merge pull request #1919 from stephenc/jenkins-31649
[FIXED JENKINS-31649] Check should be against AccessControlled not Item
Compare: https://github.com/jenkinsci/jenkins/compare/23276180209b...46ef3a5776b9
| Labels | Original: lts-candidate | New: 1.625.3-rejected |
https://github.com/jenkinsci/jenkins/pull/1919