-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
Vanilla installation of Jenkins 1.651.1 (LTS) on Linux with up to date plugins (folder plugin at 5.9)
When ACLs are enabled, users with full privileges on a folder receiving Access Denied when trying to create a New Item within a folder. It only occurs during the AJAX validation of Item Name. It does not prevent clicking OK and actually creating the new item.
It appears the regression was introduced in 5.6. I think it is related to the changes to use the standard new page in this pull request: https://github.com/jenkinsci/cloudbees-folder-plugin/pull/48
Reproducer:
- Install Jenkins 1.651.1 (LTS)
- Install folder plugin (5.9)
- In "Configure Global Security"
- Enable "Jenkin's own user database with sign up" in "Configure Global Security"
- Save
- Create a user account (bheiskell) and log in
- In "Configure Global Security"
- Enable "Project-based Matrix Authorization Strategy"
- Add created user account (bheiskell) with full permissions
- Check Overall read permission for Anonymous
- Create new folder (Folder)
- Enable project-based security
- Add user account (jsmith) to folder with full privileges
- Logout and create a new account (jsmith)
- Click New Item within the folder
- Type anything in the "Item Name" field
Same problem here : Jenkins 1.642.2 and Folder Plugin 5.9 (also in 5.7).
Problem is pretty annoying as users tend to provide a name before the actually make their choice on the kind of item.
This gives them the message before they actually see they can click OK, so they think they actually miss the necessary permissions.