• Type: Bug
• Resolution: Unresolved
• Priority: Minor
• Component/s: cloudbees-folder-plugin
• Labels:

  None
• Environment:

  Vanilla installation of Jenkins 1.651.1 (LTS) on Linux with up to date plugins (folder plugin at 5.9)

1. 

   New Item [Jenkins] - Google Chrome_2016-05-02_17-09-30.png

   13 kB

   2016-05-02 21:10

[JENKINS-34546] Access Denied missing Job/Create Permission on New Item within Folder

Benjamin Heiskell created issue - 2016-05-02 21:23

Benjamin Heiskell made changes - 2016-05-02 21:23

Description

Original: When ACLs are enabled, users with full privileges on a folder receiving _Access Denied_ when trying to create a _New Item_ within a folder. It only occurs during the AJAX validation of _Item Name_. It does not prevent clicking OK and actually creating the new item. It appears the regression was introduced in 5.6. I think it is related to the changes to use the standard new page in this pull request: https://github.com/jenkinsci/cloudbees-folder-plugin/pull/48 Reproducer: * Install Jenkins 1.651.1 (LTS) * Install folder plugin (5.9) * In "Configure Global Security"   * Enable "Jenkin's own user database with sign up" in "Configure Global Security"   * Save * Create a user account (bheiskell) and log in * In "Configure Global Security"   * Enable "Project-based Matrix Authorization Strategy"   * Add created user account (bheiskell) with full permissions   * Check Overall read permission for Anonymous * Create new folder (Folder)   * Enable project-based security   * Add user account (jsmith) to folder with full privileges * Logout and create a new account (jsmith) * Click New Item within the folder   * Type anything in the "Item Name" field

New: When ACLs are enabled, users with full privileges on a folder receiving _Access Denied_ when trying to create a _New Item_ within a folder. It only occurs during the AJAX validation of _Item Name_. It does not prevent clicking OK and actually creating the new item. It appears the regression was introduced in 5.6. I think it is related to the changes to use the standard new page in this pull request: https://github.com/jenkinsci/cloudbees-folder-plugin/pull/48 Reproducer: * Install Jenkins 1.651.1 (LTS) * Install folder plugin (5.9) * In "Configure Global Security"    * Enable "Jenkin's own user database with sign up" in "Configure Global Security"    * Save * Create a user account (bheiskell) and log in * In "Configure Global Security"    * Enable "Project-based Matrix Authorization Strategy"    * Add created user account (bheiskell) with full permissions    * Check Overall read permission for Anonymous * Create new folder (Folder)    * Enable project-based security    * Add user account (jsmith) to folder with full privileges * Logout and create a new account (jsmith) * Click New Item within the folder    * Type anything in the "Item Name" field

Benjamin Heiskell made changes - 2016-05-02 21:25

Description

Original: When ACLs are enabled, users with full privileges on a folder receiving _Access Denied_ when trying to create a _New Item_ within a folder. It only occurs during the AJAX validation of _Item Name_. It does not prevent clicking OK and actually creating the new item. It appears the regression was introduced in 5.6. I think it is related to the changes to use the standard new page in this pull request: https://github.com/jenkinsci/cloudbees-folder-plugin/pull/48 Reproducer: * Install Jenkins 1.651.1 (LTS) * Install folder plugin (5.9) * In "Configure Global Security"    * Enable "Jenkin's own user database with sign up" in "Configure Global Security"    * Save * Create a user account (bheiskell) and log in * In "Configure Global Security"    * Enable "Project-based Matrix Authorization Strategy"    * Add created user account (bheiskell) with full permissions    * Check Overall read permission for Anonymous * Create new folder (Folder)    * Enable project-based security    * Add user account (jsmith) to folder with full privileges * Logout and create a new account (jsmith) * Click New Item within the folder    * Type anything in the "Item Name" field

New: When ACLs are enabled, users with full privileges on a folder receiving _Access Denied_ when trying to create a _New Item_ within a folder. It only occurs during the AJAX validation of _Item Name_. It does not prevent clicking OK and actually creating the new item. It appears the regression was introduced in 5.6. I think it is related to the changes to use the standard new page in this pull request: https://github.com/jenkinsci/cloudbees-folder-plugin/pull/48 Reproducer: * Install Jenkins 1.651.1 (LTS) * Install folder plugin (5.9) * In "Configure Global Security" ** Enable "Jenkin's own user database with sign up" in "Configure Global Security" ** Save * Create a user account (bheiskell) and log in * In "Configure Global Security" ** Enable "Project-based Matrix Authorization Strategy" ** Add created user account (bheiskell) with full permissions ** Check Overall read permission for Anonymous * Create new folder (Folder) ** Enable project-based security ** Add user account (jsmith) to folder with full privileges * Logout and create a new account (jsmith) * Click New Item within the folder ** Type anything in the "Item Name" field

Jesse Glick made changes - 2016-06-24 10:58

Resolution		New: Won't Fix [ 2 ]
Status	Original: Open [ 1 ]	New: Resolved [ 5 ]

R. Tyler Croy made changes - 2016-07-25 23:57

Workflow

Original: JNJira [ 170692 ]

New: JNJira + In-Review [ 198923 ]

Ian Williams made changes - 2016-09-20 08:58

Resolution	Original: Won't Fix [ 2 ]
Status	Original: Resolved [ 5 ]	New: Reopened [ 4 ]