-
Bug
-
Resolution: Unresolved
-
Minor
-
None
-
Vanilla installation of Jenkins 1.651.1 (LTS) on Linux with up to date plugins (folder plugin at 5.9)
When ACLs are enabled, users with full privileges on a folder receiving Access Denied when trying to create a New Item within a folder. It only occurs during the AJAX validation of Item Name. It does not prevent clicking OK and actually creating the new item.
It appears the regression was introduced in 5.6. I think it is related to the changes to use the standard new page in this pull request: https://github.com/jenkinsci/cloudbees-folder-plugin/pull/48
Reproducer:
- Install Jenkins 1.651.1 (LTS)
- Install folder plugin (5.9)
- In "Configure Global Security"
- Enable "Jenkin's own user database with sign up" in "Configure Global Security"
- Save
- Create a user account (bheiskell) and log in
- In "Configure Global Security"
- Enable "Project-based Matrix Authorization Strategy"
- Add created user account (bheiskell) with full permissions
- Check Overall read permission for Anonymous
- Create new folder (Folder)
- Enable project-based security
- Add user account (jsmith) to folder with full privileges
- Logout and create a new account (jsmith)
- Click New Item within the folder
- Type anything in the "Item Name" field
![New Item [Jenkins] - Google Chrome_2016-05-02_17-09-30.png](/secure/attachment/32582/New%20Item%20%5BJenkins%5D%20-%20Google%20Chrome_2016-05-02_17-09-30.png)
