-
New Feature
-
Resolution: Fixed
-
Major
-
None
- Separate the authorization configuration from the project configuration. This allows Jenkins to decide the authorization of builds during configuring projects.
- When a plugin lists up credentials,
public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Job project) { Authentication auth = Tasks.getAuthenticationOf(project); return new StandardUsernameListBoxModel() .includeEmptyValue() .includeAs(auth, project, StandardUsernameCredentials.class); }
- Even if the authorization is changed after the project configuration is saved, it doesn't cause a security issue as the access to the credential is blocked at build time.
Issues:
- How to control permissions to configure jobs
- You don't want to allow other users configure jobs when you use "Run as Specific User".
- Should the configuration file be separated from config.xml?
- is related to
-
JENKINS-31870 Unable to use LDAP user credentials in build configuration
-
- Closed
-
-
JENKINS-13190 Add ACLPermissionOverride Extension Point to grant additional permissions to an ACL regardless of the AuthorizationStrategy being used
-
- Open
-
-
-
- Closed
-
-
-
- Closed
-
[JENKINS-35081] Separate authorization configuration page
ikedam
added a comment - I believe I can bind a custom configuration file to a job with TransientActionFactory.
ikedam
added a comment - I believe I can bind a custom configuration file to a job with TransientActionFactory . Here is the interim hack to make this safe on older Jenkins instances:
Ok if you have a JobProperty that is @Extension(ordinal=Double.MAX_VALUE) then https://github.com/jenkinsci/jenkins/blob/jenkins-1.609/core/src/main/java/hudson/model/Job.java#L1193 should call https://github.com/jenkinsci/jenkins/blob/jenkins-1.609/core/src/main/java/hudson/model/ReconfigurableDescribable.java#L82 for that JobProperty if not first then at least very very early on in config submit.
If you have the reconfigure method throw an authorization exception then that should prevent the job from being reconfigured.
Here is the long term solution:
Add a decorator interface like ReconfigurableDescribable that allows decorating the ACL, then in Job.getACL() iterate the list of job properties (in reverse order) for instances that implement that interface and then apply the decoration. (we want to iterate in reverse order so that the highest @Extension(ordinal) wins
Hope that helps and avoids that AuthorizationStrategy hack you were thinking of.
For the hack you can have a AdministrativeMonitor check if the JobProperty is first and alert with the name of the plugin that won out if it isn't first saying something like "You are running Jenkins < 2.7 and the FooManchu plugin has declared a Job property of type FooManchuJobProperty with a higher priority than the AuthorizeProject plugin's job configuration protection. A user may be able to alter the configuration of the FooManchuJobProperty in cases where they should not. Please alert the maintainer of the FooManchu plugin. [DISMISS]"
ikedam
added a comment - > Improve Jenkins, and add a mechanism to override ACLs by plugins.
I'm trying this way in JENKINS-13190 and https://github.com/jenkinsci/jenkins/pull/2481.
ikedam
added a comment - > Improve Jenkins, and add a mechanism to override ACLs by plugins.
I'm trying this way in JENKINS-13190 and https://github.com/jenkinsci/jenkins/pull/2481 . ikedam
added a comment - As stephenconnolly pointed in https://github.com/jenkinsci/jenkins/pull/2481#issuecomment-235748828 , it's not a required feature to restrict permissions to configure jobs depending on the configuration of authorize-project.
Instead, users can use the authorization strategy that can configure per-job permissions like ProjectMatrixAuthorizationStrategy or role-based-strategy plugin and restrict permissions by themselves.
Authorize-project can display warnings if one tries to configure an authorization that isn't match with permissions of the job.
ikedam
added a comment - As stephenconnolly pointed in https://github.com/jenkinsci/jenkins/pull/2481#issuecomment-235748828 , it's not a required feature to restrict permissions to configure jobs depending on the configuration of authorize-project.
Instead, users can use the authorization strategy that can configure per-job permissions like ProjectMatrixAuthorizationStrategy or role-based-strategy plugin and restrict permissions by themselves.
Authorize-project can display warnings if one tries to configure an authorization that isn't match with permissions of the job. ikedam
added a comment - - Is it still useful to provide an option to restrict permissions depending on authorize-project configurations?
- Especially when Jenkins is not configured with an authorization strategy providing per-job permissions.
- But it might mean administrators expect not to set per-job permissions.
- Especially when Jenkins is not configured with an authorization strategy providing per-job permissions.
- When restricted the permission, what happens if configured a user without CONFIGURE permission? It results no one can configure the job any longer.
- Administrators should still configure the job.
- How to display warnings?
- I have to display warnings only after authentication succeeds. This means it requres an intermediate page to display warnings.
- How to hold the user inputs in the intermediate page?
- I have to display warnings only after authentication succeeds. This means it requres an intermediate page to display warnings.
Anyway, these all issues are for SpecificUsersAuthorizationStrategy.
I believe it's fundamentally unstable unsecure, and alternative feature is expected in future.
ikedam
added a comment -
Is it still useful to provide an option to restrict permissions depending on authorize-project configurations?
Especially when Jenkins is not configured with an authorization strategy providing per-job permissions.
But it might mean administrators expect not to set per-job permissions.
When restricted the permission, what happens if configured a user without CONFIGURE permission? It results no one can configure the job any longer.
Administrators should still configure the job.
How to display warnings?
I have to display warnings only after authentication succeeds. This means it requres an intermediate page to display warnings.
How to hold the user inputs in the intermediate page?
Anyway, these all issues are for SpecificUsersAuthorizationStrategy .
I believe it's fundamentally unstable unsecure, and alternative feature is expected in future.
ikedam
added a comment - > Authorize-project can display warnings if one tries to configure an authorization that isn't match with permissions of the job.
I can never do this!
ACL only allows test a permission for an authorization,
and doesn't provide an interface to get authorizations that have a permission.
ikedam
added a comment - > Authorize-project can display warnings if one tries to configure an authorization that isn't match with permissions of the job.
I can never do this!
ACL only allows test a permission for an authorization,
and doesn't provide an interface to get authorizations that have a permission. >> > Authorize-project can display warnings if one tries to configure an authorization that isn't match with permissions of the job.
> I can never do this!
But if one is trying to configure an authorization, ipso facto one has the authorization to try with... thus one can test the ACL with the supplied authorization and provide the warning or reject the change
ikedam
added a comment - > But if one is trying to configure an authorization, ipso facto one has the authorization to try with... thus one can test the ACL with the supplied authorization and provide the warning or reject the change
I can't get your point.
I might have failed to describe what I want.
Let's consider a case there're users A and B.
When user A is configure a job built as user A,
I want to display a warning to user A if user B can configure the job.
ikedam
added a comment - > But if one is trying to configure an authorization, ipso facto one has the authorization to try with... thus one can test the ACL with the supplied authorization and provide the warning or reject the change
I can't get your point.
I might have failed to describe what I want.
Let's consider a case there're users A and B.
When user A is configure a job built as user A,
I want to display a warning to user A if user B can configure the job. ikedam
added a comment - I considered this issue again, and I still believe I require one of following feature.
1. Forbid configuration by a non-admin user who isn't configured with authorize-project.
2. Display a warning message if a non-admin user who isn't configured with authorize-project can configure the job.
3. Disable authorize-project for a job if that job is configured by another user.
4. Remove SpecificUsersAuthorizationStrategy and SystemAuthorizationStrategy and introduce alternate ones.
The approach with ReconfigurableDescribable might work, but I don't like it as:
- It requires to define needless JobProperty.
- It is really implementation-dependent. It reminds me
JENKINS-28298, a security issue caused by the change of exception handling in Jenkins core. - It doesn't look to work with REST and CLI.
I know these issues are also applicable to current implementations of SpecificUsersAuthorizationStrategy and SystemAuthorizationStrategy, and, therefore, I want to resolve these issues on this occasion.
"Users should configure appropriate permissions when they use authorize-project"
might be correct, but unfortunately, I don't trust that users can set up appropriate security configurations without helps, and I believe I have to provide a explicit mechanism to protect securities (at least, displaying warnings).
ikedam
added a comment - I considered this issue again, and I still believe I require one of following feature.
1. Forbid configuration by a non-admin user who isn't configured with authorize-project.
2. Display a warning message if a non-admin user who isn't configured with authorize-project can configure the job.
3. Disable authorize-project for a job if that job is configured by another user.
4. Remove SpecificUsersAuthorizationStrategy and SystemAuthorizationStrategy and introduce alternate ones.
The approach with ReconfigurableDescribable might work, but I don't like it as:
It requires to define needless JobProperty.
It is really implementation-dependent. It reminds me JENKINS-28298 , a security issue caused by the change of exception handling in Jenkins core.
It doesn't look to work with REST and CLI.
I know these issues are also applicable to current implementations of SpecificUsersAuthorizationStrategy and SystemAuthorizationStrategy, and, therefore, I want to resolve these issues on this occasion.
"Users should configure appropriate permissions when they use authorize-project"
might be correct, but unfortunately, I don't trust that users can set up appropriate security configurations without helps, and I believe I have to provide a explicit mechanism to protect securities (at least, displaying warnings). ikedam
added a comment - It's really strange that authorize-project is the ONLY implementation of QueueItemAuthenticator, isn't it?
Is there another implementaion in Jenkins Enterprise?
ikedam
added a comment - It's really strange that authorize-project is the ONLY implementation of QueueItemAuthenticator, isn't it?
Is there another implementaion in Jenkins Enterprise? ikedam
added a comment - > 3. Disable authorize-project for a job if that job is configured by another user.
This might be achieved with ItemListener#onUpdated or SaveableListener#onChange. They should be triggered even via REST or CLI.
ikedam
added a comment - > 3. Disable authorize-project for a job if that job is configured by another user.
This might be achieved with ItemListener#onUpdated or SaveableListener#onChange. They should be triggered even via REST or CLI. ikedam
added a comment - I'm rethinking whether I really need this feature.
And I think it's time to rethink the feature of `QueueItemAuthenticator` itself.
Questions in my mind
- Why using `Authentication`?
- It means using users avaiable in `SecurityRealm`s
- It might make sense to introduce to authorize-project a new feature to define `Authentication` outside `SecurityRealm`s.
- Administrators using external user directories for `SecurityRealm` can have difficulties administering authorizations for builds as authorizations for builds should be often considered like artificial persons in law.
- It means using users avaiable in `SecurityRealm`s
- "Run as SYSTEM" is useless for plugins take care of `QueueItemAuthenticaror`
- Plugins never know they are running as SYSTEM whether for it is configured explicily or it is not configured at all (
JENKINS-37047)
- Plugins never know they are running as SYSTEM whether for it is configured explicily or it is not configured at all (
- Why use build authorization during configuration?
- Why not only display items accessible by the configuring use.
- I suppose this means that Iassume build authorizarions are used as setuid in UNIX systems.
- Generally speaking, setuid is considered a bad manner, isn't it?
- It can be used in that way, but should I support those usages positively?
ikedam
added a comment - I'm rethinking whether I really need this feature.
And I think it's time to rethink the feature of `QueueItemAuthenticator` itself.
Questions in my mind
Why using `Authentication`?
It means using users avaiable in `SecurityRealm`s
It might make sense to introduce to authorize-project a new feature to define `Authentication` outside `SecurityRealm`s.
Administrators using external user directories for `SecurityRealm` can have difficulties administering authorizations for builds as authorizations for builds should be often considered like artificial persons in law.
"Run as SYSTEM" is useless for plugins take care of `QueueItemAuthenticaror`
Plugins never know they are running as SYSTEM whether for it is configured explicily or it is not configured at all ( JENKINS-37047 )
Why use build authorization during configuration?
Why not only display items accessible by the configuring use.
I suppose this means that Iassume build authorizarions are used as setuid in UNIX systems.
Generally speaking, setuid is considered a bad manner, isn't it?
It can be used in that way, but should I support those usages positively?
ikedam
added a comment - I found I mixed up several different problems and tried to resolve them at all.
(I made those problems clear in JENKINS-38217)
I now believe those problems can be resolved one-by-one.
And it also told me that I no longer need to splitting configuration files:
- It relates not to the original purpose of separating the configuration page but rather to
JENKINS-38219(Restrict Job.CONFIGURE permissions by plugins). - It doesn't work as expected until I resolve
JENKINS-38219. And once after I resolveJENKINS-38219, I no longer need to split configuration files for security purposes.
ikedam
added a comment - I found I mixed up several different problems and tried to resolve them at all.
(I made those problems clear in JENKINS-38217 )
I now believe those problems can be resolved one-by-one.
And it also told me that I no longer need to splitting configuration files:
It relates not to the original purpose of separating the configuration page but rather to JENKINS-38219 (Restrict Job.CONFIGURE permissions by plugins).
It doesn't work as expected until I resolve JENKINS-38219 . And once after I resolve JENKINS-38219 , I no longer need to split configuration files for security purposes.
Code changed in jenkins
User: Stephen Connolly
Path:
pom.xml
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty.java
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/ConfigurationPermissionEnforcer.java
src/main/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SystemAuthorizationStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/TriggeringUsersAuthorizationStrategy.java
src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/AuthorizationAction/index.jelly
src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/authorize.jelly
src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/config.jelly
http://jenkins-ci.org/commit/authorize-project-plugin/79d7bd575740aea53c0dae1f636451a08a3cac66
Log:
JENKINS-35081 Split the configuration of authentication into a separate screen
- I still have some tests to fix up before this change is ready
Code changed in jenkins
User: Stephen Connolly
Path:
src/main/java/org/jenkinsci/plugins/authorizeproject/ConfigurationPermissionEnforcer.java
http://jenkins-ci.org/commit/authorize-project-plugin/1505f29d1c7ac6fe12918886fd2cd7cd4aa5988c
Log:
JENKINS-35081 Adding some javadocs
Code changed in jenkins
User: Stephen Connolly
Path:
src/main/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationPermissionEnforcer/config.jelly
http://jenkins-ci.org/commit/authorize-project-plugin/41a3f88b44e7afd861139107de7e2275a1401f9b
Log:
JENKINS-35081 Oops without this file the veto does not work
Code changed in jenkins
User: Stephen Connolly
Path:
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java
http://jenkins-ci.org/commit/authorize-project-plugin/4ebd13f03eccb0f82702e0bff4a7e13be4ff290a
Log:
JENKINS-35081 Need a @DataBoundConstructor
Code changed in jenkins
User: Stephen Connolly
Path:
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.java
src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages.properties
http://jenkins-ci.org/commit/authorize-project-plugin/d5caebdabb4d004379a9163ade3dc65ae22b6f55
Log:
JENKINS-35081 Give a more meaningful error message
Code changed in jenkins
User: Stephen Connolly
Path:
src/test/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticatorTest.java
http://jenkins-ci.org/commit/authorize-project-plugin/9431366571343f6b965b125366e533cc32ef4ce1
Log:
JENKINS-35081 Fixed these tests
Code changed in jenkins
User: Stephen Connolly
Path:
src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/AuthorizationAction/index.jelly
http://jenkins-ci.org/commit/authorize-project-plugin/d2926ccd24c4c704950366a2fce3e5801c2828ed
Log:
JENKINS-35081 Oops checking the wrong permission on this
Code changed in jenkins
User: Stephen Connolly
Path:
src/test/java/org/jenkinsci/plugins/authorizeproject/strategy/SystemAuthorizationStrategyTest.java
http://jenkins-ci.org/commit/authorize-project-plugin/c303dbdec32a2070544d992b20df67b6958f28a4
Log:
JENKINS-35081 More tests fixed
Code changed in jenkins
User: Stephen Connolly
Path:
src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/AuthorizationAction/action.jelly
http://jenkins-ci.org/commit/authorize-project-plugin/052ea591b278614ff6ee616671186acd24e1becd
Log:
JENKINS-35081 Hide the action from users that do not have the required permissions
Code changed in jenkins
User: Stephen Connolly
Path:
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java
src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy/config.jelly
src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy/help-noNeedReauthentication.html
src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy/help-noNeedReauthentication_ja.html
src/test/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategyTest.java
http://jenkins-ci.org/commit/authorize-project-plugin/5e13d24962ebcc8dfc2067e159777ce0a75a32e0
Log:
JENKINS-35081 The reconfiguration stuff no longer makes sense with screen separation
Code changed in jenkins
User: Stephen Connolly
Path:
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty.java
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategyDescriptor.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SystemAuthorizationStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/TriggeringUsersAuthorizationStrategy.java
http://jenkins-ci.org/commit/authorize-project-plugin/5664d9f32e56a96e5c7ffb3a11756ee6c32b6765
Log:
JENKINS-35081 Move the permission check to the constructor/readResolve
Code changed in jenkins
User: Stephen Connolly
Path:
src/test/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticatorTest.java
src/test/java/org/jenkinsci/plugins/authorizeproject/strategy/SystemAuthorizationStrategyTest.java
http://jenkins-ci.org/commit/authorize-project-plugin/498735c78f97843521be7e507642f61d472edb48
Log:
JENKINS-35081 Fix tests
Code changed in jenkins
User: Stephen Connolly
Path:
src/test/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticatorTest.java
http://jenkins-ci.org/commit/authorize-project-plugin/dba0d59890693da379a6338248b7ce44b20ebe97
Log:
JENKINS-35081 Fix failing test
- The test case was failing for a now invalid condition as the stronger validation fo Guice will ensure that any
AuthorizationProjectStrategy that uses a Descriptor which is not extending AuthorizationProjectStrategyDescriptor
will not be instantiated. For this reason I removed the parts of the test that are now invalid
Code changed in jenkins
User: Stephen Connolly
Path:
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty.java
http://jenkins-ci.org/commit/authorize-project-plugin/7a04dbe7a2158b873e450b01e3f03ea715d82247
Log:
JENKINS-35081 Remove redundant null check
- Thanks findbugs for finding that one
Code changed in jenkins
User: ikedam
Path:
pom.xml
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty.java
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategyDescriptor.java
src/main/java/org/jenkinsci/plugins/authorizeproject/ConfigurationPermissionEnforcer.java
src/main/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SystemAuthorizationStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/TriggeringUsersAuthorizationStrategy.java
src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/AuthorizationAction/action.jelly
src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/AuthorizationAction/index.jelly
src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/authorize.jelly
src/main/resources/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty/config.jelly
src/main/resources/org/jenkinsci/plugins/authorizeproject/ConfigurationPermissionEnforcer/config.jelly
src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages.properties
src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy/config.jelly
src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy/help-noNeedReauthentication.html
src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy/help-noNeedReauthentication_ja.html
src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/SystemAuthorizationStrategy/global-security.jelly
src/test/java/org/jenkinsci/plugins/authorizeproject/GlobalQueueItemAuthenticatorTest.java
src/test/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticatorTest.java
src/test/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategyTest.java
src/test/java/org/jenkinsci/plugins/authorizeproject/strategy/SystemAuthorizationStrategyTest.java
http://jenkins-ci.org/commit/authorize-project-plugin/4b8379e73e3e1eb2359636500c5be3d642bdd965
Log:
Merge pull request #26 from stephenc/jenkins-35081
JENKINS-35081 Split the configuration of authentication into a separate screen
Compare: https://github.com/jenkinsci/authorize-project-plugin/compare/25b5015c42a1...4b8379e73e3e
ikedam
added a comment - Preparing additional changes to release:
https://github.com/jenkinsci/authorize-project-plugin/pull/27
ikedam
added a comment - Preparing additional changes to release:
https://github.com/jenkinsci/authorize-project-plugin/pull/27 Code changed in jenkins
User: ikedam
Path:
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty.java
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategyDescriptor.java
src/main/java/org/jenkinsci/plugins/authorizeproject/ConfigurationPermissionEnforcer.java
src/main/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SystemAuthorizationStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/TriggeringUsersAuthorizationStrategy.java
src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages.properties
src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages_ja.properties
src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/Messages.properties
src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/Messages_ja.properties
src/test/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategyTest.java
http://jenkins-ci.org/commit/authorize-project-plugin/c0aae28565e5e5e7b96c127c5399aa2b8d6b746c
Log:
JENKINS-35081 Additonal changes for #26
- Users with ADMINISTER permission can always change configurations.
- Rename `hasConfigurePermission` to `hasJobConfigurePermission` and introduce `hasAuthorizeConfigurePermission`.
- Unify `readResolve` into `AuthorizeProjectStrategy`.
Code changed in jenkins
User: ikedam
Path:
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator.java
http://jenkins-ci.org/commit/authorize-project-plugin/6c1e7421fe9c874194daa093d17414f8e8b867e9
Log:
JENKINS-35081 Make `readResolve` `protected`
Code changed in jenkins
User: ikedam
Path:
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/ConfigurationPermissionEnforcer.java
src/test/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategyTest.java
http://jenkins-ci.org/commit/authorize-project-plugin/c7c59a201cf57e6d9d3c99ab542ab24b3944cb93
Log:
JENKINS-35081 Use AccessControlled for findAncestorObject. Allows bypassing permission checks only to system administrators.
Code changed in jenkins
User: ikedam
Path:
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectProperty.java
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/AuthorizeProjectStrategyDescriptor.java
src/main/java/org/jenkinsci/plugins/authorizeproject/ConfigurationPermissionEnforcer.java
src/main/java/org/jenkinsci/plugins/authorizeproject/ProjectQueueItemAuthenticator.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SystemAuthorizationStrategy.java
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/TriggeringUsersAuthorizationStrategy.java
src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages.properties
src/main/resources/org/jenkinsci/plugins/authorizeproject/Messages_ja.properties
src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/Messages.properties
src/main/resources/org/jenkinsci/plugins/authorizeproject/strategy/Messages_ja.properties
src/test/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategyTest.java
http://jenkins-ci.org/commit/authorize-project-plugin/627d9cbd8583c41476944d4d49498678266bf895
Log:
Merge pull request #27 from ikedam/feature/JENKINS-35081_AdditionalChange
JENKINS-35081 Additonal changes for #26
Compare: https://github.com/jenkinsci/authorize-project-plugin/compare/4b8379e73e3e...627d9cbd8583
Code changed in jenkins
User: ikedam
Path:
src/main/java/org/jenkinsci/plugins/authorizeproject/strategy/SpecificUsersAuthorizationStrategy.java
http://jenkins-ci.org/commit/authorize-project-plugin/ac37f3fcff7a354e17996422dd33e7fc0cdcd3aa
Log:
JENKINS-35081 Fixed the reverted logic of doCheckPasswordRequested.
ikedam
added a comment - stephenconnolly
Really sorry for having you wait for long time.
I released this change as authorize-project-1.3.0. It will be available in the update center in a day.
ikedam
added a comment - stephenconnolly
Really sorry for having you wait for long time.
I released this change as authorize-project-1.3.0. It will be available in the update center in a day. 
> How to control permissions to configure jobs
Unfortunately, Jenkins doesn't provide a machanism to override ACLs of items.
Only AuthorizationStrategy decides ACLs
Possible solutions.