Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-36240

Default repository permission are not considered

    XMLWordPrintable

Details

    Description

      If the permissions of an user are granted on organization membership rather than team membership. The PR from the user aren't considered trusted. But are considered if the user push directly to the repository.

      Attachments

        Issue Links

          Activity

            escoem Emilio Escobar created issue -
            jglick Jesse Glick made changes -
            Field Original Value New Value
            Remote Link This issue links to "current poor implementation (Web Link)" [ 14597 ]
            rtyler R. Tyler Croy made changes -
            Workflow JNJira [ 172934 ] JNJira + In-Review [ 184836 ]
            jglick Jesse Glick made changes -
            Link This issue is related to JENKINS-37608 [ JENKINS-37608 ]
            jglick Jesse Glick made changes -
            Assignee Jesse Glick [ jglick ]
            jglick Jesse Glick made changes -
            Assignee Jesse Glick [ jglick ]
            jglick Jesse Glick made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "PR 96 (Web Link)" [ 15139 ]
            jglick Jesse Glick made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            recampbell Ryan Campbell made changes -
            Link This issue is duplicated by JENKINS-40705 [ JENKINS-40705 ]
            patthiel Patrick Thiel made changes -
            Comment [ Using a multibranch pipeline project with the latest SCM API 2.0 release, we have also noticed PR's from contributors getting flagged as untrusted sources.. Despite the PR author having admin privileges as a contributor and is the member of a Github team that also has Write permissions for the repository.

            To test this..
            # Submit a PR with changes to a project's Jenkinsfile (add an echo or something)
            # Open up a PR and scan the repository.
            # Observe, In the scan log, your PR will look something like the following:

            {code}
                Checking pull request #1817
                (not from a trusted source)
                Job name: PR-1817
                  ‘Jenkinsfile’ found
                Met criteria
            {code}

            Since it's not a trusted source, when building this pull request, Jenkins will revert to using the Jenkinsfile on the base branch.. The log in the Jenkins PR job will look like this:

            {code}
            Loading trusted files from base branch dev at {commit} rather than {commit}
            {code}

            Seems related to this issue. I can file another defect for this, but I wanted to check in here first. ]
            jglick Jesse Glick made changes -
            Link This issue is duplicated by JENKINS-37931 [ JENKINS-37931 ]
            jglick Jesse Glick made changes -
            Status In Review [ 10005 ] In Progress [ 3 ]
            stephenconnolly Stephen Connolly made changes -
            Labels scm-api-tidy-scrub
            stephenconnolly Stephen Connolly made changes -
            Labels scm-api-tidy-scrub scm-api-tidy
            stephenconnolly Stephen Connolly made changes -
            Link This issue is blocked by JENKINS-43426 [ JENKINS-43426 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "github-api PR 358 (Web Link)" [ 17116 ]
            jamesdumay James Dumay made changes -
            Labels scm-api-tidy cloudbees-internal-pipeline scm-api-tidy
            michaelneale Michael Neale made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            michaelneale Michael Neale made changes -
            Assignee Jesse Glick [ jglick ] Andrew Bayer [ abayer ]
            stephenconnolly Stephen Connolly made changes -
            Resolution Fixed [ 1 ]
            Status In Review [ 10005 ] Resolved [ 5 ]
            stephenconnolly Stephen Connolly made changes -
            Assignee Andrew Bayer [ abayer ] Stephen Connolly [ stephenconnolly ]
            stephenconnolly Stephen Connolly made changes -
            Remote Link This issue links to "Page (Jenkins Wiki)" [ 17306 ]
            stephenconnolly Stephen Connolly made changes -
            Link This issue is duplicated by JENKINS-45359 [ JENKINS-45359 ]
            stephenconnolly Stephen Connolly made changes -
            Status Resolved [ 5 ] Closed [ 6 ]
            cloudbees CloudBees Inc. made changes -
            Remote Link This issue links to "CloudBees Internal CD-154 (Web Link)" [ 19074 ]

            People

              stephenconnolly Stephen Connolly
              escoem Emilio Escobar
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: