[JENKINS-36240] Default repository permission are not considered

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: github-branch-source-plugin
Labels:
- cloudbees-internal-pipeline
- scm-api-tidy

Similar Issues:
Powered by SuggestiMate

Show

If the permissions of an user are granted on organization membership rather than team membership. The PR from the user aren't considered trusted. But are considered if the user push directly to the repository.

is blocked by

JENKINS-43426 Refactor UX for GitHub and Bitbucket branch sources

Closed

is duplicated by

JENKINS-45359 Collaborator with write access is said to not be trusted in the first PR when the project doesn't have a Jenkinsfile yet

Resolved

JENKINS-40705 Multibranch Pipeline fails to index GitHub repos using GitHub readonly credentials

Closed

JENKINS-37931 PR build can use PR's head/merge Jenkinsfile insted of master branch.

Resolved

is related to

JENKINS-37608 Configurability of GitHub Branch Source to use Scan User with only Read permission

Resolved

links to

CloudBees Internal CD-154

current poor implementation

github-api PR 358

PR 96

mentioned in: Page Loading...

(4 links to, 1 mentioned in)

Emilio Escobar created issue - 2016-06-27 10:25

Jesse Glick made changes - 2016-07-08 03:55

Remote Link

New: This issue links to "current poor implementation (Web Link)" [ 14597 ]

R. Tyler Croy made changes - 2016-07-25 23:52

Workflow

Original: JNJira [ 172934 ]

New: JNJira + In-Review [ 184836 ]

Jesse Glick made changes - 2016-08-24 21:34

Link

New: This issue is related to ~~JENKINS-37608~~ [ ~~JENKINS-37608~~ ]

Jesse Glick made changes - 2016-09-19 14:02

Assignee

Original: Jesse Glick [ jglick ]

Jesse Glick added a comment - 2016-12-16 19:30

Good news: there is a new experimental endpoint which should give us exactly what we need.

Jesse Glick added a comment - 2016-12-16 19:30 Good news: there is a new experimental endpoint which should give us exactly what we need.

Jesse Glick added a comment - 2016-12-16 19:50 - edited

In my experiments, it does work, with one caveat: if the scan token does not have administrative permission on the repository, the result is a 404. Which means that ~~JENKINS-37608~~ is not satisfiable without loss of functionality.

Jesse Glick added a comment - 2016-12-16 19:50 - edited In my experiments, it does work, with one caveat: if the scan token does not have administrative permission on the repository, the result is a 404. Which means that JENKINS-37608 is not satisfiable without loss of functionality.

Jesse Glick added a comment - 2016-12-16 20:17

A 403 is also possible in certain cases.

Jesse Glick added a comment - 2016-12-16 20:17 A 403 is also possible in certain cases.

Jesse Glick made changes - 2016-12-16 21:10

Assignee

New: Jesse Glick [ jglick ]

Jesse Glick made changes - 2016-12-16 21:10

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

Assignee:: Stephen Connolly

Reporter:: Emilio Escobar

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2016-06-27 10:25

Updated:: 2017-12-05 08:32

Resolved:: 2017-07-20 08:56

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Jesse Glick added a comment - 2016-12-16 19:30

Expand comment: Jesse Glick added a comment - 2016-12-16 19:30

Collapse comment: Jesse Glick added a comment - 2016-12-16 19:50, Edited by Jesse Glick - 2016-12-16 19:51

Expand comment: Jesse Glick added a comment - 2016-12-16 19:50, Edited by Jesse Glick - 2016-12-16 19:51

Collapse comment: Jesse Glick added a comment - 2016-12-16 20:17

Expand comment: Jesse Glick added a comment - 2016-12-16 20:17

People

Dates