Restrict access to Creation Flow for users with insufficient permissions

XMLWordPrintable

    • Type: Task
    • Resolution: Fixed
    • Priority: Critical
    • Component/s: blueocean-plugin
    • None

      Users that lack the "create job" permission should not be able to access the Creation flow as they cannot actually complete it: it will fail with a 403 at the end.

      Scope

      1. Only show the "New Pipeline" button on Dashboard for users with "create job"
      2. If the user navigates directly to the "create-pipeline" URL, we should short-circuit the Creation flow for users lacking the "create job" permission
      3. Do the same short-circuit for "create-pipeline" if the user has not authenticated

      Notes

      1. Need to update core-js User to automatically expose data from the passed in "blueUser" otherwise we'll have to touch this time every time we want to expose new data.

            Assignee:
            Ivan Meredith
            Reporter:
            Cliff Meyers
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: