Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-41573

Git Creation needs to better handle users with restricted credential permissions


    • Icon: Bug Bug
    • Resolution: Duplicate
    • Icon: Critical Critical
    • blueocean-plugin
    • None
    • 1.0

      I discovered some bugs in the Git Creation flow for users with restricted permissions:

      1. If the user lacks the "Credentials -> Create" permission, and then fills out a new permission,
        the browser will receive a 404 error when POSTing to the credentials API. We probably need to hide the "New Credential" section for users lacking this permission.
      2. If the user lacks the "Credentials -> View" permission, the API call to return the existing credentials will always return an empty array. We probably need to hide the "Existing Credentials" section in this case.
      3. If the user lacks both permissions, it would appear they are unable to use the API. We should probably restrict access to it entirely, similar to JENKINS-41434.

            cliffmeyers Cliff Meyers
            cliffmeyers Cliff Meyers
            0 Vote for this issue
            2 Start watching this issue