Loading...

This issue is archived. You can view it, but you can't modify it. Learn more

XML

Word

Printable

I discovered some bugs in the Git Creation flow for users with restricted permissions:

If the user lacks the "Credentials -> Create" permission, and then fills out a new permission,
the browser will receive a 404 error when POSTing to the credentials API. We probably need to hide the "New Credential" section for users lacking this permission.
If the user lacks the "Credentials -> View" permission, the API call to return the existing credentials will always return an empty array. We probably need to hide the "Existing Credentials" section in this case.
If the user lacks both permissions, it would appear they are unable to use the API. We should probably restrict access to it entirely, similar to ~~JENKINS-41434~~.

duplicates

JENKINS-42120 Revisit Git repository creation flow credential setup

is blocked by

JENKINS-41941 Add credentials data to API for "permissions"

relates to

JENKINS-41373 Github SCM "creation" returns unhandled 403 exception when user lacks "create job" permission

JENKINS-41434 Restrict access to Creation Flow for users with insufficient permissions